How do I install SSL/TLS certificates on Amazon CloudFront?

You can use SSL/TLS certificates with Amazon CloudFront to Require HTTPS for Communication Between Viewers and CloudFront.

If you use HTTPS connections between viewers and CloudFront, CloudFront assigns a domain name to your distribution, for example, You can use the default CloudFront SSL/TLS certificate, or you can use a custom domain name. To use a custom domain name, Request a Public Certificate from AWS Certificate Manager, Import Certificates into AWS Certificate Manager, How can I upload and import an SSL certificate to AWS Identity and Access Management (IAM)?, or create and import a self-signed certificate.

Note: If you use an imported certificate with CloudFront, your key size must not exceed 2048 bits, and you must import the certificate in the US East (N. Virginia) region. For more information, see Size of the Public Key and AWS Region that You Request a Certificate In (for AWS Certificate Manager).

Then, Configure CloudFront to require HTTPS between viewers and CloudFront. If the new certificate has not updated to your distribution, you can manually update your distribution. For more information, see Viewing and Updating CloudFront Distributions. After you save the changes to your distribution configuration, CloudFront propagates the changes to all edge locations.

You can also use SSL/TLS certificates on Amazon CloudFront if you Require HTTPS for Communication Between CloudFront and Your Custom Origin or if you Require HTTPS for Communication Between CloudFront and Your Amazon S3 Origin.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2018-05-15