We are thinking of using our own Private Certificate Authority within AWS. Using the information provided here were able to create a private certificate and import it into ACM. However when we try to refer this private certificate when creating a Custom Domain in ApiGateway(via terraform) we get an error that the certificate does not exist. If we try to create the custom domain via the AWS console, the certificate doesnt show up at all.. Do certificates have any iam policy associated with them?
Asked
Active
Viewed 1,428 times
1 Answers
2
ACM's Private Certificate Authority is only for internal use within your company:
This service is for enterprise customers building a public key infrastructure (PKI) inside the AWS cloud and intended for private use within an organization
Certificates issued by a private CA are trusted only within your organization, not on the internet.
You can't use them on API Gateway. For that you require public certificates which you can get for free from ACM.
If your private certificate is managed by ACM, you should be able to use it on API gateway:
With ACM Private CA you can choose to delegate certificate management to ACM for certificates used with ACM-integrated services, such as Elastic Load Balancing and API Gateway.
Marcin
- 215,873
- 14
- 235
- 294
-
Thanks for responding. We're using this on a private rest api via a vpc endpoint. Can we use our own private ca within AWS or is that not allowed – Madhav Shenoy Oct 07 '20 at 05:19
-
1@MadhavShenoy I updated the answer. In short yes, it should be possible, on condition that your private CA is managed by ACM. – Marcin Oct 07 '20 at 05:28