Posted On: Dec 22, 2023

Amazon CloudFront announces support for 4096-bit RSA TLS certificates (4K certs). Customers can now use 4K certs with their CloudFront distributions to increase the security of HTTPS connection negotiations between viewers and Amazon CloudFront.

Customers use TLS certificates to establish secure connections over the internet. Before this announcement, CloudFront supported ECDSA certificates and RSA certificates with a key size of up to 3072 bits. ECDSA certificates generally offer better performance. However, customers might need to use RSA certificates for compliance reasons, or because their applications do not support ECDSA certificates. Starting today, customers can use 4K certs in CloudFront. This enables customers to meet specific regulatory compliance requirements set by the government, their end customers, or their security department. It also ensures compatibility with certain devices and client applications.

The support for 4K certs in CloudFront is now available worldwide. This excludes Amazon Web Services China (Beijing) region, operated by Sinnet, and the Amazon Web Services China (Ningxia) region, operated by NWCD. There is no additional fee for using 4K certs in CloudFront distributions.

To get started, customers can import their 4K certs into AWS Certificate Manager (ACM) and associate it with their CloudFront distribution. For more information, please refer to the CloudFront Developer Guide. To learn more about CloudFront, visit the CloudFront Getting Started page.