3

Right now I have a server which should only be accessible by clients who have a particular valid certificate installed in their browser. This is called two-way SSL and it's a way to authenticate clients. I was wondering if it is possible to implement this in AWS Certificate Manager?

I'm asking this because when I do this manually, I have to generate client certificates on my machine individually using the CA's certificate and key. But when I use AWS Certificate Manager I don't think the key is accessible for me to generate the client certificates. Is that right? Does that mean that I can not use AWS Certificate Manager if I want to implement two-way SSL?

F_SO_K
  • 13,640
  • 5
  • 54
  • 83
Mehran
  • 15,593
  • 27
  • 122
  • 221
  • 1
    I have tried and failed to find a solution for this; ended up terminating SSL on EC2 instance. – Dusan Bajic Feb 21 '18 at 15:50
  • Well, the worst case scenario is that I'll implement the two-way SSL by generating self-signed certificates and introduce them in the server code. – Mehran Feb 21 '18 at 15:52

1 Answers1

1

Currently you cannot use AWS ACM issued certificates as client certificates since it only allows to associate with following AWS services.

  • AWS API Gateway
  • AWS CloudFront
  • AWS ELB/ALB
Ashan
  • 18,898
  • 4
  • 47
  • 67