Use PowerShell to request a public certificate from AWS Certificate Manager
In this blog, I will demonstrate how to use PowerShell to request a public certificate from AWS Certificate Manager, utilizing DNS validation for verification. Additionally, I will show how to request multiple certificates within the same profile and region, as well as how to request certificates from a list saved in a CSV file.
Yo may be interested in reading List all AWS Certificate Manager certificates.
Explore my other articles about AWS services and Microsoft Azure services.
Introduction
In List all AWS Certificate Manager certificates, I demonstrated how to list all existing ACM certificates. You can use either ACM console or AWS CLI to request a public ACM certificate.
I needed to create multiple public certificates with DNS validation in multiple profiles and regions. To achieve this, I utilized PowerShell and “AWS Tools for PowerShell – AWS Certificate Manager”.
Note:
- After you create a certificate with email validation, you cannot switch to validating it with DNS. To use DNS validation, delete the certificate and then create a new one that uses DNS validation.
- Amazon Certificate Manager (ACM) certificate validation requests are valid for 72 hours after they are made. If the certificate is not validated within this period, the request becomes invalid, and a new certificate must be requested.
Prerequisites
To run the scripts provided in this blog, you need to:
- Install and configure AWS Tools for PowerShell.
- Log in to all necessary AWS accounts and profiles.
- Configure your IAM permissions to allow required access to AWS Certificate Manager (ACM) certificates.
PowerShell Cmdlets
Here are the PowerShell cmdlets we will use.
- Get-ACMCertificateDetail Returns detailed metadata about the specified ACM certificate.
- New-ACMCertificate Requests an ACM certificate for use with other Amazon Web Services services.
How to request a single public certificate
First, I will demonstrate how to create a single public certificate:
- Initialize Required Variables: Set up the necessary variables.
- Request Certificate: Use the
New-ACMCertificatecmdlet to request a new certificate based on the input variables. - Wait for Certificate Creation: Allow time for ACM to create the certificate.
- Monitor CNAME Information: Ensure that the CNAME information becomes available by using a “Do {} While” loop.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
$Profile = "QA" $Region = "us-east-1" $DomainName = "qa.saadkhamis.com" $KeyAlgorithm = "RSA_2048" $ValidationMethod = "DNS" $SleepFor = 5 # Request a new public certificate. Write-Host "`nRequesting a new certificate for ($DomainName)..." $NewACMCertificate = New-ACMCertificate ` -ProfileName $Profile ` -Region $Region ` -DomainName $DomainName ` -KeyAlgorithm $KeyAlgorithm ` -ValidationMethod $ValidationMethod Write-Host "Waiting for new certificate CNAME information to become available..." Do { Start-Sleep -Seconds $SleepFor $ACMCertificateDetail = Get-ACMCertificateDetail ` -ProfileName $Profile ` -Region $Region ` -CertificateArn $NewACMCertificate } While ($ACMCertificateDetail.DomainValidationOptions.ResourceRecord -eq $null) Write-Host "CNAME information:" $ACMCertificateDetail.DomainValidationOptions.ResourceRecord | Format-List <# Requesting a new certificate for (qa.saadkhamis.com)... Waiting for new certificate CNAME information to become available... CNAME information: Name : _8x38n98r720nu3w0e3uijaqzy9vcrijx.qa.saadkhamis.com. Type : CNAME Value : _z1chqnuzmewhun68cavf8f0h27efej63.CXtnxHqYTU.acm-validations.aws. #> |
How to request multiple public certificates in the same profile and region
Second, I will demonstrate how to create multiple public certificates using domain names stored in a variable. I will follow the steps outlined in the previous section, but within a ForEach loop.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
