Generate SSL Certificate Using AWS Certificate Manager
What Is ACM?
ACM is an acronym of AWS Certificate Manager.It provides the free SSL/TLS certificates for the applications and websites we are hosting in Amazon Web Services.
Using the public certificates generated from ACM , You can secure you domain names and the sub-domains.
If you already have an SSL certificate generated from other Certificate Authority You can import it to ACM and Use it for securing your Websites and Applications.
Why Use ACM?
It’s easy to create , manage and configure SSL certificate for the domain and renew the certificates.
- It renews automatically.
- Can be integrated with Services.
- Its free of cost.
Important Points To Note:
Lets say , You have hosted a website using Apache / Nginx in the EC2 Instance , To secure your website and applications , You cannot directly apply the certificates.
You can install the ACM certificates by using one of the below integrated services.
- Amazon Cloudfront
- AWS Elastic beanstalk
- API gateway
- Elastic Load balancing
Certificates generated from ACM are region specific. Lets say you have hosted Websites in Mumbai region , Then you should generated SSL certificates in the same region.
If you’re configuring the same domain in Singapore region , Again We have to generate the ACM for the Singapore region and use it for the websites.
You cannot copy certificates from One region to Another.
If you want to apply the certificates generated from ACM for CloudFront , Then you should create or import exiting certificate in the N.Virginia (US East) region.
Certificates in this region which is associated with the cloudfront distribution are distributed for all the geographical locations configured for that distribution.
Creating Public Certificate Using ACM
To generate Public SSL/TLS certificate , Login to ACM Console
Request a public certificate , Choose Request a certificate
Under Add domain names , You should mention the FQDN (Fully Qualified Domain Name) of the website which you to secure using the certificate.
For example : www.fitdevops.in be the FQDN , But If I have hosted multiple sub-domains under the main domain fitdevops.in , You can add an * (asterisk) to request the wildcard certificate to protect all the exiting sub-domains and the sub-domain which we create later as well.
Choose Next , We have to validate the certificate request using One of the below options.This is ensure that the domain name for which you’re requesting the certificate is owned by you.
- DNS Validation –> Choose this , If you have access to the add / modify DNS Records
- Email Validation –> If you do not have access to the DNS configuration of the domain you can validate using this method.
You can optionally add a Tag to manage the certificates , Click Review
Choose Confirm and request
If you have Chosen DNS Validation , You will get a DNS Configuration as a file , It contains CNAME record with a Value which should be added in the DNS configuration.
If you have chosen Email for Validation , ACM sends the validation email to the contact addresses in the WHOIS database , Contacts as follows ,
Domain registrant , technical contact and Administrative contact.
Either one of you , Should reply to that email for validation.
Once you complete the validation process , The Status of the certificate will be Issued.
Once the certificate is Issued , You can use it the Integrated services mentioned above.
We have successfully generated free Public SSL/TLS certifcate using the AWS Certifcate Manager.
In my upcoming articles , I will explain How you can use these certificates with the AWS Services.
Thanks for reading this article. Please do check out my other publications.