ACM / Client / export_certificate

export_certificate#

ACM.Client.export_certificate(**kwargs)#

Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the public key that is embedded in the certificate. For security, you must assign a passphrase for the private key when exporting it.

For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private Certificate.

See also: AWS API Documentation

Request Syntax

response = client.export_certificate(
    CertificateArn='string',
    Passphrase=b'bytes'
)
Parameters:
  • CertificateArn (string) –

    [REQUIRED]

    An Amazon Resource Name (ARN) of the issued certificate. This must be of the form:

    arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012

  • Passphrase (bytes) –

    [REQUIRED]

    Passphrase to associate with the encrypted exported private key.

    Note

    When creating your passphrase, you can use any ASCII character except #, $, or %.

    If you want to later decrypt the private key, you must have the passphrase. You can use the following OpenSSL command to decrypt a private key. After entering the command, you are prompted for the passphrase.

    openssl rsa -in encrypted_key.pem -out decrypted_key.pem

Return type:

dict

Returns:

Response Syntax

{
    'Certificate': 'string',
    'CertificateChain': 'string',
    'PrivateKey': 'string'
}

Response Structure

  • (dict) –

    • Certificate (string) –

      The base64 PEM-encoded certificate.

    • CertificateChain (string) –

      The base64 PEM-encoded certificate chain. This does not include the certificate that you are exporting.

    • PrivateKey (string) –

      The encrypted private key associated with the public key in the certificate. The key is output in PKCS #8 format and is base64 PEM-encoded.

Exceptions