$Profile = "QA" $Region = "us-east-1" $DomainNames = "qa4.saadkhamis.com,qa5.saadkhamis.com" $KeyAlgorithm = "RSA_2048" $ValidationMethod = "DNS" $OutputFileName = "C:\Temp\AWS_NewCertificates.csv" $SleepFor = 5 # Initialize output $Output = @() ForEach ($DomainName in $DomainNames.Split(",")) { # Request a new public certificate. Write-Host "`nRequesting a new certificate for ($DomainName)..." $NewACMCertificate = New-ACMCertificate ` -ProfileName $Profile ` -Region $Region ` -DomainName $DomainName ` -KeyAlgorithm $KeyAlgorithm ` -ValidationMethod $ValidationMethod Write-Host "`tWaiting for new certificate CNAME information to become available..." Do { Start-Sleep -Seconds $SleepFor $ACMCertificateDetail = Get-ACMCertificateDetail ` -ProfileName $Profile ` -Region $Region ` -CertificateArn $NewACMCertificate } While ($ACMCertificateDetail.DomainValidationOptions.ResourceRecord -eq $null) Write-Host "`tBuilding output..." $Output += $ACMCertificateDetail.DomainValidationOptions.ResourceRecord | ` Select @{N="Profile";E={$Profile}}, ` @{N="Region"; E={$Region}}, ` @{N="DomainName";E={$DomainName}}, ` @{N="New CertificateId";E={$NewACMCertificate}}, ` @{N="Name";E={$_.Name -replace ".$"}}, ` @{N="Value";E={$_.Value -replace ".$"}}, Type } Write-Host "`nExporting new certificates information..." $Output | Export-Csv -NoTypeInformation -Path $OutputFileName <# Requesting a new certificate for (qa4.saadkhamis.com)... Waiting for new certificate CNAME information to become available... Building output... Requesting a new certificate for (qa5.saadkhamis.com)... Waiting for new certificate CNAME information to become available... Building output... Exporting new certificates information... #> |
How to request multiple public certificates in multiple profiles and regions
Finally, I will use a CSV file to create multiple public certificates across various profiles and regions. The file should include, at a minimum, the profile name, region name, and domain name.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
$InputFile = "C:\Temp\AWS_CertificatesRequest.csv" $KeyAlgorithm = "RSA_2048" $ValidationMethod = "DNS" $OutputFileName = "C:\Temp\AWS_NewCertificates.csv" $SleepFor = 5 $CertRequests = Import-Csv -Path $InputFile # Initialize output $Output = @() ForEach ($Cert in $CertRequests) { Write-Host "`nRequesting certificate for: [$($Cert.Profile)][$($Cert.Region)][$($Cert.DomainName)]" $NewACMCertificate = New-ACMCertificate ` -ProfileName $Cert.Profile ` -Region $Cert.Region ` -DomainName $Cert.DomainName ` -KeyAlgorithm $KeyAlgorithm ` -ValidationMethod $ValidationMethod Write-Host "`tWaiting for new certificate CNAME information to become available..." Do { Start-Sleep -Seconds $SleepFor $ACMCertificateDetail = Get-ACMCertificateDetail ` -ProfileName $Cert.Profile ` -Region $Cert.Region ` -CertificateArn $NewACMCertificate } While ($ACMCertificateDetail.DomainValidationOptions.ResourceRecord -eq $null) Write-Host "`tBuilding output..." $Output += $ACMCertificateDetail.DomainValidationOptions.ResourceRecord | ` Select @{N="Profile";E={$Cert.Profile}}, ` @{N="Region"; E={$Cert.Region}}, ` @{N="DomainName";E={$Cert.DomainName}}, ` @{N="New CertificateId";E={$NewACMCertificate}}, ` @{N="Name";E={$_.Name -replace ".$"}}, ` @{N="Value";E={$_.Value -replace ".$"}}, Type } Write-Host "`nExporting new certificates information..." $Output | Export-Csv -NoTypeInformation -Path $OutputFileName <# Requesting certificate for: [Production][us-east-1][production.saadkhamis.com] Waiting for new certificate CNAME information to become available... Building output... Requesting certificate for: [QA][us-east-1][qa.saadkhamis.com] Waiting for new certificate CNAME information to become available... Building output... Exporting new certificates information... #> |
Conclusion
Congratulations on reaching the end of this blog! You’ve successfully navigated through some potentially challenging and lengthy code. Well done!
In this blog, I used PowerShell and AWS Tools for PowerShell to demonstrate how to request a public certificate from AWS Certificate Manager using PowerShell, utilizing DNS validation for verification. Additionally, I showed how to request multiple certificates within the same profile and region, as well as how to request certificates from a list saved in a CSV file.
Did you find this blog easy to follow and helpful? I would love to hear your feedback and suggestions, so please share them in the comments below.
Disclaimer
Purpose of the code contained in blog is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.
Comments
Related Posts
List all AWS Certificate Manager certificates
By 14112 views July 31, 2024
Get all AWS EBS snapshots across all profiles and regions
By 18470 views June 26, 2024
AWS IAM role is not listed in the IAM roles dropdown menu for EC2
By 18303 views June 25, 2024
Get all AWS Backup recovery points grouped by resource name across all profiles and regions
By 19743 views June 14, 2024
Get all AWS EC2 instances across all profiles and regions
By 33205 views November 27, 2023
There's no comments