Posted On: Aug 16, 2021
Amazon API Gateway enables customers to authenticate clients using certificate-based mutual TLS, where digital certificates are exchanged between the client and API Gateway before a secure connection is established. Previously, only certificates issued by the qualified CA in the Amazon Certificate Manager (ACM) could be used as the server certificate when configuring mutual TLS in API Gateway. Starting today, customers can use a server certificate issued by a third-party certificate authority (CA) in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.
This feature unblocks customers who want to use an existing server certificate that is not issued by the qualified CA in the ACM. For example, some customers must use server certificates issued by a private CA to comply with their organization’s Information Security policies. These customers can now import an existing certificate into ACM and use it as the server certificate when configuring mutual TLS in API Gateway.