This document provides information on how to manage Amazon ACM requests.
Get AWS access key ID and secret
- In your AWS account menu, locate the Security Credentials item.
- Locate the Access keys section, and select Create access key.
- Go to Retrieve access keys to copy the necessary data.
Configure account in Segura
- In Segura, access the menu Certificate Manager > Certificates Cloud > Account.
- Click the (⁝) icon and select New.
- Fill in the fields with the following information. Fields with an asterisk (*) are mandatory information:
- Name: user account identifier.
- Enabled: Yes is selected by default.
- Set the access data: select the field to enter the data below.
- AWS access key ID: user application ID.
- AWS secret access key: user application secret.
- Save.
Create Amazon ACM requests
Info
It requires a private certification authority (CA) to create requests. At the moment, Segura only works with private CAs.
- In your AWS account, type Certificate Manager in the search field and click on the first service that appears.
- On the next screen, find and select Create a private CA.
- Fill in the configuration fields according to the company's needs.
- The CA will be created and made available by AWS.
- Under Actions, click Install CA certificate to enable.
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Certificate Manager > Requests > SSL/TLS for Cloud.
- In the top right corner, click Add.
- In the Amazon Account * field, select the account created in Configure account in Segura.
- In the Region * field,
- In the CA * field,
- In the Domain name * field,
- In the Additional names table, click + Add to enter additional domain names.
- In the Tags table, click + Add to enter tags to help identify the request.
- Click Save.
Sign requests
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Certificate Manager > Requests > SSL/TLS for Cloud.
- In the desired request, click Actions > Request signature.
- In the Justification field, enter a justification for signing the request.
- In the Reason * field, select a reason for signing the request.
- In the Governance Code field, enter a governance code to help identifying the request.
- In the Domain validation method * field, select a domain validation method.
- Click Save.
The certificate should appear on the AWS page with the Active status. On Segura, the new request will appear on the SSL/TLS Cloud requests report screen.
View certificates
- On Segura, in the navigation bar, hover over the Products menu and select Certificate Manager.
- In the side menu, select Certificate Manager > Certificates > SSL/TLS for Cloud.
- In the desired request, click Actions and see the following options:
- Certificate information.
- Change certificate.
- Request details.
- Certificate Renewal history.
- Disable: deactivate the certificate and consequently suspend the billing and operation
Attention
The Accounts column on this screen shows how many accounts are linked to a single certificate. We strongly recommend reviewing this setting if your discovery reveals more than one account. Ideally, the certificate should have a single account to maintain the integrity of the cloud infrastructure.