Which combination of steps is required to ensure availability of the certificate in the CloudFront console?

By:
On:
In: SCS-C01
Tagged:
With: 0 Comments
A Web Administrator for the website example.com has created an Amazon CloudFront distribution for dev.example.com, with a requirement to configure HTTPS using a custom TLS certificate imported to AWS Certificate Manager.

Which combination of steps is required to ensure availability of the certificate in the CloudFront console?

(Choose two.)

Call UploadServerCertificate with /cloudfront/dev/ in the path parameter.

Import the certificate with a 4,096-bit RSA public key.

Ensure that the certificate, private key, and certificate chain are PKCS #12-encoded.

Import the certificate in the us-east-1 (N. Virginia) Region.

Ensure that the certificate, private key, and certificate chain are PEM-encoded.

Explanations:

The UploadServerCertificate API is not used for CloudFront distributions; it is used for AWS IAM.

CloudFront supports certificates with RSA keys up to 2048-bit; 4096-bit is not necessary.

CloudFront does not require the certificate, private key, and chain to be PKCS #12-encoded. PEM encoding is standard.

CloudFront requires that the custom TLS certificate be imported into the us-east-1 region, regardless of the distribution’s location.

The certificate, private key, and certificate chain must be PEM-encoded for CloudFront to work with the AWS Certificate Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 2 =