Skip to content
Gallery
14. Security in the Cloud
AWS Directory Service
Identity Providers and Federation
Encryption Primer
AWS Key Management Service
AWS Certificate Manager
AWS Security Hub
AWS Web Application Firewall (WAF)
AWS Shield and Shield Advanced
Amazon Inspector
Amazon Macie
Amazon GuardDuty
AWS Audit Manager
More
Share
Explore

icon picker
AWS Certificate Manager

AWS Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect your AWS websites and applications. You can provide certificates for your
integrated AWS services
either by issuing them directly with ACM or by
importing
third-party certificates into the ACM management system. ACM certificates can secure singular domain names, multiple specific domain names, wildcard domains, or combinations of these. ACM wildcard certificates can protect an unlimited number of subdomains. You can also
export
ACM certificates signed by AWS Private CA for use anywhere in your internal PKI.

AWS offers two options to customers deploying managed X.509 certificates. Choose the best one for your needs.
AWS Certificate Manager (ACM)—This service is for enterprise customers who need a secure web presence using TLS. ACM certificates are deployed through Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other
integrated AWS services
. The most common application of this kind is a secure public website with significant traffic requirements. ACM also simplifies security management by automating the renewal of expiring certificates. You are in the right place for this service.
AWS Private CA—This service is for enterprise customers building a public key infrastructure (PKI) inside the AWS cloud and intended for private use within an organization. With AWS Private CA, you can create your own certificate authority (CA) hierarchy and issue certificates with it for authenticating users, computers, applications, services, servers, and other devices. Certificates issued by a private CA cannot be used on the internet. For more information, see the
AWS Private CA User Guide
.

ACM certificates are supported by the following services:
Elastic Load Balancing
Amazon CloudFront
Amazon Cognito
AWS Elastic Beanstalk
AWS App Runner
Amazon API Gateway
AWS Nitro Enclaves
AWS CloudFormation
AWS Amplify
Amazon OpenSearch Service
AWS Network Firewall

Troubleshooting certificate validation

If the ACM certificate request status is Pending validation, the request is waiting for action from you. If you chose email validation when you made the request, you or an authorized representative must respond to the validation email messages. These messages were sent to the registered WHOIS contact addresses and other common email addresses for the requested domain. For more information, see
Email validation
. If you chose DNS validation, you must write the CNAME record that ACM created for you to your DNS database. For more information, see
DNS validation
.
Loading
docs.aws.amazon.com

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.