Creating SSL Certificates using AWS Certificate Manager (ACM)
Dealing with the intricacies of SSL/TLS certificates can be quite a hassle. Thankfully, AWS offers a hassle-free solution in the form of AWS Certificate Manager (ACM). ACM is a robust service designed to simplify the process of provisioning, managing, and deploying both public and private SSL/TLS certificates. These certificates are not only used with various AWS services but also for securing your internal resources.
When it comes to certificate provisioning, ACM provides you with two convenient options. You can opt for the ‘Provision certificates’ feature, a free service that allows you to either provision your own certificate or request one directly from AWS for use with ACM-Integrated Services.
In this post, we’ll guide you through the generation of a certificate for ‘sundaydevops.com’ using the ‘request a certificate’ option within ACM.”
Generating Your SSL Certificate: Creating an SSL certificate through AWS ACM is a straightforward process. Here’s a step-by-step guide:
- Log into AWS Management Console: To begin, access the AWS Management Console securely.
- Access Certificate Manager: Navigate to ‘Certificate Manager’ under the ‘Security, Identity, & Compliance’ section. You can also use the search feature by typing ‘certificate manager’ to quickly locate the service.
Request a certificate
After being sure that Request a public certificate option is selected, you can click Request a certificate and select “request a public certificate”, and click on Next.
Adding Domain Names:
Now, it’s time to specify the fully qualified domain name (FQDN) of the website you intend to secure with the SSL/TLS certificate. AWS ACM also supports the request of wildcard certificates, which you can include in the domain name. Here’s how to do it:
- Enter Domain Name: In the provided field, input the complete domain name of your website. This could be something like ‘www.yourwebsite.com' for a specific subdomain or ‘yourwebsite.com’ for the root domain. in our case i will be my domain “sundaydevops.com”
- Consider Wildcard Certificates: If needed, you can request a wildcard certificate by including an asterisk (*) as a placeholder. For instance, ‘*.yourwebsite.com’ would secure all subdomains under ‘yourwebsite.com.’ And in our case i will be using “*.sundaydevops.com”
By following these steps, you can ensure that your SSL/TLS certificate covers the necessary domains and subdomains, providing comprehensive security for your web presence.
Choosing Your Validation Method:
The next crucial step in this process is selecting the validation method that proves ownership of your domain. AWS ACM offers two options for this purpose: DNS validation and Email validation.
In my case, I have the necessary permissions to make DNS configuration changes, which is why I’ve opted for DNS validation. This method allows for a seamless and automated verification process, ensuring a smooth journey towards securing your SSL/TLS certificate.
For the key algorithm i will choose RSA 2048, RSA is the most widely used key type. You can add tags if you want but i will not be adding tags.
Review and Request:
Now, it’s time to review your selections, including the domain name, chosen validation method, and any tags you’ve applied. This quick review ensures everything is on track before advancing to the next certificate provisioning steps. If after everything it looks great and okay, then click on “request”.
Validation Process:
AWS ACM will initiate the certificate request process, placing it in a ‘Pending Validation’ state. To proceed with validation, follow these steps:
- Route 53 Hosted Zones: If your domain is hosted within AWS Route 53, ACM will automatically create the required DNS records for validation. Since your domains are hosted on Route 53, simply click ‘Create record in Route 53’ to proceed.
- Manual Validation: For domains hosted outside Route 53, manual action is required. You must create a CNAME record within your domain’s DNS configuration for each entered domain. Failure to complete this step will prevent ACM from issuing your certificate. Once you’ve created the necessary DNS records, click ‘Continue’ to move forward in the certificate issuance process.
Creating a Record in Route 53:
After clicking ‘Create,’ you’ll receive a confirmation message indicating that the DNS record has been successfully written to your AWS Route 53 hosted zone. This message signifies the completion of the DNS record creation process, ensuring that your certificate validation is on the right track.
Creation of Certificate in ACM
After creating records you should be seeing that your validation status becomes Issued and validation status is Success.
After successfully obtaining your issued certificate, you can seamlessly link it with a wide range of AWS Services. These include Elastic Load Balancing, Amazon Cloud Front, AWS Elastic Beanstalk, Amazon API Gateway, AWS Cloud Formation, and AWS Cognito.
This versatility allows you to fortify the security of your web applications and services across multiple AWS offerings using your SSL/TLS certificate.
Conclusion:
In this tutorial, we’ve covered the simple process of creating SSL/TLS certificates with AWS Certificate Manager (ACM). Now, you’re ready to secure your web services.
Best Regards,
Sunday.
Thank You and Stay Tuned: Thanks for joining me. Look forward to more tutorials coming soon!
Also you can connect with me on LinkedIn