Certificate pinning problems - AWS Certificate Manager (original) (raw)

To renew a certificate, ACM generates a new public-private key pair. If your application uses Certificate pinning, sometimes known as SSL pinning, to pin an ACM certificate, the application might not be able to connect to your domain after AWS renews the certificate. For this reason, we recommend that you don't pin an ACM certificate. If your application must pin a certificate, you can do the following:

• Import your own certificate into ACM and then pin your application to the imported certificate. ACM doesn't provide managed renewal for imported certificates.
• If you're using a public certificate, pin your application to all available Amazon root certificates. If you're using a private certificate, pin your application to the CA's root certificate.

Certificate import

API Gateway

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.