create_certificate_from_csr(**kwargs)¶Creates an X.509 certificate using the specified certificate signing request.
Note: The CSR must include a public key that is either an RSA key with a length of at least 2048 bits or an ECC key from NIST P-256, NIST P-384, or NIST P-512 curves. For supported certificates, consult Certificate signing algorithms supported by IoT.
Note: Reusing the same certificate signing request (CSR) results in a distinct certificate.
Requires permission to access the CreateCertificateFromCsr action.
You can create multiple certificates in a batch by creating a directory, copying multiple .csr files into that directory, and then specifying that directory on the command line. The following commands show how to create a batch of certificates given a batch of CSRs.
Assuming a set of CSRs are located inside of the directory my-csr-directory:
On Linux and OS X, the command is:
$ ls my-csr-directory/ | xargs -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}
This command lists all of the CSRs in my-csr-directory and pipes each CSR file name to the aws iot create-certificate-from-csr Amazon Web Services CLI command to create a certificate for the corresponding CSR.
The aws iot create-certificate-from-csr part of the command can also be run in parallel to speed up the certificate creation process:
$ ls my-csr-directory/ | xargs -P 10 -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}
On Windows PowerShell, the command to create certificates for all CSRs in my-csr-directory is:
> ls -Name my-csr-directory | %{aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/$_}
On a Windows command prompt, the command to create certificates for all CSRs in my-csr-directory is:
> forfiles /p my-csr-directory /c "cmd /c aws iot create-certificate-from-csr --certificate-signing-request file://@path"
See also: AWS API Documentation
Request Syntax
response = client.create_certificate_from_csr(
certificateSigningRequest='string',
setAsActive=True|False
)
[REQUIRED]
The certificate signing request (CSR).
dict
Response Syntax
{
'certificateArn': 'string',
'certificateId': 'string',
'certificatePem': 'string'
}
Response Structure
(dict) --
The output from the CreateCertificateFromCsr operation.
certificateArn (string) --
The Amazon Resource Name (ARN) of the certificate. You can use the ARN as a principal for policy operations.
certificateId (string) --
The ID of the certificate. Certificate management operations only take a certificateId.
certificatePem (string) --
The certificate data, in PEM format.
Exceptions
IoT.Client.exceptions.InvalidRequestExceptionIoT.Client.exceptions.ThrottlingExceptionIoT.Client.exceptions.UnauthorizedExceptionIoT.Client.exceptions.ServiceUnavailableExceptionIoT.Client.exceptions.InternalFailureException