AWS Certificate Manager (ACM)
AWS Certificate Manager (ACM)
AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
ACM makes it easier to enable SSL/TLS for a website or application on the AWS platform. ACM eliminates many of the manual processes previously associated with using and managing SSL/TLS certificates. ACM can also help you avoid downtime due to misconfigured, revoked, or expired certificates by managing renewals. You get SSL/TLS protection and easy certificate management. Enabling SSL/TLS for Internet-facing sites can help improve the search rankings for your site and help you meet regulatory compliance requirements for encrypting data in transit.
When you use ACM to manage certificates, certificate private keys are securely protected and stored using strong encryption and key management best practices. ACM lets you use the AWS Management Console, AWS CLI, or ACM APIs to centrally manage all of the SSL/TLS ACM certificates in an AWS Region. ACM is integrated with other AWS services, so you can request an SSL/TLS certificate and provision it with your Elastic Load Balancing load balancer or Amazon CloudFront distribution from the AWS Management Console, through AWS CLI commands, or with API calls.
While AWS Certificate Manager (ACM) simplifies SSL/TLS certificate management within the AWS ecosystem, it falls short in several critical areas. A major limitation is its exclusive support for AWS services, rendering it unable to fullfill all the needs for organisations operating in multi-cloud environments or with on-premises infrastructure. This narrow focus on AWS services forces businesses with more diverse IT landscapes to juggle multiple tools and services, adding unnecessary complexity and potential security risks.
Moreover, ACM’s support for only basic TLS certificates is a significant shortcoming. It does not accommodate custom certificates, such as those with specific organisational information or other non-TLS uses, limiting its usefulness for organisations with more sophisticated security needs. This lack of flexibility forces some businesses to seek alternative solutions to achieve the necessary level of security and compliance, thereby undermining the convenience ACM purports to offer.
Jellyfish provides the missing integration and offers a single pane of glass, making it easy to manage certificates from ACM, from other cloud PKI providers or certificates from a Jellyfish CA.
Jellyfish integration with AWS Certificate Manager
Jellyfish has the ability to integrate with the AWS Certificate Manager (ACM). Using this integration, Jellyfish can upload certificates to AWS, ensuring that your cloud infrastructure remains secure and compliant with minimal manual intervention using Jellyfish-issued certificates. This capability is particularly beneficial for organisations that rely heavily on AWS services, as it reduces the complexity and overhead associated with certificate management and lets you easily use certificates from a Jellyfish CA.
When issuing a certificate from Jellyfish, you have the option of uploading the certificate and private key directly to the AWS Certificate Manager. This makes your certificate immediately available to AWS services without needing to manually import it.
Issuing certificates from AWS using Jellyfish
In addition to uploading certificates, Jellyfish supports issuing certificates from an AWS Private Certificate Authority. This allows organisations that may already be using an AWS Private CA to use the Jellyfish interface to issue new certificates. When using this feature, Jellyfish will generate a CSR and then request a certificate from your AWS Private CA using a configured AWS template.
In addition to Private CA certificates, Jellyfish can also issue publicly trusted certificates from the AWS Certificate Manager that can be used in conjunction with other AWS services (such as elastic load balancers or the AWS CloudFront Content Distribution Network) to serve traffic directly to customers. Since these certificate are trusted based on the browsers’ built-in trust stores, they can be used without the need for manually deploying trust chains.
Syncing certificates between AWS and Jellyfish
Jellyfish also offers syncing capabilities, enabling certificates to be updated across both Jellyfish and AWS. This makes it easy to gain an overview of all certificates within your organisation, regardless of whether they were issued from Jellyfish or from AWS.
Certificates can be viewed, downloaded and even revoked from the Jellyfish interface, regardless of whether the certificate was originally from an AWS or from a Jellyfish certificate authority.