Skip to main content

AWS Certificate Manager

AWS Certificate Manager

AWS Certificate Manager

In conjunction with Amazon Web Services (AWS), the CIT Cloudification team offers no-cost SSL/TLS server certificates through the Amazon Web Services Certificate Manager (ACM) service.

Certificates issued through ACM can be used only in conjunction with AWS Elastic Load Balancing and Amazon CloudFront services deployed from AWS accounts.

Links to Amazon's descriptions of AWS Elastic Load Balancing and CloudFront.

The AWS Certificate Manager service offers:

  • Single domain certificate
  • Multi-domain: Secures up to 10 different domain names on a single certificate (example: one certificate for a site with two names: www.whoiam.cornell.edu and whoiam.cornell.edu)
  • Wildcard domain: Secures the domain and unlimited sub-domains of that domain (example: *.department.cornell.edu).

All certificates are valid for 13 months, and are automatically renewed by AWS if certain criteria are met.

While people use the term "SSL certificate," these certificates are actually SSL/TLS certificates. SSL is used less often because of vulnerabilities. TLS is the replacement technology for SSL.

Benefits of SSL/TSL Certificates

  • User privacy and data integrity: data is encrypted as it moves over the network. It cannot be easily intercepted or altered.
  • Strong assurance of server authenticity: the certificate is signed by Amazon's certificate authority, which is one of a limited number of certificate authorities automatically trusted by major browsers.

Many major Internet sites have transitioned to using communication secured by certificates for all their pages. At minimum, you should use a certificate in any of the following cases.

  • Services that require users to authenticate.
  • Services that display or ask the user to provide any of the following types of data.
    • Protected by federal or state legislation (for example: medical histories, personal financial data, student visa status, social security numbers)
    • Sensitive or confidential (for example: University budgets, physical security infrastructure documents, vendor contracts)
  • When the ability to confirm the authenticity of the server is a requirement. For example, in a limited development environment a self-signed certificate may be acceptable. The corresponding production service, however, may require the assurance of a certificate signed by a globally-recognized certificate authority.

Note: If you are using an AWS service not covered here or need a different type of certificate, you can use the InCommon Digital Certificate service. For more information, see SSL Server Certificate.


Service Details

Audience(s):

Cost:

No Fee

Regulated Data:

Not applicable or information not available.

Support Contact:

Was this page helpful?

Your feedback helps improve the site.

Comments?