AWS Security Blog
Tag: ACM
How to configure and verify ACM certificates with trust stores
In this post, we show how to configure customer trust stores to work with public certificates issued through AWS Certificate Manager (ACM). Organizations can encounter challenges when configuring trust stores for ACM certificates and incorrect trust store configuration can lead to SSL/TLS errors and application downtime. While most modern web browsers and operating systems trust […]
Establishing a European trust service provider for the AWS European Sovereign Cloud
August 4, 2025: We updated this post to include EU resident citizenship requirements for AWS European Sovereign Cloud employees operating the cloud. Last month, we announced new sovereign controls and governance structure for the AWS European Sovereign Cloud. The AWS European Sovereign Cloud is a new, independent cloud for Europe, designed to help customers meet […]
ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager
Amazon Web Services (AWS) is excited to announce that the latest hybrid post-quantum key agreement standards for TLS have been deployed to three AWS services. Today, AWS Key Management Service (AWS KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager endpoints now support Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) for hybrid post-quantum key agreement in non-FIPS endpoints […]
Options for AWS customers who use Entrust-issued certificates
Multiple popular browsers have announced that they will no longer trust public certificates issued by Entrust later this year. Certificates that are issued by Entrust on dates up to and including November 11, 2024 will continue to be trusted until they expire, according to current information from browser makers. Certificates issued by Entrust after that date […]
ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024
February 25, 2025: The FAQ in this post was updated to indicate that AWS services also use certificates from ACM, and users relying on the certificate chain used by such services could be impacted. October 18, 2024: We’ve updated the rollout timeline, description for certificate pinning, and FAQ to reflect the latest third-party platforms that […]
AWS Certificate Manager will discontinue WHOIS lookup for email-validated certificates
AWS Certificate Manager (ACM) is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Amazon Web Services (AWS) and your internal connected resources. Today, we’re announcing that ACM will be discontinuing the use of WHOIS lookup for validating domain ownership when you request email-validated […]
How to manage certificate lifecycles using ACM event-driven workflows
With AWS Certificate Manager (ACM), you can simplify certificate lifecycle management by using event-driven workflows to notify or take action on expiring TLS certificates in your organization. Using ACM, you can provision, manage, and deploy public and private TLS certificates for use with integrated AWS services like Amazon CloudFront and Elastic Load Balancing (ELB), as well […]
Top 2022 AWS data protection service and cryptography tool launches
February 28, 2023: We updated this blog to include AWS Wickr. Given the pace of Amazon Web Services (AWS) innovation, it can be challenging to stay up to date on the latest AWS service and feature launches. AWS provides services and tools to help you protect your data, accounts, and workloads from unauthorized access. AWS […]
How to evaluate and use ECDSA certificates in AWS Certificate Manager
AWS Certificate Manager (ACM) is a managed service that enables you to provision, manage, and deploy public and private SSL/TLS certificates that you can use to securely encrypt network traffic. You can now use ACM to request Elliptic Curve Digital Signature Algorithm (ECDSA) certificates and associate the certificates with AWS services like Application Load Balancer (ALB) […]
Amazon introduces dynamic intermediate certificate authorities
February 27, 2023: We’ve updated question and answer #3 on this blog post. October 7, 2022: This blog post has been updated to include a Frequently Asked Questions section at the end. September 30, 2022: This blog post has been updated to include the addition of the CN=Starfield Services Root Certificate Authority – G2,O=Starfield Technologies\, […]







