What is AWS SSL Certificate Manager ? FAQ.

by Nov 25, 2016

AWS-Free-SSL-Certificate-Manager SSL certificates are critical to websites. Buying them and managing their renewals has been a mundane but critical task.

Many times certificate renewal is missed leading to impact on the website traffic and the business.

AWS Certificate manager removes the hassles of buying and managing SSL certificates.

The below 5 points help you get a quick grip on AWS Certificate Manager.

1.How much does the SSL certificate cost ?
The certificates are free. Yes , you don’nt pay anything. Before you get too excited read the below points.

2.How do I use the certifcate ?
You can use the certificates for securing websites or applications delivered using AWS Elastic Load Balancer (ELB) or AWS CloudFront (CDN).

When you create(or edit) a cloudfront distribution you will see the certificate created by you in certificate manager available for use .Similarly you can apply the certificate on ELB for your website delivered using the elastic load balancer.

3.SSL Certificate Availability
Certificate manager was initially available for use in the AWS N.Virginia Region only. It has been rolled out to other regions now. Do check out the availability for your region before planning to use it.

4.Can I use the SSL certificate for servers outside AWS cloud ?
No. AWS SSL certificates cannot be used outside of AWS cloud.

5.How do I obtain the certificates ?
You need to be the owner of the domain (e.g www.example.com) or authorised for getting ssl certificates for the domain. The validation process is same as with any other SSL certificate provider(e.g Symantec).

AWS will send a validation mail to generic id’s admin at yourdomain.com , administrator at yourdomain.com, hostmaster at yourdomain.com , postmaster at yourdomain.com, webmaster at yourdomain.com. Yourdomain.com is the domain for which you are requesting the certificate.

AWS also sends a mail to the id of the domain registrant. Domain registrant is the id given when you first registered yourdomain.com with the provider(e.g Godaddy.com). This is the same id that is listed when you do WHOIS (http://whois.domaintools.com/) for the domain. You can verify your domain at this link and check if you have access to the email id mentioned there. If not you should have access to one of the generic id’s mentioned above.

Once you submit the request , you receive the validation mail almost immediately. The mail will be received on all of the above email id’s. Click on the approval link in the email.

That’s it. You are done. Your certificate is now ready in AWS Console under Certificate manager for use.

6.Iam not using AWS ELB or CDN. How can I use the certificate ?
Unfortunately you cannot use the certificates for websites that are not delivered using ELB or CDN. For e.g you cannot use the certificate for website delivered directly from a standalone AWS EC2 instance. Also you cannot use the certificate outside of AWS cloud.

7.What is the validity of the certificate and how to renew it ?
The certificate is valid for one year from the creation date. Post that AWS renews it automatically.

Have more questions ? Reach us. Contact(at)clozon.com or using the form on this page.

Connect with Saif @ https://in.linkedin.com/in/syedsaif