AWS Certificate Manager(ACM) is Amazon provided cloud-based Certificate repository and management service. It helps you integrate Certificates to different AWS services including ELB/ALB, RDS etc. Refer AWS Documentation to learn more about this service.
AWS ACM allows you to import PEM-encoded single or chain Certificate. So, if you have a PFX Certificate, first you need to convert it to a PEM file.
To learn more about perquisites to import and manage Certificate follow this AWS document. I recently had to deal with importing PFX formatted Certificate to ACM. I am going to list down steps that I followed to successfully import the Certificate.
To import the PFX certificate, we first need to convert it to a PEM-encoded Certificate. I am running this process from a Windows system and used OpenSSL to perform this conversion. If you are on a Linux system, you might already have OpenSSL installed on it.
1. Download and install OpenSSL for Windows from this link.
2. Now, we will use OpenSSL binary to generate PEM File, Private Key from the PFX File. These will be required while importing to ACM.
3. Extract Private Key from the PFX File using following command. If your Certificate is secured with a password, you will need to enter those while prompted. openssl pkcs12 -in cert-filename.pfx -nocerts -out privatekey.pem
4. Extract Certificate to a PEM file from the PFX file using following command. openssl pkcs12 -in cert-filename.pfx -clcerts -nokeys -out cert-filename.pem
5. Finally, if the Certificate is password protected, run following command to remove password from the Private Key. openssl rsa -in privatekey.pem -out withoutpw-privatekey.pem
6. Once we have the .PEM file for Certificates and Private Key ready, we will login to AWS Console for ACM – https://console.aws.amazon.com/acm/home
7. Click on Import a Certificate button on the console.
8. In the next screen, we need to enter Private Key and Certificate data we gathered in previous step.
9. For Certificate body, paste the PEM encoded certificate to import. If you are following this document from beginning, if you have converted the file using first method, identify the relevant certificate that you want to import. For second method, it is inside cert-filename.pem file. Make sure to include —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines along with certificate body.
10. For Certificate private key, paste the PEM encoded private key. If you are following this document from beginning, if you have converted the file using first method, identify the private key section in the .pem file. For second method, it is inside withoutpw-privatekey.pem file. Make sure to include —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– lines along with private key body.
11. This step is optional. If you have a chain certificate. Copy each certificate part of the Chain Certificate and paste those in the Certificate Chain option.
12. Click on Next. Enter Tags to identify the imported Certificate.
13. Click on Review and Import.
14. Review all information and click on Import.
Once you complete above steps, your imported Certificate should be visible in the AWS Certificate Manager console.
That’s it. Hope this blog post will be helpful to you. Let me know if you have any suggestion or concern.