​Here comes Amazon’s free digital certificate service for cloud apps

Developers with apps on Amazon Web Services (AWS) can now obtain their digital certificates directly from its own certificate authority (CA), Amazon Trust Services (ATS). And they’re free.

The new digital certificate service, AWS Certificate Manager, announced by AWS today, will offer developers free Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates straight from Amazon’s CA, ATS.

Obtaining those certificates is the first step to enabling an encrypted “HTTPS” connection between a server and client, such as a browser, which offer site visitors a little more protection from prying eyes.

Besides free certificates, AWS is promising to take the headache out of certificate provisioning, deployment and renewals. The catch is that those sites or applications must use AWS Elastic Load Balancing or its content delivery network, Amazon CloudFront.

AWS is just the latest to offer free digital certificates though its dominance in hosting apps and websites on its cloud means it’s likely to have a big impact.

Let’s Encrypt, another free digital certificate service backed by Mozilla and Facebook, offers a similar features to AWS but is available to all developers, not just those using AWS. CDN provider CloudFlare also offers free SSL certificates.

The service is likely to be attractive to developers on AWS. As Amazon notes, using its free certificates will offer developers’ apps or websites higher search rankings. Though it doesn’t mention Google specifically, the search provider now uses HTTPS as a positive signal in its search indexing.

Amazon’s FAQ for the service clarifies it currently does not offer Extended Validation certificates, which are usually the more expensive certificate due to a CA validating a site’s identity that triggers the green field behind a company’s name (as opposed to just the URL) in a browser’s address bar.

AWS also will not provide code-signing or email encryption certificates and does not provide them for anything but websites.

The ACM certificates themselves use RSA keys with a 2048-bit modulus and SHA-256, though they do not use elliptic curve digital signature algorithm (ECDSA) keys. CloudFlare’s SLL certificates by contrast does ECDSA keys, which ensures sites have Perfect Forward Secrecy — a feature that protects encrypted messages even if private SSL keys are compromised. EFF strongly urged PFS in the wake of 2014’s widespread Heartbleed bug.

Amazon’s CA plans have been in the making for some time. AWS applied to Mozilla and the Android Open Source Project to become a root CA last June.

According to Amazon, ACM will issue digital certificates once it’s validated that the applicant controls the domain names in the certificate request. That request remains in a “pending” status until the domain owner responds to an email Amazon sends to the registered domain owner for each domain.

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.

For full terms and conditions click here.

Start survey NOW!

Join the CSO newsletter!

Error: Please check your email address.

Tags amazonLiam TungDigital Certificatecertificate authority (CA)amazon cloudfrontAmazon Web Services (AWS)cloud appsmozillaCSO AustraliaFacebookencryptAmazon Trust Services (ATS)Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

More about Amazon Web ServicesAppleAWSCSOEFFFacebookGigamonGoogleMozillaRSATransportVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place