/>
X

Amazon makes it easier to encrypt sites and services on AWS with free SSL certificates

Amazon is giving away digital certificates to developers, so long as they're using AWS cloud resources.
liam-tung.jpg
Written by Liam Tung, Contributor on
certinfoawssite1.png

Amazon has launched its own certificate authority, Amazon Trust Services.

Image: Amazon

Amazon is now a certificate authority, or CA, and has launched a new service that issues digital certificates for free to developers.

With its new CA, Amazon Trust Services (ATS), the company has now entered the digital-certificate business, a field currently dominated by Symantec and GoDaddy.

On top of that, its AWS Certificate Manager, or ACM, enables AWS developers to provision and manage Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.

Clicking on the padlock symbol in the browser bar of an HTTPS website with a certificate from Amazon will now display that the user is on a secured connection 'Verified by: Amazon'.

For now, there are a number limitations to the service. For example, ACM's availability is currently restricted to the US East North Virginia region, and certificates acquired from each region are unusable in other regions. More regions are in the works, according to Amazon spokesman Jeff Barr.

The move by Amazon follows a beta launch in December of the Mozilla-backed Let's Encrypt free digital-certificate service, which aims to make it easier for website operators to enable HTTPS. Content delivery network (CDN) CloudFlare also offers free certificates for its users.

Amazon points out that one reason why developers would want to use an SSL certificate is that it should improve their site's search rankings. Google, for example, uses HTTPS as a signal in its search algorithm.

ACM will also help developers handle issues such as misconfigured, revoked or expired certificates. Given that developers can get free digital certificates, the cost of certificate management is likely to hold greater appeal than the certificate's price. It should also offer a benefit to businesses in regulated industries that may be required to encrypt sessions.

However, unlike Let's Encrypt, Amazon's free certificates are for customers that use its Elastic Load Balancers and its CDN Amazon CloudFront.

Amazon also notes in an FAQ that ACM certificates use RSA keys with a 2,048-bit modulus and SHA-256. But they do not support Perfect Forward Secrecy, which would prevent 'retrospective decryption' if, say, the NSA forced AWS to turn over a private SSL key in the future.

Also, for now, AWS is also not offering Extended Validation certificates, which are usually more expensive and trigger the green bar displaying a company's name.

Amazon's CA has been in the work for some time. The company filed applications with Mozilla and the Android Open Source Project to be recognised as a root CA last June.

More on Amazon

Related

How to stop spam messages on your iPhone with this almost-secret hidden switch
messages.jpg

How to stop spam messages on your iPhone with this almost-secret hidden switch

Security
The 5 best tiny houses of 2022: Modern tiny homes
Placeholder product image alt text

The 5 best tiny houses of 2022: Modern tiny homes

Home & Office
This hidden iPhone feature makes you sound better on calls
Control Center icon in macOS

This hidden iPhone feature makes you sound better on calls

iPhone