There are more AWS SDK examples available in the [AWS Doc SDK Examples](https://github.com/awsdocs/aws-doc-sdk-examples) GitHub repo. # Use `ImportCertificate` with an AWS SDK or CLI `ImportCertificate` The following code examples show how to use `ImportCertificate`. Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example: + [Learn the basics](acm_example_acm_Usage_ImportListRemove_section.md) ------ #### [ C\$1\$1 ] **SDK for C\$1\$1** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/acm#code-examples). ``` //! Import an AWS Certificate Manager (ACM) certificate. /*! \param certificateFile: Path to certificate to import. \param privateKeyFile: Path to file containing a private key. \param certificateChainFile: Path to file containing a PEM encoded certificate chain. \param clientConfiguration: AWS client configuration. \return bool: Function succeeded. */ bool AwsDoc::ACM::importCertificate(const Aws::String &certificateFile, const Aws::String &privateKeyFile, const Aws::String &certificateChainFile, const Aws::Client::ClientConfiguration &clientConfiguration) { std::ifstream certificateInStream(certificateFile.c_str()); if (!certificateInStream) { std::cerr << "Error: The certificate file '" << certificateFile << "' does not exist." << std::endl; return false; } std::ifstream privateKeyInstream(privateKeyFile.c_str()); if (!privateKeyInstream) { std::cerr << "Error: The private key file '" << privateKeyFile << "' does not exist." << std::endl; return false; } std::ifstream certificateChainInStream(certificateChainFile.c_str()); if (!certificateChainInStream) { std::cerr << "Error: The certificate chain file '" << certificateChainFile << "' does not exist." << std::endl; return false; } Aws::String certificate; certificate.assign(std::istreambuf_iterator(certificateInStream), std::istreambuf_iterator()); Aws::String privateKey; privateKey.assign(std::istreambuf_iterator(privateKeyInstream), std::istreambuf_iterator()); Aws::String certificateChain; certificateChain.assign(std::istreambuf_iterator(certificateChainInStream), std::istreambuf_iterator()); Aws::ACM::ACMClient acmClient(clientConfiguration); Aws::ACM::Model::ImportCertificateRequest request; request.WithCertificate(Aws::Utils::ByteBuffer((unsigned char *) certificate.c_str(), certificate.size())) .WithPrivateKey(Aws::Utils::ByteBuffer((unsigned char *) privateKey.c_str(), privateKey.size())) .WithCertificateChain(Aws::Utils::ByteBuffer((unsigned char *) certificateChain.c_str(), certificateChain.size())); Aws::ACM::Model::ImportCertificateOutcome outcome = acmClient.ImportCertificate(request); if (!outcome.IsSuccess()) { std::cerr << "Error: ImportCertificate: " << outcome.GetError().GetMessage() << std::endl; return false; } else { std::cout << "Success: Certificate associated with ARN '" << outcome.GetResult().GetCertificateArn() << "' imported." << std::endl; return true; } } ``` + For API details, see [ImportCertificate](https://docs.aws.amazon.com/goto/SdkForCpp/acm-2015-12-08/ImportCertificate) in *AWS SDK for C\$1\$1 API Reference*. ------ #### [ CLI ] **AWS CLI** **To import a certificate into ACM.** The following `import-certificate` command imports a certificate into ACM. Replace the file names with your own: ``` aws acm import-certificate --certificate file://Certificate.pem --certificate-chain file://CertificateChain.pem --private-key file://PrivateKey.pem ``` + For API details, see [ImportCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/acm/import-certificate.html) in *AWS CLI Command Reference*. ------ #### [ Java ] **SDK for Java 2.x** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/acm#code-examples). ``` /** * Before running this Java V2 code example, set up your development * environment, including your credentials. *

* For more information, see the following documentation topic: *

* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class ImportCert { public static void main(String[] args) { final String usage = """ Usage: Where: bucketName - The name of the S3 bucket containing the certificate and private key. certificateKey - The object key for the SSL/TLS certificate file in S3. privateKeyKey - The object key for the private key file in S3. """; if (args.length != 3) { System.out.println(usage); return; } String bucketName = args[0]; String certificateKey = args[1]; String privateKeyKey = args[2]; String certificateArn = importCertificate(bucketName, certificateKey, privateKeyKey); System.out.println("Certificate imported with ARN: " + certificateArn); } /** * Imports an SSL/TLS certificate and private key from S3 into AWS Certificate Manager (ACM). * * @param bucketName The name of the S3 bucket. * @param certificateKey The key for the SSL/TLS certificate file in S3. * @param privateKeyKey The key for the private key file in S3. * @return The ARN of the imported certificate. */ public static String importCertificate(String bucketName, String certificateKey, String privateKeyKey) { AcmClient acmClient = AcmClient.create(); S3Client s3Client = S3Client.create(); try { byte[] certificateBytes = downloadFileFromS3(s3Client, bucketName, certificateKey); byte[] privateKeyBytes = downloadFileFromS3(s3Client, bucketName, privateKeyKey); ImportCertificateRequest request = ImportCertificateRequest.builder() .certificate(SdkBytes.fromByteBuffer(ByteBuffer.wrap(certificateBytes))) .privateKey(SdkBytes.fromByteBuffer(ByteBuffer.wrap(privateKeyBytes))) .build(); ImportCertificateResponse response = acmClient.importCertificate(request); return response.certificateArn(); } catch (IOException e) { System.err.println("Error downloading certificate or private key from S3: " + e.getMessage()); } catch (S3Exception e) { System.err.println("S3 error: " + e.awsErrorDetails().errorMessage()); } return ""; } /** * Downloads a file from Amazon S3 and returns its contents as a byte array. * * @param s3Client The S3 client. * @param bucketName The name of the S3 bucket. * @param objectKey The key of the object in S3. * @return The file contents as a byte array. * @throws IOException If an I/O error occurs. */ private static byte[] downloadFileFromS3(S3Client s3Client, String bucketName, String objectKey) throws IOException { GetObjectRequest getObjectRequest = GetObjectRequest.builder() .bucket(bucketName) .key(objectKey) .build(); try (ResponseInputStream s3Object = s3Client.getObject(getObjectRequest); ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) { IoUtils.copy(s3Object, byteArrayOutputStream); return byteArrayOutputStream.toByteArray(); } } } ``` + For API details, see [ImportCertificate](https://docs.aws.amazon.com/goto/SdkForJavaV2/acm-2015-12-08/ImportCertificate) in *AWS SDK for Java 2.x API Reference*. ------ #### [ Python ] **SDK for Python (Boto3)** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/acm#code-examples). ``` class AcmCertificate: """ Encapsulates ACM functions. """ def __init__(self, acm_client): """ :param acm_client: A Boto3 ACM client. """ self.acm_client = acm_client def import_certificate(self, certificate_body, private_key): """ Imports a self-signed certificate to ACM. :param certificate_body: The body of the certificate, in PEM format. :param private_key: The unencrypted private key of the certificate, in PEM format. :return: The ARN of the imported certificate. """ try: response = self.acm_client.import_certificate( Certificate=certificate_body, PrivateKey=private_key ) certificate_arn = response["CertificateArn"] logger.info("Imported certificate.") except ClientError: logger.exception("Couldn't import certificate.") raise else: return certificate_arn ``` + For API details, see [ImportCertificate](https://docs.aws.amazon.com/goto/boto3/acm-2015-12-08/ImportCertificate) in *AWS SDK for Python (Boto3) API Reference*. ------ #### [ SAP ABAP ] **SDK for SAP ABAP** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/acm#code-examples). ``` TRY. " Only pass certificate chain if it's provided (it's optional) IF iv_certificate_chain IS NOT INITIAL. DATA(lo_result) = lo_acm->importcertificate( iv_certificate = iv_certificate iv_privatekey = iv_private_key iv_certificatechain = iv_certificate_chain ). ELSE. lo_result = lo_acm->importcertificate( iv_certificate = iv_certificate iv_privatekey = iv_private_key ). ENDIF. ov_certificate_arn = lo_result->get_certificatearn( ). MESSAGE 'Certificate imported successfully.' TYPE 'I'. CATCH /aws1/cx_acminvalidparameterex. MESSAGE 'Invalid parameter provided.' TYPE 'I'. CATCH /aws1/cx_acmlimitexceededex. MESSAGE 'Certificate limit exceeded.' TYPE 'I'. ENDTRY. ``` + For API details, see [ImportCertificate](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html) in *AWS SDK for SAP ABAP API reference*. ------