Skip to main content

Cornell University

AWS Certificate Manager

On This Page

In conjunction with Amazon Web Services (AWS), the CIT Cloudification team offers no-cost SSL/TLS server certificates through the Amazon Web Services Certificate Manager (ACM) service.

Certificates issued through ACM can be used only in conjunction with AWS Elastic Load Balancing and Amazon CloudFront services deployed from AWS accounts.

Links to Amazon's descriptions of AWS Elastic Load Balancing and CloudFront.

The AWS Certificate Manager service offers:

  • Single domain certificate
  • Multi-domain: Secures up to 10 different domain names on a single certificate (example: one certificate for a site with two names: and
  • Wildcard domain: Secures the domain and unlimited sub-domains of that domain (example: *

All certificates are valid for 13 months, and are automatically renewed by AWS if certain criteria are met.

While people use the term "SSL certificate," these certificates are actually SSL/TLS certificates. SSL is used less often because of vulnerabilities. TLS is the replacement technology for SSL.

Benefits of SSL/TLS Certificates

  • User privacy and data integrity: data is encrypted as it moves over the network. It cannot be easily intercepted or altered.
  • Strong assurance of server authenticity: the certificate is signed by Amazon's certificate authority, which is one of a limited number of certificate authorities automatically trusted by major browsers.

Many major Internet sites have transitioned to using communication secured by certificates for all their pages. At minimum, you should use a certificate in any of the following cases.

  • Services that require users to authenticate.
  • Services that display or ask the user to provide any of the following types of data.
    • Protected by federal or state legislation (for example: medical histories, personal financial data, student visa status, social security numbers)
    • Sensitive or confidential (for example: University budgets, physical security infrastructure documents, vendor contracts)
  • When the ability to confirm the authenticity of the server is a requirement. For example, in a limited development environment a self-signed certificate may be acceptable. The corresponding production service, however, may require the assurance of a certificate signed by a globally-recognized certificate authority.

Note: If you are using an AWS service not covered here or need a different type of certificate, you can use the In Common Digital Certificate service. For more information, see SSL Server Certificate.

Support Contact:

Cornell IT Service Desk

Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.