Getting started with Amazon Certificate Manager

To get started with Amazon Certificate Manager (ACM), navigate to the Certificate Manager in the Amazon Web Services Management Console. You can use Amazon Certificate Manager to create public certificates to identify resources on the internet or resources in your organization. 

Use the wizard to request an SSL/TLS certificate by choosing Request a public certificate and entering the name of your site. You can also request a certificate using the Amazon CLI or API. During request, you can mark the public certificate as exportable if you want access to the certificate's private key.

After successful validation of your ownership or control of the domain names in your certificate request, the SSL/TLS certificate is issued. You can deploy this certificate for use with Elastic Load Balancers, Amazon CloudFront distributions, or APIs on Amazon API Gateway. You simply select the SSL/TLS certificate you want from a drop-down list in the Amazon Web Services Management Console. Alternatively, you can execute a CLI command or call an Amazon API to associate the certificate with an Amazon Web Services resource. Amazon Certificate Manager then deploys the certificate to the resource you selected.

If you have issued an exportable certificate, you can export the public certificate, get access to the private key, and use it with any workloads that require a TLS certificate. These workloads can be within Amazon Web Services, such as a server running on EC2, or can be outside Amazon Web Services, such as an on-premises server.

For more information about creating and using certificates provided by Amazon Certificate Manager, visit the Amazon Certificate Manager FAQs page or see the Amazon Certificate Manager User Guide.