TLS (transport layer security), and SSL (secure sockets layers) certificates have been expensive for a long time in the IT world. I remember paying almost $1,000 for an SSL certificate around the turn of this new millennium. The certificate was valid for one year.
Although things have improved, certificates can still be quite expensive. I needed an SSL certificate to protect a project I was working on earlier in the year. After a little bit of research, I was able to find a certificate for around $100.
While this is not a lot of money for large companies, it is a significant amount of money for smaller businesses that need to make every dollar of IT spending worthwhile. Amazon Web Services (AWS), makes SSL and TLS certificates free of charge.
AWS Certificate Manager Pricing Page states that SSL/TLS certificates provided through AWS Certificate Manager can be obtained for free. Only pay for the AWS resources that you use to run your application.
Log in to AWS console and select the Certificate Manager option from the AWS services list. The Certificate Manager option can be found in the Security, Identity, and Compliance section. After selecting this option, you will be taken directly to the AWS Certificate Manager screen. Figure 1. To request a certificate, click on the Get Started button.
[Click on the image to see a larger version.] Figure 1: Click the Get Started button and begin the process of requesting your certificate. If you have ever requested certificates from commercial certificate authorities, you will know that there is usually a process you must go through to prove you own the domain you are asking for. AWS works in a similar way, so you can only request certificates for domains you own or manage.
The AWS console will open the Request a Certificate wizard. Figure 2 shows the results. This figure shows that the wizard’s initial screen prompts users to enter the domain name to which the certificate is to be attached.
[Click on the image to see a larger view.] Figure 2: Enter the fully qualified name of the resource you wish to protect. It is important that you do not create a wildcard certificate. You will need to enter the fully qualified domain for the resource you wish to protect with the certificate. I have a domain called brienposey.com. I might use mail.brienposey.com to enter the domain name fully qualified if I needed an SSL certificate for my mail server.
Figure 2 shows that you can add another name to your certificate. This button can be used to assign all the names required to a Subject Alternate Name (or SAN) certificate.
Another option is to create wildcard certificates. You can protect all resources within a domain with a single certificate using wildcard certificates. Simply enter your domain name followed by an asterisk to create a wildcard certification. Unless you have compelling reasons to use wildcard certificates, it is best to avoid them. Wildcard certificates can be convenient but they pose security risks.
Once you have entered your domain name, click the Review and request button. This will take you to Figure 3. This screen will take you to Figure 3.
[Click on the image to see a larger version] Figure 3: Take a moment and check the spelling of
