Posted On: Aug 13, 2021
Amazon API Gateway enables customers to authenticate clients using certificate-based mutual TLS, where digital certificates are exchanged between the client and API Gateway before a secure connection is established. Previously, only certificates issued by AWS Certificate Manager (ACM) could be used as the server certificate when configuring mutual TLS in API Gateway. Starting today, customers can use a server certificate issued by a third-party certificate authority (CA) or ACM Private CA.
This feature unblocks customers who want to use an existing server certificate that is not issued by ACM. For example, some customers must use server certificates issued by a private CA to comply with their organization’s Information Security policies. These customers can now import an existing certificate into ACM and use it as the server certificate when configuring mutual TLS in API Gateway.
API Gateway’s support for the feature is generally available in all regions where API Gateway is available. To see where API Gateway is available, review the AWS region table.