IoT / Client / create_certificate_from_csr

create_certificate_from_csr#

IoT.Client.create_certificate_from_csr(**kwargs)#

Creates an X.509 certificate using the specified certificate signing request.

Requires permission to access the CreateCertificateFromCsr action.

Note

The CSR must include a public key that is either an RSA key with a length of at least 2048 bits or an ECC key from NIST P-25 or NIST P-384 curves. For supported certificates, consult Certificate signing algorithms supported by IoT.

Note

Reusing the same certificate signing request (CSR) results in a distinct certificate.

You can create multiple certificates in a batch by creating a directory, copying multiple .csr files into that directory, and then specifying that directory on the command line. The following commands show how to create a batch of certificates given a batch of CSRs. In the following commands, we assume that a set of CSRs are located inside of the directory my-csr-directory:

On Linux and OS X, the command is:

$ ls my-csr-directory/ | xargs -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}

This command lists all of the CSRs in my-csr-directory and pipes each CSR file name to the aws iot create-certificate-from-csr Amazon Web Services CLI command to create a certificate for the corresponding CSR.

You can also run the aws iot create-certificate-from-csr part of the command in parallel to speed up the certificate creation process:

$ ls my-csr-directory/ | xargs -P 10 -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}

On Windows PowerShell, the command to create certificates for all CSRs in my-csr-directory is:

> ls -Name my-csr-directory | %{aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/$_}

On a Windows command prompt, the command to create certificates for all CSRs in my-csr-directory is:

> forfiles /p my-csr-directory /c "cmd /c aws iot create-certificate-from-csr --certificate-signing-request file://@path"

See also: AWS API Documentation

Request Syntax

response = client.create_certificate_from_csr(
    certificateSigningRequest='string',
    setAsActive=True|False
)
Parameters:
  • certificateSigningRequest (string) –

    [REQUIRED]

    The certificate signing request (CSR).

  • setAsActive (boolean) – Specifies whether the certificate is active.

Return type:

dict

Returns:

Response Syntax

{
    'certificateArn': 'string',
    'certificateId': 'string',
    'certificatePem': 'string'
}

Response Structure

  • (dict) –

    The output from the CreateCertificateFromCsr operation.

    • certificateArn (string) –

      The Amazon Resource Name (ARN) of the certificate. You can use the ARN as a principal for policy operations.

    • certificateId (string) –

      The ID of the certificate. Certificate management operations only take a certificateId.

    • certificatePem (string) –

      The certificate data, in PEM format.

Exceptions

  • IoT.Client.exceptions.InvalidRequestException

  • IoT.Client.exceptions.ThrottlingException

  • IoT.Client.exceptions.UnauthorizedException

  • IoT.Client.exceptions.ServiceUnavailableException

  • IoT.Client.exceptions.InternalFailureException