Self-Signed Certificate

This guide shows how to create a self-signed SSL certificate and upload it to AWS Certificate Manager (ACM) using the CLI.

Self-signed certificates are suitable for testing and development only. For production deployments, use a certificate issued by a trusted Certificate Authority or request one through ACM .

Prerequisites

OpenSSL installed
AWS CLI installed and configured with appropriate permissions

All commands in this guide can be run directly from AWS CloudShell, which comes with OpenSSL and the AWS CLI pre-installed. To launch CloudShell, click the terminal icon in the top navigation bar of the AWS Management Console, or visit https://console.aws.amazon.com/cloudshell .

Step 1: Generate the Certificate

Run the following command to create a self-signed certificate valid for 365 days:


openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout alertd-selfsigned.key \
  -out alertd-selfsigned.crt \
  -subj "/CN=alertd.example.com"

Replace alertd.example.com with the domain you plan to use for your AlertD deployment (e.g., alertd.yourcompany.com).

This creates two files:

alertd-selfsigned.key — the private key
alertd-selfsigned.crt — the certificate

Step 2: Upload to ACM

Upload the certificate to AWS Certificate Manager:


aws acm import-certificate \
  --certificate fileb://alertd-selfsigned.crt \
  --private-key fileb://alertd-selfsigned.key \
  --region us-west-1

Replace us-west-1 with the region where you will deploy AlertD.

The command returns a certificate ARN:


{
  "CertificateArn": "arn:aws:acm:us-west-1:123456789012:certificate/abcd1234-..."
}

Copy this ARN — you will use it as the Certificate ARN parameter when deploying the AlertD CloudFormation stack.

Step 3: Clean Up Local Files

After uploading, remove the private key from your local machine:


rm alertd-selfsigned.key