[hitpointdrew]

Yup. This is one thing I hate about AWS. Oh sure make it nice and easy to use the wildcard cert on any AWS infrastructure. But what if you want to use that wild card cert somewhere else? Too bad. AWS holds the private key for your wildcard cert, and they don't give it to you. They hold it hostage on their server.

[harikb]

Considering the domain is amazonaws.com, it is only fair they keep it with themselves. They can't be in the business of providing arbitrary subdomains under their parent domain just to have it point to some other external IP.

[hitpointdrew]

I'm talking about custom domains. You can setup AWS to manage certs for mycompany.com (for example). When you do that they ought to give you a copy of the private key to *.mycompany.com. I am not talking about the amazonaws.com certs.

[cortesoft]

Uhhh, I am really glad they don’t share it with me or anyone else... if they did, then any other customer of AWS could impersonate me.

[hitpointdrew]

>Uhhh, I am really glad they don’t share it with me or anyone else

It's your domain, you ought to own it. Obviously no one else should. If you buy a wildcard cert from say Comodo (or a number of other cert houses) you can use that cert on any provider you wish, or use it on your locally own infrastructure. You get the private and public key, as you should.