Automating export of a renewed certificate

When you use AWS Private CA to create a CA, you can import that CA into AWS Certificate Manager and let ACM manage certificate issuance and renewal. If a certificate being renewed is associated with an integrated service, the service seamlessly applies the new certificate. However, if the certificate was originally exported for use elsewhere in your PKI environment (for example, in an on-premises server or appliance), you need to export it again after renewal.

For a sample solution that automates the ACM export process using Amazon EventBridge and AWS Lambda, see Automating export of renewed certificates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Revoking a private certificate

Certificate templates