AWS Certificate Manager public certificates (original) (raw)

After you request a public certificate you must validate domain ownership, as described in Validate domain ownership for AWS Certificate Manager public certificates.

Public ACM certificates follow the X.509 standard and are subject to the following restrictions:

• Names: You must use DNS-compliant subject names. For more information, see Domain Names.
• Algorithm: For encryption, the certificate private key algorithm must be either 2048-bit RSA, 256-bit ECDSA, or 384-bit ECDSA.
• Expiration: Each certificate is valid for 13 months (395 days).
• Renewal: ACM attempts to renew a private certificate automatically after 11 months.

Administrators can use ACM Conditional Key Policies to control how end users issue new certificates. These Conditional keys allow restrictions to be placed on domains, validation methods, and other attributes related to a certificate request. If you encounter problems when requesting a certificate, see Troubleshoot certificate requests.

To request a certificate for a private PKI using AWS Private CA, see Request a private certificate in AWS Certificate Manager.

Set up

Characteristics and limitations

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.