In this lesson, Scott mentioned: upload the certificate to IAM. But, according to AWS, it’s a best practice that you upload SSL certificates to ACM. If you’re using certificate algorithms and key sizes that aren’t currently supported by ACM or the associated AWS resources, then you can also upload an SSL certificate to IAM using AWS Command Line Interface (AWS CLI). So, I understand, by default, we should use ACM and not IAM for importing those certificates.
(…)
With that being said, I would like to know if there are any differences or caveats to using the (same) certificate on Elastic Load Balancer to provide HTTPS, for instance. Any difference between using the (imported) certificate on CloudFront vs. ELB?
Thanks,
2 Answers
Hi Franca,
I don’t believe I specifically say IAM is the ONLY place to import certificates. In Chapter 4.7, I cover ACM and that we can import certs there.
With regard to your quesiton, you might try over at the AWS Support forums for more responses but as you’re citing an AWS knowledgebase answer, I’m sure you’ve read this one too that kind of answers some of your question:
https://aws.amazon.com/premiumsupport/knowledge-center/elb-ssl-tls-certificate-https/
–Scott
Hey Fran,
Indeed, by default AWS will recommend you to use ACM to upload your certificates, as it is integrated with most of the services around and will be the Certificate Store accessed by default. Anyhow, for ALBs, you might find that there are certain types of certificate that needs to be uploaded directly into IAM as they are not supported in ACM. Then, you will be forced to upload them there.
I am leaving a snippet of code here that I’ve used to import the certificates to IAM [as I’ve faced this same issue for one customer], and might be useful for someone looking for an answer on this topic:
aws iam upload-server-certificate –server-certificate-name ExampleCertificate –certificate-body file://certificate.crt –certificate-chain file://certificate.cpem –private-key file://certificate.key
Hope I was of some help.
Cheers!
J.-