AWS Certificate Manager (ACM) uses a dynamic intermediate CA model. When you request or renew a public certificate, ACM randomly assigns an intermediate CA—such as —to sign it. These intermediates all chain back to one of the five Amazon Root CAs . Why You Shouldn't Just "Download" the M02 Certificate
You can then download the , Certificate chain , and Private key (if applicable) as PEM files. amazon rsa 2048 m02 certificate download
: If you have an existing certificate issued by this CA in your account, you can retrieve the certificate and its chain using the get-certificate AWS Certificate Manager (ACM) uses a dynamic intermediate
openssl verify -CAfile Amazon_Root_CA_1.pem Amazon_RSA_2048_M02.pem Why You Shouldn't Just "Download" the M02 Certificate
While you can find intermediate certificates in public repositories, AWS strongly advises adding only specific intermediate CAs like "Amazon RSA 2048 M02" to your trust store.
You now have the .crt file. If you need the raw text, open this file in Notepad or TextEdit; it will look like a block of garbled text starting with -----BEGIN CERTIFICATE----- .
For further technical details or to download the official root certificates, visit the Amazon Trust Services Repository.