To create the AWS ACM Certificate Authority CSR, do the following:
-
Navigate to console.aws.amazon.com and login with your credentials.
-
From within the AWS Console, select Services and then under Security, Identity, & Compliance, select Certificate Manager.
-
Click Get started.
-
Ensure that Subordinate CA is selected and then click Next.
-
Enter values for Organization (O), Organization Unit (OU), Country Name (C), State or province name, Locality name and Common Name (CN), and then click Next.
-
Ensure RSA 2048 is selected. If any other algorithm is selected (such as ECC), ensure the keys and certificate authority created earlier match.
-
If CRL is desired to be populated to an S3 bucket, select Enable CRL distribution and configure the S3 bucket name.
-
Confirm to their license agreement for the CA charges and then click Confirm and create.
-
On the success confirmation screen, click Get Started.
-
Export the CSR to a file using the blue link at the bottom of the page. This is the file that we bring over to EJBCA to be signed. Click Next.