1 min read

AWS – CloudFormation now allows DNS-validated certificate management with Amazon Certificate Manager

cubesys : Jul 6, 2020 12:00:00 AM

AWS

As you know, Amazon Certificate Manager (ACM) is used to help managing certificates, from the creation to the renewal process.

Well, ACM can now be used by CloudFormation to automate SSL/TLS certificate management for DNS-validated certificates with domain managed by Amazon Route 53.

With this improvement you no longer need to manually validate your request.

To start using this new capability, you create a new CloudFormation template using the below sample

{
   “Type” : “AWS::CertificateManager::Certificate”,
   “Properties” : {
       “CertificateAuthorityArn” : String,
       “CertificateTransparencyLoggingPreference” : String,
       “DomainName” : String,
       “DomainValidationOptions” : [ DomainValidationOption, … ],
       “SubjectAlternativeNames” : [ String, … ],
       “Tags” : [ Tag, … ],
       “ValidationMethod” : String
     }
}

Where

  • CertificateAuthorityArn is the Amazon Resource Name (ARN) of the private certificate authority (CA) using the following form: arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
  • CertificateTransparencyLoggingPreference defines if you opt-in/opt-out for automatically log your certificate in a public CT log. Accepted values are enabled or disabled
  • DomainName (required) defines the full qualified domain name (like www.amazon.com) for which you want to generate/renew a certificate
  • DomainValidationOptions defines the validation option used to verify your identity. You can get the list of available validation options here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-certificate-domainvalidationoption.html
  • SubjectAlternativeNames if you want to define alternative names for your certificate; same as for the domain name, you need to use the FQDN
  • Tags helps you define tags to identify your certificate
  • ValidationMethod defines the validation method (DNS or email) to use for verifying your ownership. In the context of this post, you should then use the DNS option

Below is a sample of JSON file to create the new template

“mycertificate” : {
   “Type” : “AWS::CertificateManager::Certificate”,
   “Properties” : {
     “DomainName” : “mydomain.com”,
     “DomainValidationOptions” : [{
       “DomainName” : “mydomain.com”,
        “ValidationDomain” : “mydomain.com”
      }],
     “ValidationMethod” : “dns”
    }
  }

Intune – New unified certificate connector for Intune

cubesys : Aug 23, 2021 12:00:00 AM

As you may know you can use Intune to provide user or device certificate capabilities like:

Endpoint Configuration Manager Intune
Read More

Azure – You need to review if your certificates have been issued by compliant CA

cubesys : Jul 15, 2020 12:00:00 AM

As you know, certificates are more heavily used and important than ever to protect communication between clients and services.

Azure
Read More

Microsoft Azure Networking Certification

cubesys : Jul 27, 2021 12:00:00 AM

Whilst I know that many people have been looking forward to a Azure Networking certification for some time, this doesn’t mean it comes easy! There is...

Microsoft Learn Azure
Read More