Use the wizard to request an SSL/TLS certificate by choosing Request a public certificate and entering the name of your site. You can also request a certificate using the AWS CLI or API. During request, you can mark the public certificate as exportable if you want access to the certificate's private key.
After successful validation of your ownership or control of the domain names in your certificate request, the SSL/TLS certificate is issued. You can deploy this certificate for use with Elastic Load Balancers, Amazon CloudFront distributions, or APIs on Amazon API Gateway. You simply select the SSL/TLS certificate you want from a drop-down list in the AWS Management Console. Alternatively, you can execute a CLI command or call an AWS API to associate the certificate with an AWS resource. AWS Certificate Manager then deploys the certificate to the resource you selected.
If you have issued an exportable certificate, you can export the public certificate, get access to the private key, and use it with any workloads that require a TLS certificate. These workloads can be within AWS, such as a server running on EC2, or can be outside AWS, such as an on-premises server.
For more information about creating and using certificates provided by AWS Certificate Manager, visit the AWS Certificate Manager FAQs page or see the AWS Certificate Manager User Guide.