What is the best certificate service for my needs? - AWS Private Certificate Authority

What is the best certificate service for my needs?

There are two AWS services for issuing and deploying X.509 certificates. Choose the one that best fits your needs. Considerations include whether you need public- or private-facing certificates, customized certificates, certificates you want to deploy into other AWS services, or automated certificate management and renewal.

  1. AWS Private CA—This service is for enterprise customers building a public key infrastructure (PKI) inside the AWS cloud and intended for private use within an organization. With AWS Private CA, you can create your own CA hierarchy and issue certificates with it for authenticating internal users, computers, applications, services, servers, and other devices, and for signing computer code. Certificates issued by a private CA are trusted only within your organization, not on the internet.

    After creating a private CA, you have the ability to issue certificates directly (that is, without obtaining validation from a third-party CA) and to customize them to meet your organization's internal needs. For example, you may want to:

    • Create certificates with any subject name.

    • Create certificates with any expiration date.

    • Use any supported private key algorithm and key length.

    • Use any supported signing algorithm.

    • Control certificate issuance using templates.

    You are in the right place for this service. To get started, sign into the https://console.aws.amazon.com/acm-pca/ console.

  2. AWS Certificate Manager (ACM)—This service manages certificates for enterprise customers who need a publicly trusted secure web presence using TLS. You can deploy ACM certificates into AWS Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated services. The most common application of this kind is a secure public website with significant traffic requirements.

    With this service, you can use public certificates provided by ACM (ACM certificates) or certificates that you import into ACM. If you use AWS Private CA to create a CA, ACM can manage certificate issuance from that private CA and automate certificate renewals.

    For more information, see the AWS Certificate Manager User Guide.