AWS News Blog: AWS Certificate Manager introduces exportable public SSL/TLS certificates to use anywhere

Jun 17, 2025

—

Source URL: https://aws.amazon.com/blogs/aws/aws-certificate-manager-introduces-exportable-public-ssl-tls-certificates-to-use-anywhere/
Source: AWS News Blog
Title: AWS Certificate Manager introduces exportable public SSL/TLS certificates to use anywhere

Feedly Summary: You can now use AWS Certificate Manager to issue exportable public certificates for your AWS, hybrid, or multicloud workloads that require secure TLS traffic termination.

AI Summary and Description: Yes

Summary: The announcement details the launch of exportable public SSL/TLS certificates from AWS Certificate Manager (ACM), allowing users to obtain private keys for use across various workloads, enabling enhanced flexibility and security for cloud applications. This development is highly relevant for professionals in cloud security and information security as it underscores new capabilities in managing SSL/TLS certificates securely in cloud environments.

Detailed Description: This new feature from AWS Certificate Manager (ACM) introduces significant changes to how public SSL/TLS certificates can be managed and utilized. Key highlights include:

– **Export Capability**: Organizations can now export public certificates along with their private keys from ACM, which previously required third-party certificate authorities.
– **Usage Flexibility**: Exported certificates can be applied to Amazon Elastic Compute Cloud (EC2) instances, containers, or on-premises systems, making it easier to implement secure communications across different environments.

– **Types of Usage**:
– Web hosting via Amazon EC2
– Load balancing with Elastic Load Balancing (ELB)
– Serving content via Amazon CloudFront
– API security through Amazon API Gateway

– **Key Security Considerations**:
– Administrators can implement AWS IAM policies to control who can request these exportable certificates.
– Protecting exported private keys is crucial; organizations are advised to utilize secure storage solutions and access controls.

– **Revocation Process**:
– Exported certificates can be revoked, but it’s a permanent action. Once revoked, certificates cannot be reused, highlighting the importance of governance in certificate lifecycle management.

– **Automation in Renewals**:
– Automatic renewal using Amazon EventBridge can be employed to streamline certificate management, ensuring that organizations maintain secure communications without manual intervention.

– **Cost Structure**:
– There are associated charges for issuing exportable public certificates ($15 per domain) and these charges apply at issuance and renewal.

By allowing the export of public SSL/TLS certificates, AWS enhances the flexibility and security posture of cloud-based infrastructures, which is a critical consideration for professionals tasked with maintaining robust security measures in compliance with industry standards and organizational policies. This capability reflects an increasing trend toward improved control and management of cryptographic assets in cloud environments, highlighting its significance for IT security professionals.

1 2 5 a access access control access controls Act administrators ads AGI AI Amazon Amazon API Gateway Amazon Cloud Amazon CloudFront Amazon EC2 Amazon EventBridge and API API Security app Application applications art as assets Auto automation AWS based based infrastructure Bi by C C2 capabilities capability certificate certificate authorities Certificate Lifecycle Management certificate management Certificate Manager certificates CI CIA Cloud cloud applications cloud environment cloud environments cloud security cloud workload cloud workloads cloud-based cloud-based infrastructure CloudFront co communication compliance compute container containers content control controls core cost Cost Structure critical cross Crypto cryptographic D de development domain e Elastic Compute Cloud Elastic Load Balancing end environment EU event EventBridge exp export feature flexibility for front g Gateway Go governance graph gs H high Highlight hosting HR http HTTPS hybrid IAM IAM policies iCloud in industry industry standards information information security infrastructure infrastructures Instance inter io Iron issue k Key keys l led Li life lifecycle management load balancing logs long low M making man management measures mini ML multi multicloud N nation new news NIST no o of on OPM organization organizational policies organizations oS out over party phi policies post pre premises private key Private Keys process professionals ps public Q R rag RCE red reuse revocation revocation process Ro robust security RoT s sec secure secure communication secure communications secure storage security security considerations security measure security measures security posture security professionals side Sig SoC solutions source SSE SSL SSL/TLS certificates SSO standards storage storage solutions structures system systems T Tails Task ted the third third-party TLS to Tor TP traffic type UI under US usage use user Users uth V web web hosting Wi workload workloads x