In conjunction with Amazon Web Services (AWS), the CIT Cloudification team offers no-cost SSL/TLS server certificates through the Amazon Web Services Certificate Manager (ACM) service.
Certificates issued through ACM can be used only in conjunction with AWS Elastic Load Balancing and Amazon CloudFront services deployed from AWS accounts.
The AWS Certificate Manager service offers:
- Single domain certificate
- Multi-domain: Secures up to 10 different domain names on a single certificate (example: one certificate for a site with two names: www.whoiam.cornell.edu and whoiam.cornell.edu)
- Wildcard domain: Secures the domain and unlimited sub-domains of that domain (example: *.department.cornell.edu).
All certificates are valid for 13 months, and are automatically renewed by AWS if certain criteria are met.
Benefits of SSL/TLS Certificates
- User privacy and data integrity: data is encrypted as it moves over the network. It cannot be easily intercepted or altered.
- Strong assurance of server authenticity: the certificate is signed by Amazon's certificate authority, which is one of a limited number of certificate authorities automatically trusted by major browsers.
Many major Internet sites have transitioned to using communication secured by certificates for all their pages. At minimum, you should use a certificate in any of the following cases.
- Services that require users to authenticate.
- Services that display or ask the user to provide any of the following types of data.
- Protected by federal or state legislation (for example: medical histories, personal financial data, student visa status, social security numbers)
- Sensitive or confidential (for example: University budgets, physical security infrastructure documents, vendor contracts)
- When the ability to confirm the authenticity of the server is a requirement. For example, in a limited development environment a self-signed certificate may be acceptable. The corresponding production service, however, may require the assurance of a certificate signed by a globally-recognized certificate authority.
Note: If you are using an AWS service not covered here or need a different type of certificate, you can use the In Common Digital Certificate service. For more information, see SSL Server Certificate.
Cornell IT Service Desk
Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support