![[PukiWiki]](image/owl.png "[PukiWiki]")
昔はIAMにSSL証明書をアップロードしていたが、今はACMを使う事が推奨されている。
SSL_CERT=example.com AWS_PROFILE=example AWS_REGION=ap-northeast-1 aws acm import-certificate \ --private-key fileb://${SSL_CERT}.key \ --certificate fileb://${SSL_CERT}.body.crt \ --certificate-chain fileb://${SSL_CERT}.chain.crt \ --region $AWS_REGION \ --profile $AWS_PROFILE { "CertificateArn": "arn:aws:acm:ap-northeast-1:1234567890:certificate/xxxx-xxxx-xxxx-xxxx-xxxx" }
ENDPOINT=www.example.com:443 DAYS=30 openssl s_client -showcerts -connect $ENDPOINT -servername $ENDPOINT < /dev/null 2>&1 | openssl x509 -checkend $(( 86400 * $DAYS )) -enddate notAfter=Nov 28 12:00:00 2018 GMT Certificate will not expire
aws acm request-certificate \ --domain-name "*.example.com" \ --subject-alternative-names example.com \ --domain-validation-options "DomainName=*.example.com,ValidationDomain=example.com" \ --profile example \ --region ap-northeast-1
