Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I pin an application that runs on AWS to a certificate issued by ACM?

1 minute read
0

I want to pin an application that runs on AWS to a certificate issued by AWS Certificate Manager (ACM).

Resolution

It's not a best practice to pin your AWS application to an SSL/TLS certificate issued by ACM. If you must pin your application to an ACM certificate, then pin your application to all available Amazon Trust Services root certificate authorities (CAs). Don't pin your application to an individual ACM certificate or intermediate CA. For more information, see Certificate pinning.

For information on how intermediate CAs issue public certificates, see Amazon introduces dynamic intermediate certificate authorities.

To pin a certificate, pin your application to all available Amazon root CAs in the Amazon Trust Services CA repository table.

Note: ACM managed renewal doesn't review imported certificates. You must manage the renewal of the certificate. For more information, see Import certificates into AWS Certificate Manager.

Related information

Certificate pinning problems

Topics
Security, Identity, & Compliance
Tags
AWS Certificate Manager
Language
English
AWS OFFICIALUpdated 7 months ago
No comments

Relevant content