Skip to main content
Service Catalog Version 0.108.7Last updated in version 0.100.0

TLS Scripts

View SourceRelease Notes


This service contains scripts that simplify the process of creating and managing TLS certificates, JVM key stores and trust stores, and RDS CA certificates.


Bash scripts that simplify working with TLS certificates. You will typically only need these scripts to configure end-to-end encryption in your Reference Architecture.

  • Simplify creating self-signed TLS certificates
  • Encrypt TLS certificates using KMS
  • Upload TLS certificates to AWS for use with ELBs
  • Download CA public keys for validating RDS TLS connections
  • Simplify creating key stores and trust stores to manage TLS certificates for JVM apps
  • Run from a Docker container so you don’t need to install any dependencies locally



This repo is a part of the Gruntwork Service Catalog, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Service Catalog before, make sure to read How to use the Gruntwork Service Catalog!

About TLS

About the scripts specifically