Maintained with ☕️ by
IcePanel logo

Amazon API Gateway now supports mutual TLS with certificates from third-party CAs and ACM Private CA

Share

Services

Amazon API Gateway enables customers to authenticate clients using certificate-based mutual TLS, where digital certificates are exchanged between the client and API Gateway before a secure connection is established. Previously, only certificates issued by AWS Certificate Manager (ACM) could be used as the server certificate when configuring mutual TLS in API Gateway. Starting today, customers can use a server certificate issued by a third-party certificate authority (CA) or ACM Private CA. This feature unblocks customers who want to use an existing server certificate that is not issued by ACM. For example, some customers must use server certificates issued by a private CA to comply with their organization’s Information Security policies. These customers can now import an existing certificate into ACM and use it as the server certificate when configuring mutual TLS in API Gateway. API Gateway’s support for the feature is generally available in all regions where API Gateway is available. To see where API Gateway is available, review the [AWS region table](/about-aws/global-infrastructure/regional-product-services/). To learn more about mutual TLS in API Gateway, please see our [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mutual-tls.html). To learn more about API Gateway, visit our [product page](/api-gateway/).