Getting Started with AWS Certificate Manager

Overview

To get started with AWS Certificate Manager (ACM), navigate to the Certificate Manager in the AWS Management Console. You can use AWS Certificate Manager to create public certificates to identify resources on the Internet or private certificates to identify resources in your organization.

Public certificates

Use the wizard to request an SSL/TLS certificate by choosing Request a public certificate and entering the name of your site. You can also request a certificate using the AWS CLI or API. During request, you can mark the public certificate as exportable if you want access to the certificate's private key.

After successful validation of your ownership or control of the domain names in your certificate request, the SSL/TLS certificate is issued. You can deploy this certificate for use with Elastic Load Balancers, Amazon CloudFront distributions, or APIs on Amazon API Gateway. You simply select the SSL/TLS certificate you want from a drop-down list in the AWS Management Console. Alternatively, you can execute a CLI command or call an AWS API to associate the certificate with an AWS resource. AWS Certificate Manager then deploys the certificate to the resource you selected.

If you have issued an exportable certificate, you can export the public certificate, get access to the private key, and use it with any workloads that require a TLS certificate. These workloads can be within AWS, such as a server running on EC2, or can be outside AWS, such as an on-premises server.

For more information about creating and using certificates provided by AWS Certificate Manager, visit the AWS Certificate Manager FAQs page or see Getting Started in the AWS Certificate Manager User Guide.

Private certificates

You can use ACM to request and manage private certificates. To get started with ACM, you can use the AWS Certificate Manager wizard to choose Request a private certificate, then select your AWS Private CA from the dropdown list. AWS Certificate Manager takes care of generating the key pair and issuing the certificate from your private CA. ACM can deploy the private certificate to the AWS resources you select, or you can export the certificate and use it on EC2 instances, containers, or with on-premises servers.

For more information about creating and using a private CA and private certificates, visit the AWS Certificate Manager User Guide.