export_certificate

export_certificate(**kwargs)

Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the public key that is embedded in the certificate. For security, you must assign a passphrase for the private key when exporting it.

For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private Certificate.

See also: AWS API Documentation

Request Syntax

response = client.export_certificate(
    CertificateArn='string',
    Passphrase=b'bytes'
)
Parameters
  • CertificateArn (string) --

    [REQUIRED]

    An Amazon Resource Name (ARN) of the issued certificate. This must be of the form:

    arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
  • Passphrase (bytes) --

    [REQUIRED]

    Passphrase to associate with the encrypted exported private key.

    Note

    When creating your passphrase, you can use any ASCII character except #, $, or %.

    If you want to later decrypt the private key, you must have the passphrase. You can use the following OpenSSL command to decrypt a private key. After entering the command, you are prompted for the passphrase.

    openssl rsa -in encrypted_key.pem -out decrypted_key.pem
Return type

dict

Returns

Response Syntax

{
    'Certificate': 'string',
    'CertificateChain': 'string',
    'PrivateKey': 'string'
}

Response Structure

  • (dict) --

    • Certificate (string) --

      The base64 PEM-encoded certificate.

    • CertificateChain (string) --

      The base64 PEM-encoded certificate chain. This does not include the certificate that you are exporting.

    • PrivateKey (string) --

      The encrypted private key associated with the public key in the certificate. The key is output in PKCS #8 format and is base64 PEM-encoded.

Exceptions

  • ACM.Client.exceptions.ResourceNotFoundException
  • ACM.Client.exceptions.RequestInProgressException
  • ACM.Client.exceptions.InvalidArnException