AWS Certificate Manager
User Guide (Version 1.0)

Exporting a Certificate

The following example shows how to use the ExportCertificate function. The function exports a private certificate issued by a private certificate authority (CA). It also exports the certificate chain and private key. In the example, the passphrase for the key is stored in a local file.

package com.amazonaws.samples; import com.amazonaws.AmazonClientException; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.regions.Regions; import; import; import; import; import; import; import; import; import; import; import java.nio.ByteBuffer; import java.nio.channels.FileChannel; public class ExportCertificate { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file in Windows // or the ~/.aws/credentials in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider().getCredentials(); } catch (Exception ex) { throw new AmazonClientException("Cannot load your credentials from file.", ex); } // Create a client. AWSCertificateManager client = AWSCertificateManagerClientBuilder.standard() .withRegion(Regions.your_region) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Initialize a file descriptor for the passphrase file. RandomAccessFile file_passphrase = null; // Initialize a buffer for the passphrase. ByteBuffer buf_passphrase = null; // Create a file stream for reading the private key passphrase. try { file_passphrase = new RandomAccessFile("C:\\Temp\\password.txt", "r"); } catch (IllegalArgumentException ex) { throw ex; } catch (SecurityException ex) { throw ex; } catch (FileNotFoundException ex) { throw ex; } // Create a channel to map the file. FileChannel channel_passphrase = file_passphrase.getChannel(); // Map the file to the buffer. try { buf_passphrase =, 0, channel_passphrase.size()); // Clean up after the file is mapped. channel_passphrase.close(); file_passphrase.close(); } catch (IOException ex) { throw ex; } // Create a request object. ExportCertificateRequest req = new ExportCertificateRequest(); // Set the certificate ARN. req.withCertificateArn("arn:aws:acm:region:account:" +"certificate/M12345678-1234-1234-1234-123456789012"); // Set the passphrase. req.withPassphrase(buf_passphrase); // Export the certificate. ExportCertificateResult result = null; try { result = client.exportCertificate(req); } catch(InvalidArnException ex) { throw ex; } catch (InvalidTagException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } // Clear the buffer. buf_passphrase.clear(); // Display the certificate and certificate chain. String certificate = result.getCertificate(); System.out.println(certificate); String certificate_chain = result.getCertificateChain(); System.out.println(certificate_chain); // This example retrieves but does not display the private key. String private_key = result.getPrivateKey(); } }