Generating an audit report using the aws acm-pca create-certificate-authority-audit-report command is the most comprehensive and reliable method to obtain a list of all certificates issued by a Private Certificate Authority (CA) in AWS. This report includes details about each certificate issued, such as the ARN, serial number, and validity period. The audit report provides a complete record of all certificates issued by the Private CA, which is stored in your specified S3 bucket. This is the recommended approach for an accurate and thorough listing.
Currently this is the only primary approaches provided by AWS to track certificates issued by a Private CA. There are no other methods or tools within AWS that offer this information in a more direct or automated way.
If you are not seeing any certificates listed via these methods, it strongly indicates that no certificates have been issued by the specified CA.
Top comments (1)
To find a list of certificates issued by a private Certificate Authority (CA), you can use various methods depending on the environment and tools you have available. Here are a few approaches:
AWS Private CA: If you're using AWS Private Certificate Authority, you can generate an audit report using the
aws acm-pca create-certificate-authority-audit-report
command. This command provides a comprehensive list of all certificates issued by your private CA³.OpenSSL: For a more general approach, you can use OpenSSL to list certificates stored in a specific directory. For example, on a Linux system, you can list all certificates in the default SSL directory:
This will show you all the certificates available in that directory².