Posted On: Jul 14, 2021

AWS Certificate Manager (ACM) now allows you to import Secure Sockets Layer/Transport Layer Security (SSL/TLS) X.509 certificates of additional key types and key sizes, including Elliptic Curve Digital Signature Algorithm (ECDSA) and RSA 3072 and 4096 keys and bind them with integrated services like Amazon CloudFront and Application Load Balancer. Previously, you could use AWS Identity and Access Management (IAM) to import and use these certificate types as ACM only supported usage of imported RSA 1024 or RSA 2048 key certificates.

SSL/TLS certificates are used to secure network communications and establish the identity of websites over the internet as well as resources on private networks. ACM lets you easily provision, manage, and deploy public and private SSL/TLS certificates. You can use ACM to issue RSA 2048 certificates. However your application may require certificates with different key types or key sizes. ACM now allows you to import and use ECDSA P256, P384, P521 and RSA 3072, 4096 SSL/TLS certificates with integrated services. Specifically, you can use imported ECDSA P256 certificates with Amazon CloudFront and all of the ECDSA and RSA certificate mentioned above with Application Load Balancing. When you import a certificate using the AWS Management Console, you will be informed about the certificate type and the integrated services with which it can be used. This information is also available in the certificate details within the console.

This feature is available in all ACM regions. You can learn more about this feature here and you can get started with ACM here.