How to reference AWS ACM Certificate when using AWS API to get certificate [duplicate]

Question

I am using AWS and I have used ACM to generate a certificate. (This process is different than I am used to where I generate a certificate signing request and give it to a signing authority.) I requested a certificate:

Now I am trying to install it using the instructions from AWS:

aws iam get-server-certificate --server-certificate-name <<ExampleCertificate>>

Only, when I replace <<ExampleCertificate>> with the name of my certificate, I am not sure what I am supposed to replace it with. Notice that in the picture above, the Name column for my AWS certificate is blank. (Note: I made sure to give the IAM user that is configured with API IAMFullAccess temporarily to do this so there aren't permission issues.) If I try to use the domain name xxxxx.com as the name, I am told this message:

A client error (NoSuchEntity) occurred when calling the GetServerCertificate operation: 
The Server Certificate with name xxxxxxxx.com cannot be found.

This happens when I use the identifier and the ARN also.

My end goal is to have a signed SSL certificate on NGINX to serve the web content of my EC2 instance.

A: Is this the right track? (Are these the right preliminary steps?)

B: If so, what do I use to reference the certificate? Or do I use a different API?

Answer 1

You have to use AWS ACM API (IAM certificate and ACM certificate are different). Equivalent API is GetCertificate in ACM

aws acm get-certificate --certificate-arn arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

Now, I think you are trying to get the certificate and the chain to use it on your instance, but Amazon issued certificate cannot be used with EC2 instances as you can't get the private key. You have to use the certificate with ELB.

If you want to install SSL certificate in your instance, you can get certificate from other CA or can use Let's Encrypt certificate (which is free as well).