Skip to main content

How to import a public SSL certificate into AWS Certificate Manager

Introduction

This assumes you have already read how to configure DNS. Public certificates are typically created in the member/application account that uses them. For example, if your application runs behind an aws_lb_listener in the preproduction environment and you need to configure a certificate_arn, you will create the certificate in the preproduction account.

The domain modernisation-platform.service.justice.gov.uk is managed by the modernisation-platform team. All environments under this domain, such as my-application.nomis.hmpps-test.modernisation-platform.service.justice.gov.uk can create their own public certificates using AWS Certificate Manager. For information on DNS naming conventions refer to DNS naming.

The following domains are managed by the operations-engineering team (#ask-operations-engineering).

  • justice.gov.uk
  • service.justice.gov.uk

To request a public certificate under either of the above domains, refer to the corresponding section below, depending on whether you’re on Linux or Windows.

Linux

Refer to Requesting a new certificate.

Once you receive the public certificate, you can then import it into your environment by following the instructions in Getting certificates ready in AWS Certificate Manager.

Windows

If you are on Windows, refer to How to import a public SSL certificate into AWS Certificate Manager on Windows

Request process

  1. Submit a request with a certificate signing request to certificates@digital.justice.gov.uk
  2. Receive a reply from certificates@digital.justice.gov.uk with details of validation CNAME records.
  3. Apply the validation CNAME records to the appropriate Route53 domain.
  4. Inform certificates@digital.justice.gov.uk that the validation records have been created.
  5. certificates@digital.justice.gov.uk will respond with the certificate.
This page was last reviewed on 23 August 2024. It needs to be reviewed again on 23 February 2025 by the page owner #modernisation-platform .
This page was set to be reviewed before 23 February 2025 by the page owner #modernisation-platform. This might mean the content is out of date.