Debug School

Rajesh Kumar
Rajesh Kumar

Posted on

How to find List of Certificates issued by Private CA?

Generating an audit report using the aws acm-pca create-certificate-authority-audit-report command is the most comprehensive and reliable method to obtain a list of all certificates issued by a Private Certificate Authority (CA) in AWS. This report includes details about each certificate issued, such as the ARN, serial number, and validity period. The audit report provides a complete record of all certificates issued by the Private CA, which is stored in your specified S3 bucket. This is the recommended approach for an accurate and thorough listing.

Currently this is the only primary approaches provided by AWS to track certificates issued by a Private CA. There are no other methods or tools within AWS that offer this information in a more direct or automated way.

If you are not seeing any certificates listed via these methods, it strongly indicates that no certificates have been issued by the specified CA.

Top comments (1)

Collapse
 
suyash profile image
Suyash Sambhare • Edited

To find a list of certificates issued by a private Certificate Authority (CA), you can use various methods depending on the environment and tools you have available. Here are a few approaches:

  1. AWS Private CA: If you're using AWS Private Certificate Authority, you can generate an audit report using the aws acm-pca create-certificate-authority-audit-report command. This command provides a comprehensive list of all certificates issued by your private CA³.

  2. OpenSSL: For a more general approach, you can use OpenSSL to list certificates stored in a specific directory. For example, on a Linux system, you can list all certificates in the default SSL directory:

   ls /etc/ssl/certs
Enter fullscreen mode Exit fullscreen mode

This will show you all the certificates available in that directory².

  1. Custom Scripts: You can also write custom scripts to query your CA database or logs to extract the list of issued certificates. This approach will vary based on the CA software you are using.