Amazon Certificate Manager public certificates - Amazon Certificate Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Certificate Manager public certificates

After you request a public certificate you must validate domain ownership, as described in Validate domain ownership for Amazon Certificate Manager public certificates.

Public ACM certificates follow the X.509 standard and are subject to the following restrictions:

  • Names: You must use DNS-compliant subject names. For more information, see Domain Names.

  • Algorithm: For encryption, the certificate private key algorithm must be either 2048-bit RSA, 256-bit ECDSA, or 384-bit ECDSA.

  • Expiration: Each certificate is valid for 13 months (395 days).

  • Renewal: ACM attempts to renew a private certificate automatically after 11 months.

Administrators can use ACM Conditional Key Policies to control how end users issue new certificates. These Conditional keys allow restrictions to be placed on domains, validation methods, and other attributes related to a certificate request. If you encounter problems when requesting a certificate, see Troubleshoot certificate requests.

To request a certificate for a private PKI using Amazon Private CA, see Request a private certificate in Amazon Certificate Manager.