Posted On: Jul 14, 2023

Amazon CloudFront announces support for 3072-bit RSA certificates. Customers can now associate their 3072-bit RSA certificates with CloudFront distributions to enhance communication security between clients and CloudFront edge locations.

RSA is a encryption algorithm widely used in digital certificates to secure internet communications through digital signatures and data encryption. Prior to this update, CloudFront customers could only use RSA certificates with 1024-bit or 2048-bit strength, or an ECDSA P256 certificate. ECDSA P256 certificates provide greater security than 1024-bit or 2048-bit RSA certificates, yet they might not be supported by legacy clients and devices. With the introduction of 3072-bit RSA certificates, customers can now achieve the same security level in CloudFront previously exclusive to ECDSA P256 certificates.

Amazon CloudFront's support for 3072-bit RSA certificates is now available for immediate use. To get started, associate a 3072-bit RSA certificate with your CloudFront distribution using console or APIs. There are no additional fees associated with this feature. For more information, please refer to the CloudFront Developer Guide. To learn more about CloudFront, visit the CloudFront Getting Started page.