Creating Private Root CA using AWS CLI (acm-pca)

Question

I have been trying to setup a private Root CA using the ACM-PCA CLI and I can't get it working.

After creating the certificate authority via

aws acm-pca create-certificate-authority --certificate-authority-configuration file://ca.txt --certificate-authority-type "ROOT" --idempotency-token 98256344

I keep getting stuck in the PENDING_CERTIFICATE state and I can't find a way for signing the CA CSR and installing the CA certificate using the CLI. The documentation only tells me how to do it using the Console. Does anyone have an idea what I could do?

Tobias

score 2 · Answer 1 · answered Mar 23 '20 at 22:23

Through trial and error I discovered that the description in the documentation is what is needed:

Get the CA's CSR
Issue a certificate using that CSR and the public template
Import the newly issued certificate

This gist shows example Go code: https://gist.github.com/ewbankkit/e2cc73d707318ae7cbba29b3cfe3fb4c.

Creating Private Root CA using AWS CLI (acm-pca)

1 Answers1