AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)

Retrieve a Certificate Authority (CA) Certificate

You can use the standalone ACM PCA service to retrieve the certificate authority (CA) certificate for your private CA. Call the get-certificate-authority-certificate command. You can also use the GetCertificateAuthorityCertificate API. Use the --output text option to output the certificate without <CR><LF> pairs.

aws acm-pca get-certificate-authority-certificate \ --certificate-authority-arn arn:aws:acm-pca:region:account:\ certificate-authority/12345678-1234-1234-1234-123456789012 \ --output text

This command outputs the base64 encoded PEM format certificate and the certificate chain.

-----BEGIN CERTIFICATE----- ...Base64-encoded certificate... -----END CERTIFICATE---- -----BEGIN CERTIFICATE----- ...Base64-encoded certificate... -----END CERTIFICATE----