ACM / Client / export_certificate
export_certificate#
- ACM.Client.export_certificate(**kwargs)#
Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the public key that is embedded in the certificate. For security, you must assign a passphrase for the private key when exporting it.
For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private Certificate.
See also: AWS API Documentation
Request Syntax
response = client.export_certificate( CertificateArn='string', Passphrase=b'bytes' )
- Parameters:
CertificateArn (string) –
[REQUIRED]
An Amazon Resource Name (ARN) of the issued certificate. This must be of the form:
arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
Passphrase (bytes) –
[REQUIRED]
Passphrase to associate with the encrypted exported private key.
Note
When creating your passphrase, you can use any ASCII character except #, $, or %.
If you want to later decrypt the private key, you must have the passphrase. You can use the following OpenSSL command to decrypt a private key. After entering the command, you are prompted for the passphrase.
openssl rsa -in encrypted_key.pem -out decrypted_key.pem
- Return type:
dict
- Returns:
Response Syntax
{ 'Certificate': 'string', 'CertificateChain': 'string', 'PrivateKey': 'string' }
Response Structure
(dict) –
Certificate (string) –
The base64 PEM-encoded certificate.
CertificateChain (string) –
The base64 PEM-encoded certificate chain. This does not include the certificate that you are exporting.
PrivateKey (string) –
The encrypted private key associated with the public key in the certificate. The key is output in PKCS #8 format and is base64 PEM-encoded.
Exceptions