What Is Amazon Certificate Manager?

Amazon Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect your Amazon websites and applications. You can provide certificates for your integrated Amazon services either by issuing them directly with ACM or by importing third-party certificates into the ACM management system. ACM certificates can secure singular domain names, multiple specific domain names, wildcard domains, or combinations of these. ACM wildcard certificates can protect an unlimited number of subdomains. You can also export ACM certificates signed by Amazon Private CA for use anywhere in your internal PKI.

Note

ACM is not intended for use with a stand-alone webserver. If you want to set up a stand-alone secure server on an Amazon EC2 instance, the following tutorial has instructions: Configure SSL/TLS on Amazon Linux 2023.

Is ACM the right service for me?

Amazon offers two options to customers deploying managed X.509 certificates. Choose the best one for your needs.

Amazon Certificate Manager (ACM)—This service is for enterprise customers who need a secure web presence using TLS. ACM certificates are deployed through Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated Amazon services. The most common application of this kind is a secure public website with significant traffic requirements. ACM also simplifies security management by automating the renewal of expiring certificates. You are in the right place for this service.

Topics

Concepts

ACM certificate characteristics

Supported Regions

Services integrated with Amazon Certificate Manager

Site seals and trust logos

API rate quotas

Best practices

Pricing for Amazon Certificate Manager

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

ACM certificate characteristics