Hello 
I am a newbie
I am trying to follow tutorial
but it does not work for me.
I can create the CSR with Basic Constraint “CA: true” just fine, but when I try to run
aws acm-pca issue-certificate \
--certificate-authority-arn ${AWS_CA_ARN} \
--csr fileb://cert1.csr \
--signing-algorithm "SHA256WITHRSA" \
--validity Value=365,Type="DAYS" \
--template-arn arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0/V1 \
--region=eu-central-1
I get response
An error occurred (ValidationException) when calling the IssueCertificate operation: Path length check failed for CA 'arn:aws:acm-pca:eu-central-1:X:certificate-authority/X' and selected template 'arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0/V1'.
Since the CA cert at AWS is not a root cert itself but also an intermediate (the actual root CA cert is offline) i also tried to use template SubordinateCACertificate_PathLen1/V1 instead of SubordinateCACertificate_PathLen0/V1 but this leads to the same error message.
I did not find any further hints how to solve this issue when doing some googling so I try to ask here. Can somebody maybe point me in the right direction?
Thanks and best regards, Sebatian