Replace broken aws-cli commands with a Python script
This commit is contained in:
parent
76a077ba3e
commit
681e15deeb
1 changed files with 34 additions and 13 deletions
|
@ -163,24 +163,45 @@ certreq -submit -attrib "CertificateTemplate:SubCA" intermediate.csr intermediat
|
||||||
|
|
||||||
**AWS Certificate Manager Private CA**
|
**AWS Certificate Manager Private CA**
|
||||||
|
|
||||||
Use [issue-certificate](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaIssueCert.html) to process the CSR:
|
Here's a Python script that uses [issue-certificate](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaIssueCert.html) to process the CSR:
|
||||||
|
|
||||||
```bash
|
```python
|
||||||
aws acm-pca issue-certificate \
|
import boto3
|
||||||
--certificate-authority-arn "[AWS_PRIVATE_CA_ARN]" \
|
import sys
|
||||||
--csr intermediate.csr \
|
|
||||||
--template-arn "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1" \
|
AWS_CA_ARN = '[YOUR_PRIVATE_CA_ARN]'
|
||||||
--signing-algorithm "SHA256WITHRSA" \
|
|
||||||
--validity Value=3650,Type="DAYS"
|
csr = ''.join(sys.stdin.readlines())
|
||||||
|
|
||||||
|
client = boto3.client('acm-pca')
|
||||||
|
response = client.issue_certificate(
|
||||||
|
CertificateAuthorityArn=AWS_CA_ARN,
|
||||||
|
Csr=csr,
|
||||||
|
SigningAlgorithm='SHA256WITHRSA',
|
||||||
|
TemplateArn='arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1',
|
||||||
|
Validity={
|
||||||
|
'Value': 5,
|
||||||
|
'Type': 'YEARS'
|
||||||
|
}
|
||||||
|
)
|
||||||
|
print(f"Creating certificate with ARN {response['CertificateArn']}...", file=sys.stderr, end='')
|
||||||
|
waiter = client.get_waiter('certificate_issued')
|
||||||
|
waiter.wait(
|
||||||
|
CertificateAuthorityArn=AWS_CA_ARN,
|
||||||
|
CertificateArn=response['CertificateArn']
|
||||||
|
)
|
||||||
|
print('done.', file=sys.stderr)
|
||||||
|
response = client.get_certificate(
|
||||||
|
CertificateArn=response['CertificateArn'],
|
||||||
|
CertificateAuthorityArn=AWS_CA_ARN
|
||||||
|
)
|
||||||
|
print(response['Certificate'])
|
||||||
```
|
```
|
||||||
|
|
||||||
This command will return the ARN of the certificate created. Now use [get-certificate](https://docs.aws.amazon.com/cli/latest/reference/acm-pca/get-certificate.html) to fetch the intermediate certificate:
|
To run it, fill in the ARN of your CA and run:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
aws acm-pca get-certificate \
|
python issue_certificate.py < intermediate.csr > intermediate.crt
|
||||||
--certificate-authority-arn "[AWS_PRIVATE_CA_ARN]" \
|
|
||||||
--certificate-arn "[CERTIFICATE_ARN]" \
|
|
||||||
--output text > intermediate.crt
|
|
||||||
```
|
```
|
||||||
|
|
||||||
**OpenSSL**
|
**OpenSSL**
|
||||||
|
|
Loading…
Reference in a new issue