Skip to main content

How to import a public SSL certificate into AWS Certificate Manager


This assumes you have already read how to configure DNS. Public certificates are typically created in the member/application account that uses them. For example, if your application runs behind an aws_lb_listener in the preproduction environment and you need to configure a certificate_arn, you will create the certificate in the preproduction account.

The domain is managed by the modernisation-platform team. All environments under this domain, such as can create their own public certificates using AWS Certificate Manager. For information on DNS naming conventions refer to DNS naming.

The following domains are managed by the operations-engineering team (#ask-operations-engineering).


To request a public certificate under either of the above domains, refer to the corresponding section below, depending on whether you’re on Linux or Windows.


Refer to Requesting a new certificate.

Once you receive the public certificate, you can then import it into your environment by following the instructions in Getting certificates ready in AWS Certificate Manager.


If you are on Windows, refer to How to import a public SSL certificate into AWS Certificate Manager on Windows

Request process

  1. Submit a request with a certificate signing request to
  2. Receive a reply from with details of validation CNAME records.
  3. Apply the validation CNAME records to the appropriate Route53 domain.
  4. Inform that the validation records have been created.
  5. will respond with the certificate.
This page was last reviewed on 21 February 2024. It needs to be reviewed again on 21 August 2024 by the page owner #modernisation-platform .
This page was set to be reviewed before 21 August 2024 by the page owner #modernisation-platform. This might mean the content is out of date.