If we are using AWS services like Elastic Load Balancers, Cloudfront or any other Popular services and we are in need of securing the communication between the AWS services and the end users, we need SSL certificate implementation for the service we use at AWS premise. Here comes the question on ” How we can Purchase and Use SSL certificate with Amazon Cloud Services”. So in this blog post we will discuss about it and use the AWS Certificate Manager ( ACM) for implementation.
What is AWS Certificate Manager ?
Like other AWS services, the AWS Certificate Manager also known as ACM is an AWS service used to Provision, Manage and Deploy public and private SSL/TLS certificates. These SSL/TLS certificates are used to for securing the internal communication between AWS services and for websites communication over internet.
Benefits of ACM
- The Public certificates provisioned through AWS Certificate Manager for use with ACM-integrated services like Elastic Load Balancing or Cloudfront are FREE. We pay only for the AWS resources we created to run our application.
- The ACM has the option for renewal process for the certificates so we don’t have to worry about expiring certificates.
- Easy to Use, like using AWS ACM, we don’t have to generate CSR certificates that we need to submit to Certificate Authority for SSL. ACM take care all that.
Disadvantages of ACM
- The SSL purchased with ACM can only be used to other AWS services where the integration available. We can’t use these SSL for external server applications.
- Only domain validated certificates are available. Extended validation certificates are not available
- The certificates cannot be used for code signing or email encryption.
That’s the Broad idea about ACM. Now lets follow below step by step Procedure.
How to Purchase SSL Through ACM
1. Log into the AWS console and search for “ACM” and open it.
2. Click “Request a Certificate” option
3. Choose “Request a public certificate” and click on ” Request Certificate”
4. In the add domain fields, enter our domain names with and without www. Click Next
5. Choose either of “DNS validation” or “Email validation” method. In our case we used “DNS validation” which is more convenient to use. Click Next
6. Add tags as you wish, like for which purpose we use these SSL.
7. Review it and Click on “Confirm and Request”
8. Now if we are using AWS route 53 for DNS management, we can simply click on “Create DNS record in Route53” for adding the CNAME validation record shows up. The records will create it by ACM itself. Other wise, we need to manually create those CNAME records at our External DNS record section.
9. After the DNS records are created and its available globally. Click on “Continue”
10. Now we will see the ACM is trying to issue SSL for the domains and initially we can see the ACM SSL status as “pending Validation”
11. Wait for it. Normally with in 30 Min, we can see the ACM SSL status changed to “issued”
12. At this point we are ready to use these certificates.
How to import SSL certificate in AWS Certificate Manager
Now there are some cases, we already have SSL certificate purchased with other SSL vendors, in such cases, we can import those SSL certificates into ACM manager. For doing that go the ACM manager console and click “Import certificate” button instead of “Request a Certificate”
Copy/Paste the SSL Certificate, Private key and the Chain in PEM format into the respective fields. Click next >> Review and import.
One important thing we need to remember is, try to provision the SSL certificates in the same region as our other AWS services are. This concludes the SSL purchase through AWS certificate Manager. Leave your thoughts at the comment box.