Your team starts to use AWS Certificate Manager to issue new certificates and manage existing certificates.
Private Certificate Authorities are also created in ACM.
ACM contains both public and private certificates which are used for different AWS services.
You also need ACM to help to renew certificates before they expire.
In which of the following options can ACM perform the automatic renewal?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - C.
ACM provides managed renewal for the SSL/TLS certificates in ACM.
However, there are some limitations.
Refer to the details in.
https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html.Option A is incorrect: Because an automatic renewal is not available for imported certificates.
You have to manage the renewal by yourself.
Option B is incorrect: Because if the private keys are managed by users instead of ACM, ACM does not renew the certificates.
Option C is CORRECT: In this option, ACM can fully manage the automatic renewal for the certificates.
Option D is incorrect: Because an ACM certificate must be actively associated with an AWS service before it can be automatically renewed by ACM.
AWS Certificate Manager (ACM) is a service that provides managed renewal for public and private SSL/TLS certificates used with AWS services. ACM is integrated with other AWS services and can be used to manage certificates for services like Elastic Load Balancer, CloudFront, and API Gateway.
ACM can perform automatic renewal for certificates that are managed by the service. The automatic renewal feature ensures that the certificates are renewed before they expire, and updates the certificate in the associated AWS service with the renewed certificate.
Let's analyze the given options and find out which one of them can perform the automatic renewal of certificates using ACM.
A. A third-party certificate is imported to ACM and is associated with a CloudFront distribution.
In this scenario, ACM is not managing the certificate, but only storing it. ACM can store and manage third-party certificates, but it cannot perform automatic renewal for them. So, this option is not the correct answer.
B. A private CA certificate for which ACM does not create the private key and certificate signing request (CSR). The certificate is installed in an elastic load balancer.
In this scenario, the private CA certificate is not managed by ACM, and it is installed in an Elastic Load Balancer. ACM can only manage certificates that are associated with AWS services that are integrated with ACM. Since the certificate is not managed by ACM, it cannot perform automatic renewal for it. Therefore, this option is also not the correct answer.
C. A private certificate is issued from the ACM management console and used for an Application Load Balancer.
In this scenario, the private certificate is issued from the ACM management console and used for an Application Load Balancer. ACM can manage certificates that are associated with AWS services, and since the private certificate is issued from ACM, it can perform automatic renewal for it. Therefore, this option is a possible correct answer.
D. A public certificate is requested from ACM and is NOT associated with any AWS service.
In this scenario, the public certificate is not associated with any AWS service, and ACM cannot manage certificates that are not associated with AWS services that are integrated with ACM. Since the certificate is not associated with any AWS service, ACM cannot perform automatic renewal for it. Therefore, this option is also not the correct answer.
So, the correct answer is C. A private certificate is issued from the ACM management console and used for an Application Load Balancer. ACM can perform automatic renewal for certificates that are issued from the ACM management console and associated with AWS services that are integrated with ACM.