Issuing and Managing Certificates - AWS Certificate Manager

Issuing and Managing Certificates

ACM certificates can be used to establish secure communications across the internet or within an internal network. You can request a publicly trusted certificate directly from ACM (an "ACM certificate") or import a publicly trusted certificate issued by a third party. Self-signed certificates are also supported. To provision you organization's internal PKI, you can issue ACM certificates signed by a private certificate authority (CA) created and managed by ACM Private CA. The CA may either reside in your account or be shared with you by a different account.

Note

Public ACM certificates can be installed on Amazon EC2 instances that are connected to a Nitro Enclave, but not to other Amazon EC2 instances. For information about setting up a stand-alone web server on an Amazon EC2 instance not connected to a Nitro Enclave, see Tutorial: Install a LAMP web server on Amazon Linux 2 or Tutorial: Install a LAMP web server with the Amazon Linux AMI.

Note

Because certificates signed by a private CA are not trusted by default, administrators must install them in client trust stores.

To begin issuing certificates, sign into the AWS Management Console and open the ACM console at https://console.aws.amazon.com/acm/home. If the introductory page appears, choose Get Started. Otherwise, choose Certificate Manager or Private CAs in the left navigation pane.