Reimport a certificate
If you imported a certificate and associated it with other Amazon services, you can reimport that certificate before it expires while preserving the Amazon service associations of the original certificate. For more information about Amazon services integrated with ACM, see Services integrated with ACM.
The following conditions apply when you reimport a certificate:
-
You can add or remove domain names.
-
You cannot remove all of the domain names from a certificate.
-
If Key Usage extensions are present in the originally imported certificate, you can add new extension values, but you cannot remove existing values.
-
If Extended Key Usage extensions are present in the originally imported certificate, you can add new extension values, but you cannot remove existing values.
-
The key type and size cannot be changed.
-
You cannot apply resource tags when reimporting a certificate.
Reimport (console)
The following example shows how to reimport a certificate using the Amazon Web Services Management Console.
-
Open the ACM console at https://console.amazonaws.cn/acm/home
. -
Select or expand the certificate to reimport.
-
Open the details pane of the certificate and choose the Reimport certificate button. If you selected the certificate by checking the box beside its name, choose Reimport certificate on the Actions menu.
-
For Certificate body, paste the PEM-encoded end-entity certificate.
-
For Certificate private key, paste the unencrypted PEM-encoded private key associated with the certificate's public key.
-
(Optional) For Certificate chain, paste the PEM-encoded certificate chain. The certificate chain includes one or more certificates for all intermediate issuing certification authorities, and the root certificate. If the certificate to be imported is self-assigned, no certificate chain is necessary.
-
Review the information about your certificate. If there are no errors, choose Reimport.
Reimport (Amazon CLI)
The following example shows how to reimport a certificate using the Amazon Command Line Interface (Amazon CLI)
-
The PEM-encoded certificate is stored in a file named
Certificate.pem
. -
The PEM-encoded certificate chain is stored in a file named
CertificateChain.pem
. -
(Private certificates only) The PEM-encoded, unencrypted private key is stored in a file named
PrivateKey.pem
. -
You have the ARN of the certificate you want to reimport.
To use the following example, replace the file names and the ARN with your own and type the command on one continuous line. The following example includes line breaks and extra spaces to make it easier to read.
Note
To reimport a certificate, you must specify the certificate ARN.
$ aws acm import-certificate --certificate fileb://
Certificate.pem
\ --certificate-chain fileb://CertificateChain.pem
\ --private-key fileb://PrivateKey.pem
\ --certificate-arnarn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-12345678901
If the import-certificate
command is successful, it returns the Amazon Resource Name (ARN) of the
certificate.