Reputation: 59345
Way to use AWS Certificate Manager cert with API Gateway?
I need the Certificate name, Certificate body, Certificate private key and Certificate chain to use a domain name in the API Gateway.
I have the certificate for *.domainready.com in Amazon's Certificate Manager. And I'd like to use that cert info. I can't find any access to it from the dashboard interface. Is there any way to get the information regarding the cert out of AWS?
Upvotes: 9
Views: 10424
Answers (2)
Reputation: 13632
As of March 9th 2017 certificates created in the us-east-1 region are available to be used by API Gateway.
The AWS API Gateway is not a service integrated with the AWS Certificate Manager. This limits its use to those services (CloudFront and Elastic Load Balancing) only.
To install an SSL certificate on the API Gateway, you need the public certificate, the private key, and a root CA certificate chain. The ACM itself never lets you see the private key, as this is managed entirely within the service. This is the limiting factor: you cannot export the certificate in a useable format for later importing to another SSL endpoint e.g. API Gateway.
You will need to purchase an SSL Certificate from the major providers, use a free service (StartSSL), or a self-signed certificate - if you are testing.
With any of those certificates you can configure them in the API Gateway Create Custom Domain page.
Upvotes: 8
Reputation: 1
Certificate chain is intermediate certificates(中级证书)
For Certificate chain, type or paste the PEM-formatted intermediate certificates and, optionally, the root certificate, one after the other without any blank lines. If you include the root certificate, your certificate chain must start with intermediate certificates and end with the root certificate. Use the intermediate certificates provided by your certificate authority. Do not include any intermediaries that are not in the chain of trust path. The following shows an abbreviated example.
-----BEGIN CERTIFICATE-----
EXAMPLECA4ugAwIBAgIQWrYdrB5NogYUx1U9Pamy3DANBgkqhkiG9w0BAQUFADCB
...
8/ifBlIK3se2e4/hEfcEejX/arxbx1BJCHBvlEPNnsdw8EXAMPLE
-----END CERTIFICATE-----
Here is another example.
-----BEGIN CERTIFICATE-----
Intermediate certificate 2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate certificate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Optional: Root certificate
-----END CERTIFICATE-----
For more details check amazon developer guide
Upvotes: -1
Related Questions
- Unable to resolve "unable to get local issuer certificate" using git on Windows with self-signed certificate
- Getting json body in aws Lambda via API gateway
- How to pass a querystring or route parameter to AWS Lambda from Amazon API Gateway
- Cannot find ACM Certificate to a custom domain in AWS API Gateway
- How to add SSL certificate to AWS EC2 with the help of new AWS Certificate Manager service
- AWS api gateway will not allow custom domain name association to certificate
- Can I use AWS Certificate Manager certificates for API Gateway with Custom Domain Name
- How to associate a new TLS cert with an AWS API gateway domain name