Home > Back-end >  AWS: Using TLS-certificate without private key
AWS: Using TLS-certificate without private key

Time:11-18

For using an API from the dutch chamber of commerce, It's mandatory to install a TLS-certificate from the Dutch government. Only when the certificate is installed, It's possible to make authorized API-requests. The chamber of commerce has published an install guide here: https://developers.kvk.nl/support/documentation/manual-tls-certificate

We want to use this API in an application that's hosted with AWS amplify as backend with React as frontend. The most obvious approach was using AWS certificate manager, because it's integrated with Amplify. The problem we encounter using the certificate manager is that It's mandatory to provide a private key in PEM format to import a certificate (see picture). The thing is, there are no private keys given since the certificates are from the governments, and the manual does not describe what needs to be done in our case.(https://i.stack.imgur.com/uBXRl.png)

We tried to contact the chamber of commerce but our response was that it was not in their reach and we should try it elsewhere. Our only option as we see now is that we need to host a dedicated server to redirect the api requests and responses, but that would defeat our point of being serverless with Amplify.

CodePudding user response:

AWS Certificate Manager is for certificates that you own. You would use that for the SSL/TLS certificate that matches the domain name that your application runs on.

The TLS certificate you are trying to use is not one that you own, it is one owned by the Dutch government, and you only have the public key info. You need to install that public key info onto your server in order to validate the TLS connections you make to the API you are connecting to. You aren't using it to serve a secure connection, you are using it to validate a secure connection.

The AWS ACM integration with AWS Amplify would not help you here, since that integration is specifically for serving a secure domain name, not for validating API calls your Amplify application is making.

Your Amplify backend will be built using AWS Lambda. It will be the Lambda function that performs the API calls to the Dutch government. You simply need to include the TLS certificate files in the Lambda deployment package that you upload to AWS, and then configure whatever HTTP library you are using in Lambda to make the API calls to use those files for TLS validation.

Page link:https//www.codepudding.com/Backend/613628.html

Prev:How to add user_data commands in elastic beanstalk created with terraform
Next:how to compare two different object lists?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding