I have my CA certificate and leaf certificate which was signed by CA. Leaf is used for communication. I would like to sign it via aws private CA using NET, but I can't figured out witch class I have to use.
I have the function RequestSign which takes certificate for signing. _arn is imported via constructor class and _client AmazonACMPCAClient as well.
public async Task RequestSign(X509Certificate2 certificate)
{
var request = new ImportCertificateAuthorityCertificateRequest()
{
CertificateAuthorityArn = _arn,
Certificate = new MemoryStream(Encoding.ASCII.GetBytes(certificate.ExportCertificatePem())),
};
var response = await _client.ImportCertificateAuthorityCertificateAsync(request);
Console.WriteLine(response.HttpStatusCode);
}
When I try to execute this function I get "The basic constraints extension must specify that the certificate is for a CA." exception.
Official documentation says Imports a signed private CA certificate into Amazon Web Services Private CA. This action is used when you are using a chain of trust whose root is located outside Amazon Web Services Private CA. Before you can call this action, the following preparations must in place: