I created a Public Certificate via AWS ACM. Is it possible to generate a Certificate Signing Request (CSR) file?
From the docs, it looks like we can only export for Private Certificates:
3) ACM Private CA gives you the flexibility to create your own private keys, generate a certificate signing request (CSR), issue private certificates from your ACM Private CA, and manage the keys and certificates yourself.
Why is this the case?
I tried using the CLI command get-certificate, however it doesn't return the CSR.
Thanks!
AWS ACM Public certificates can only be used by AWS services such as Load balancers, CloudFront, API gateway etc. You can't use them into your own servers. The private key is saved with AWS somewhere with KMS encryption and you can't get it.
You can't get CSR because AWS signs the certificate with itself, it . itself is a certificate authority, it asks you to validate the domain and show the ownership and once you do that, it signs the certificate and give it to use for use.