英文:
How manage a AWS Private CA in AWS Certificate Manager
问题
我在我的AWS帐户中创建了一个根私有CA。
我想通过AWS证书管理器来管理它,以便具有生命周期规则和通知。
我在官方文档中找不到相关的解释。
我该如何做?
英文:
I created a Root Private CA in my AWS account.
I want to manage it through AWS Certificate Manager, in order to have Lifecycle rules with notifications.
I can't find relevant explanation in the official documentation.
How can I do that?
答案1
得分: 1
你可以使用 AWS 私有 CA IssueCertificate API 从你的私有 CA 创建证书。该 API 返回证书的 ARN,你可以使用它来通过调用 GetCertificate API 检索证书。
然而,你不能使用 ACM 来管理私有 CA 本身,它对你是隐藏的。你只能管理导入到 ACM 或由 ACM 颁发的证书。
要将证书导入到 ACM,你可以使用 ImportCertificate API 或 AWS 管理控制台。
> 为了具有带有通知的生命周期规则
ACM 导入的证书不支持生命周期规则。你可以使用 CloudWatch Events 监控 ACM 证书,但无法使用生命周期规则自动删除或续订证书。从 将证书导入到 AWS 证书管理器:
> 你需要负责监视你导入的证书的到期日期,并在它们到期之前进行续订。你可以通过使用 Amazon CloudWatch Events 来在导入的证书接近到期时发送通知来简化此任务。有关更多信息,请参阅使用 Amazon EventBridge。
英文:
You can use the AWS Private CA
IssueCertificate
API to create a certificate from your private CA. This API returns the ARN of
the certificate, which you can use to retrieve the certificate by calling the
GetCertificate
API.
However, you cannot use ACM to manage the private CA itself, it is hidden away
from you. You can only manage certificates that are imported into ACM or issued
by ACM.
To import a certificate into ACM, you can use the
ImportCertificate
API or the AWS Management Console.
> in order to have Lifecycle rules with notifications
ACM imported certificates do not support lifecycle rules. You can use CloudWatch Events to monitor
ACM certificates, but you cannot use lifecycle rules to automatically delete or
renew certificates. From Importing certificates into AWS Certificate
Manager:
> You are responsible for monitoring the expiration date of your imported
> certificates and for renewing them before they expire. You can simplify this
> task by using Amazon CloudWatch Events to send notices when your imported
> certificates approach expiration. For more information, see Using Amazon
> EventBridge.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论