ACM.Client.
export_certificate
(**kwargs)¶Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the public key that is embedded in the certificate. For security, you must assign a passphrase for the private key when exporting it.
For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private Certificate.
See also: AWS API Documentation
Request Syntax
response = client.export_certificate(
CertificateArn='string',
Passphrase=b'bytes'
)
[REQUIRED]
An Amazon Resource Name (ARN) of the issued certificate. This must be of the form:
arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
[REQUIRED]
Passphrase to associate with the encrypted exported private key.
Note
When creating your passphrase, you can use any ASCII character except #, $, or %.
If you want to later decrypt the private key, you must have the passphrase. You can use the following OpenSSL command to decrypt a private key. After entering the command, you are prompted for the passphrase.
openssl rsa -in encrypted_key.pem -out decrypted_key.pem
dict
Response Syntax
{
'Certificate': 'string',
'CertificateChain': 'string',
'PrivateKey': 'string'
}
Response Structure
(dict) --
Certificate (string) --
The base64 PEM-encoded certificate.
CertificateChain (string) --
The base64 PEM-encoded certificate chain. This does not include the certificate that you are exporting.
PrivateKey (string) --
The encrypted private key associated with the public key in the certificate. The key is output in PKCS #8 format and is base64 PEM-encoded.
Exceptions
ACM.Client.exceptions.ResourceNotFoundException
ACM.Client.exceptions.RequestInProgressException
ACM.Client.exceptions.InvalidArnException