Imported Private Certificates cannot be linked to Api Gateway in AWS

1.7k views Asked by At

We are thinking of using our own Private Certificate Authority within AWS. Using the information provided here were able to create a private certificate and import it into ACM. However when we try to refer this private certificate when creating a Custom Domain in ApiGateway(via terraform) we get an error that the certificate does not exist. If we try to create the custom domain via the AWS console, the certificate doesnt show up at all.. Do certificates have any iam policy associated with them?

1

There are 1 answers

2
Marcin On BEST ANSWER

ACM's Private Certificate Authority is only for internal use within your company:

This service is for enterprise customers building a public key infrastructure (PKI) inside the AWS cloud and intended for private use within an organization

Certificates issued by a private CA are trusted only within your organization, not on the internet.

You can't use them on API Gateway. For that you require public certificates which you can get for free from ACM.

If your private certificate is managed by ACM, you should be able to use it on API gateway:

With ACM Private CA you can choose to delegate certificate management to ACM for certificates used with ACM-integrated services, such as Elastic Load Balancing and API Gateway.