AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet. AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals. SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

Get Started with AWS Certificate Manager

Create a Free Account
Protect and Secure your website

SSL, and its successor TLS, are industry standard protocols for encrypting network communications and establishing the identity of websites over the Internet. SSL/TLS provides encryption for sensitive data in transit and authentication using SSL/TLS certificates to establish the identity of your site and secure connections between browsers and applications and your site. AWS Certificate Manager provides an easy way to provision and manage these certificates so you can configure a website or application to use the SSL/TLS protocol.

Get started quickly

AWS Certificate Manager removes many of the time-consuming and error-prone steps to acquire an SSL/TLS certificate for your website or application. There is no need to generate a key pair or certificate signing request (CSR), submit a CSR to a Certificate Authority, or upload and install the certificate once received. With a few clicks in the AWS Management Console, you can quickly request a trusted SSL/TLS certificate from AWS. Once the certificate is approved, AWS Certificate Manager takes care of deploying certificates, to help you enable SSL/TLS for your website or application.

Pay only for what you use

With AWS Certificate Manager, there is no additional charge for provisioning SSL/TLS certificates. You pay only for the AWS resources you create to run your application, such as Elastic Load Balancers or Amazon CloudFront distributions.

Managed Certificate Renewal Processes

AWS Certificate Manager manages the renewal process for Amazon-issued SSL/TLS certificates and deploys renewed certificates to your AWS resources, avoiding errors that manual processes can introduce. Since AWS Certificate Manager manages SSL/TLS certificate renewals, you don’t need additional software agents or other client software on your server, avoiding additional costs and overhead.

Secure Key Management

AWS Certificate Manager is designed to protect and manage the private keys used with SSL/TLS certificates. Strong encryption and key management best practices are used when protecting and storing private keys.

Centrally Manage Certificates

You will find it easy to centrally manage all AWS Certificate Manager SSL/TLS certificates provided by ACM in an AWS Region from the AWS Management Console, AWS CLI, or AWS Certificate Manager APIs. You can also audit the use of each certificate by reviewing your Amazon CloudTrail logs.

Centrally Manage Certificates

AWS Certificate Manager is integrated with other AWS services, so you can provision an SSL/TLS certificate and deploy it with your Elastic Load Balancer or Amazon CloudFront distribution. To deploy a certificate with a load balancer or CloudFront distribution, you simply select the certificate you want from a drop-down list in the AWS Management Console. Alternatively, you can call an AWS API or CLI to associate the certificate with your load balancer or CloudFront distribution. AWS Certificate Manager then deploys the certificate to the selected resource for you.

Third-Party Certificates

AWS Certificate Manager makes it easy to import SSL/TLS certificates issued by third-party Certificate Authorities (CAs) and deploy them with your Elastic Load Balancers or Amazon CloudFront distributions. You can monitor the expiration date of an imported certificate, and import a replacement when the existing certificate is nearing expiration. Alternatively, you can request a free certificate from AWS Certificate Manager and let AWS manage future renewals for you. Importing certificates doesn't cost anything.

By making it easy to enable SSL/TLS, AWS Certificate Manager can help your organization meet regulatory and compliance requirements for encryption of data in transit. For specific information about compliance, refer to the AWS Cloud Compliance site.

AWS Certificate Manager can help you minimize downtime due to misconfigured, revoked, or expired certificates. AWS Certificate Manager helps manage the challenges of maintaining SSL/TLS certificates, including certificate renewals so you don’t have to worry about outages resulting from expiring certificates.

Adopting HTTPS (secure HTTP) ensures higher search rankings. If your site was previously not secured with an SSL/TLS certificate, securing your website with an SSL/TLS certificate from AWS Certificate Manager is a quick and easy way to help improve your search rankings.