AWS Security Blog
Tag: certificates
How to enforce DNS name constraints in AWS Private CA
In March 2022, AWS announced support for custom certificate extensions, including name constraints, using AWS Private Certificate Authority (AWS Private CA). Defining DNS name constraints with your subordinate CA can help establish guardrails to improve public key infrastructure (PKI) security and mitigate certificate misuse. For example, you can set a DNS name constraint that restricts […]
Three ways to boost your email security and brand reputation with AWS
April 11, 2023: This post had been updated to provide clarifications: The recommendation to use SES or WorkMail as part of this solution is for receiving TLS reports sent via email from mail receiving organizations. It is unrelated to the BIMI and MTA-STS aspects or any core functionality of the solution.. If you own a […]
How to evaluate and use ECDSA certificates in AWS Certificate Manager
AWS Certificate Manager (ACM) is a managed service that enables you to provision, manage, and deploy public and private SSL/TLS certificates that you can use to securely encrypt network traffic. You can now use ACM to request Elliptic Curve Digital Signature Algorithm (ECDSA) certificates and associate the certificates with AWS services like Application Load Balancer (ALB) […]
How to use ACM Private CA for enabling mTLS in AWS App Mesh
Securing east-west traffic in service meshes, such as AWS App Mesh, by using mutual Transport Layer Security (mTLS) adds an additional layer of defense beyond perimeter control. mTLS adds bidirectional peer-to-peer authentication on top of the one-way authentication in normal TLS. This is done by adding a client-side certificate during the TLS handshake, through which […]
How to use AWS RAM to share your ACM Private CA cross-account
In this post, I use the new Cross-Account feature of AWS Certificate Manager (ACM) Private Certificate Authority (CA) to create a CA in one account and then use ACM in a second account to issue a private certificate that automatically renews the following year. This newly available workflow expands the usability of ACM Private CA […]
How to migrate a digital signing workload to AWS CloudHSM
Note from July 18, 2019: We added information about AWS Certificate Manager (ACM) Private Certificate Authority (CA) to the introduction. Is your on-premises Hardware Security Module (HSM) at end-of-life? Does continued maintenance of your on-premises hardware take a lot of time and cost a lot of money? You should consider migrating your workloads to AWS […]
Amazon RDS Customers: Update Your SSL Certificates by March 23, 2015
If you are an Amazon RDS customer, you might have received email from AWS notifying you about rotating your SSL certificates. The SSL certificates for RDS database instances are being updated on March 23, 2015, at 20:00 UTC. The certificates are being updated as part of standard maintenance and security best practices for RDS, and […]