Amazon Web Services announced on the 21st January 2016 that it is launching a new SSL Certificate Manager AWS Certificate Manager. The aim is to make it easier for customers to manage their SSL Certificate efficiently and easily, as well as to automate the related tasks required for its upkeep. The SSL Certificate and this service are free for Amazon Web Services users.
The AWS Certificate Manager will take care of the deployment, provisioning, and renewal of SSL certificates. The SSL certificate will be verified by Amazon’s certification board, called Amazon Trust Services. After requesting a certificate, it can easily be deployed to any AWS platform, including Elastic Load Balancers and Cloudfront.
Here is a list of the key features advertised by Amazon Web Services:
- Protect and Secure Your Website – The system of SSL Certification is a standard industry protocol for encrypting networking communications, and also establishing the identity of different websites. Having an SSL establishes your site’s identity, and also the secure connections between applications, browsers, and your website. AWS provides an easy way to manage all these aspects of having SSL.
- Get Certificates Quickly and Easily – AWS removes much of the time-consuming and error-prone stages of getting an SSL or TLS Certificate for your website or application. There is no need to make your own request for certificate signing, or submit it to a Certificate Authority. Now AWS have made themselves a Certificate Authority, you can bypass this step; once your Certificate is approved by AWS, they then help you set it up.
- Free – The AWS Certificate Manager makes sure that you don’t have to pay for your SSL Certification. The only thing you pay for with AWS is the resources that you create in order to run your application; this might be, for example, Elastic Load Balancers or Amazon CloudFront distributions.
- Managed Certificate Renewal – AWS Certificate Manager manages the renewal processes of all your SSL Certificates, and it deploys renewed certificates to your AWS resources, avoiding errors which that manual processes can introduce. This means you don’t have to find additional software agents or other client software for your server, in order to avoid any additional costs or overheads.
- Secure Key Management – The AWS Certificate Manager is specifically designed to protect and to manage the private keys used with SSL certificates. Strong encryption and the key management best practices are used when protecting storing your private keys.
- Centrally Manage Certificates on the AWS Cloud – This makes it easy to centrally manage all AWS Certificates from the AWS Certificate Manager, and you can do this from the AWS Management Console, AWS CLI or AWS Certificate Manager APIs. You can also audit the use of each individual certificate by reviewing your Amazon CloudTrail logs.
- Integrated with Other AWS Cloud Services – AWS Certificate Manager is now integrated with other AWS services, so you can provision an SSL or TLS certificate and deploy it with your Elastic Load Balancer or Amazon CloudFront distribution. In order to deploy a certificate with a load balancer or CloudFront distribution, you can simply select the certificate you want from a drop-down list. The AWS Certificate Manager will then deploy the certificate to the selected resource for you.
Interestingly, Amazon only became a provider of SSL Certification in 2015, when they applied to Mozilla and the Android Open Source Project to become a root Certificate Authority, which is also known as a CA. This saw Amazon becoming able to sell SSL Certificate normally trusted by common web browsers and operating systems: the SSL Certificate is a mark of security, used to encrypt websites such as banking or e-commerce ones containing sensitive data.
This was a natural progression for Amazon, after building up the web hosting service of Amazon web Services. Yet, Amazon entered a fairly competitive and crowded market when it began selling SSL Certificates: providers like Comodo, Symantec, GlobalDesign and GoDaddy are all selling SSL Certification.
Provisioning and Deploying the SSL Certificate
It’s fairly simple to get an SSL Certificate from AWS, but you first have to have a hosting account with Amazon Web Services. Then, you start by opening up the AWS Certificate Manager Console and clicking the button which says “Get Started”. Then, just enter the domain name which you want to get an SSL Certificate for.
Then you just need to review your request and confirm your client, like you can see below:
Then simply go to your email inbox, where there will be an email (one email per domain name) from Amazon (certificates.amazon.com) and click on the option which says “Amazon Certificate Approval”. Then, follow the link to the Amazon website and reconfirm the SSL Certificate there.
Then, you are basically complete: your SSL Certificate should now show up on the AWS Certificate Manager console, which looks like the one in the picture below:
The AWS Certificate Manager shows an interesting development from a web hosting service: offering free SSL. However, it is currently only available in the US East (Northern Virginia) region, and has not yet been rolled out globally. Amazon also say they are planning to add support for other AWS services and also fro types of domain validation. This shows AWS expanding its role in the market of web hosting, and recognizing how important SSL Certification is to its users and potential users.