Posted On: Nov 8, 2022

You can now use AWS Certificate Manager (ACM) to request and use Elliptic Curve Digital Signature Algorithm (ECDSA) P-256 and P-384 Transport Layer Security (TLS) certificates to secure your network traffic. TLS certificates are used to secure network communications and to establish the identity of websites over the internet as well as resources on private networks. ACM lets you easily provision, manage, and deploy public and private TLS certificates. You can learn more about ECDSA security, performance and compatibility in this AWS Security blog post.

You can use either the ACM console or the request-certificate API with the key-algorithm parameter to issue public / private ECDSA P-256 and P-384 TLS certificates. AWS customers who need to use TLS certificates with 120+ bit security strength can now use these ECDSA certificates to help meet their compliance needs. ECDSA certificates have a higher security strength of 128 and 192 bits respectively, when compared to 112 bit RSA 2048 certificates that you can also issue from ACM. Security strength is a measure of resilience against brute force attacks. ACM issued ECDSA public certificates can be used with supported integrated services such as Application Load Balancer (ALB) and Amazon CloudFront. When used with integrated services you also get the benefit of managed renewals i.e., ACM will attempt to renew ACM issued, in-use certificates before expiry and automatically bind the renewed certificates with an integrated service.

ECDSA certificates are available in all regions where ACM is available. CloudFormation support will be coming soon. To learn more about this feature, please refer to the documentation. You can learn more about ACM and get started here.