3

While certificate manager UI shows my imported certificated with status "issued" , when trying to use it from an ELB (application lb) I get: " no certificates available " (the POST request to the api returns with empty list)

Also when I run aws acm list-certificates --max-items 10 I don't get the imported certificate , only my second (Not imported) one

Any ideas what's wrong here? is there a setting on the imported certificate I should be configuring?

alonisser
  • 11,542
  • 21
  • 85
  • 139
  • It sounds like you imported them to ACM in one region, and the ELB and `aws acm` tool you are running are both in another region. – Mark B Jun 11 '18 at 18:33
  • @MarkB That was my first thought also. but no.. done in the same region, and in ACM UI both certificates are shown in the same region in the UI and were created/imported there also.. the only difference is the source, one imported, one created – alonisser Jun 11 '18 at 18:48

2 Answers2

5

I've got only half answer here: but turns out that since I imported a 4096 RSA key certificate, it's not supported for Application Load Balancer use from ACM, but it is support from the older IAM certificate storage. (AWS please get your act together)

Why this certificate does not appear on cli aws acm list-certificates but does respond to a named aws acm describe-certificate arn-here`` beats me.

alonisser
  • 11,542
  • 21
  • 85
  • 139
4

I know its late, but thought of sharing this update.

The default filtering of aws acm list-certificates returns only RSA_2048 certificates. If you want other certificates to be included as well, use the --include parameter and specify the the desired signature types in a comma-separated list keyTypes.

Example:

aws acm list-certificates --include keyTypes=RSA_2048,RSA_4096

This command will return both 2048 and 4096 RSA key certificate. You can refer the aws acm cli documentation here

Ankit Rao
  • 96
  • 6