Skip to main content

AWS Certificate Manager


Chef Automate 4.10.1 released on 6th September 2023 includes improvements to the deployment and installation experience of Automate HA. Please read the blog to learn more about key improvements. Refer to the pre-requisites page (On-Premises, AWS) and plan your usage with your customer success manager or account manager.

This page explains how to use the AWS Certificate Manager (ACM) console to generate a public ACM certificate for your domain.

You can either generate a new public certificate or copy an existing Amazon Resource Name (ARN) value of the certificate of your selected region in the AWS console.


Requesting a Public Certificate using AWS console

Follow these steps if you want to request an ACM public certificate:

  1. Sign in to the AWS Management Console.

  2. Open the ACM console.

  3. Select your region from the top-right corner of the console.

  4. Select Request a certificate.

  5. Select the Request a public certificate option from the Certificate type page, and select Next.

  6. In the Domain names section, enter your domain name. You can use a fully qualified domain name (FQDN), such as, or a bare domain name such as


    Before ACM issues a certificate, it validates that you own or control the domain names in your certificate request. You can use either email validation or DNS validation.
  7. In the Select validation method section, select either DNS validation or Email validation.

  8. From the Tags page, tag your certificate. Tags are key-value pairs that serve as metadata for identifying and organizing AWS resources.

  9. Select Request. The console returns you to your certificate list after processing the request, where your new certificate displays with status, Pending validation.

You can also request a public certificate using the Command Line Interface (CLI). For detailed information on requesting these certificates, refer AWS documentation on requesting a public certificate.

Providing Certificate ARN Value in config.toml Configuration file

Follow these steps if you want to use the AWS certificates in your network infrastructure:

  1. Log in as a Sudo user by using su- command.

  2. Navigate to the hab workspace directory.

  3. Open the config.toml file in any editor of your choice.

    AWS Certificate ARN Value
  4. Copy and paste the certificate ARN into the chef_server_lb_certificate_arn and automate_server_lb_certificate_arn fields in the config.toml file. For example:

    automate_lb_certificate_arn = "areas:am:a-southeast-2:112758395563:certificate/9b9fcc04-6513-4ac5-9332-26a59a6ce4e"
    chef_server_lb_certificate_arn = "areas:am:a-southeast-2:112758395563:certificate/9b9fcc04-6513-4ac5-9932-262a59a6ce4e"
  5. Save and close the file.

Edit this page on GitHub

Thank you for your feedback!


Search Results