Where can I request the Root Certificate of the CA that issues the Public Certificate from ACM?
Problems encountered
I am running an application that only trusts the minimum necessary Root Certificate Authorities.
To verify certificates issued by ACM, where can I download the issuing certificate authority's certificates?
Solution
You can download them from the Amazon Trust Services Repository (English)
Public Certificates issued through AWS Certificate Manager are issued by an Amazon-managed certificate authority called Amazon Trust Services. If the client needs the Amazon Trust Services certificates, they can be downloaded from the Amazon Trust Services Repository
However, ACM Certificates are already trusted by most browsers, operating systems, and applications. In principle, it is therefore not necessary to install the certificate authority certificates.## Reference Articles
・AWS Certificate Manager FAQs (English)
Public ACM certificates are verified by Amazon's certificate authority (CA). Any browser, application, or OS that includes the Amazon Root CA 1, Amazon Root CA 2, Amazon Root CA 3, Amazon Root CA 4, Starfield Services Root Certificate Authority - G2 trusts ACM certificates. For more information about root CAs, visit the Amazon Trust Services Repository.
English translation
Public ACM Certificate is verified by Amazon's certificate authority (CA). Any browser, application, or operating system that includes Amazon Root CA 1, Amazon Root CA 2, Amazon Root CA 3, Amazon Root CA 4, Starfield Services Root Certificate Authority - G2 will trust ACM certificates. For more information about root CAs, please visit the Amazon Trust Services Repository
・AWS Certificate Manager public certificate characteristics and limitations (English)
ACM certificates are trusted by all major browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. Browsers display a lock icon when connected by TLS to sites using ACM certificates. Java also trusts ACM certificates.
English translation
ACM certificates are trusted by all major browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. Browsers will display a lock icon when connected via TLS to websites using ACM certificates. Additionally, Java also trusts ACM certificates
・How to Prepare for AWS's Move to Its Own Certificate Authority (English)## Related articles to AWS Certificate Manager
・AWS Certificate Manager Service Update in 2024 (Thai)
・[AWS Technical Support Note] What to do if automatic renewal of ACM certificate using DNS verification fails (Thai)
・How to handle when a newly created ACM certificate doesn't change from Pending validation status (Thai)
・Setting up Free SSL with DNS in CloudFront using ACM and Route 53 (Thai)
Original article
Please tell me where to get the root certificate of the CA that issues ACM public certificates (Japanese)
![[AWS Technical Support Note] ช่วยแนะนำวิธีเปลี่ยน Primary IP Address ของ EC2 instance ที่มีอยู่แล้วโดยไม่ต้องลบ instance ได้ไหม](https://devio2024-media.developers.io/image/upload/v1755596933/user-gen-eyecatch/zuw2fi0omyyaxmy4epsg.png)
![[AWS Technical Support Note]สรุปข้อจำกัดของโดเมน APEX และ CNAME record สำหรับ AWS Beginner](https://devio2024-media.developers.io/image/upload/v1754389928/user-gen-eyecatch/wtql9jswjda21b88hrj4.png)
![[AWS Technical Support Note]ฉันสามารถใช้ crontab บน Amazon Linux 2023 ได้หรือไม่](https://devio2024-media.developers.io/image/upload/v1753958779/user-gen-eyecatch/vajck46b5z0fsypxdtzj.png)
![[AWS Technical Support Note]อยากทราบ Outbound Rules ที่จำเป็นสำหรับ Security Group ของ VPC Endpoint](https://devio2024-media.developers.io/image/upload/v1753428673/user-gen-eyecatch/klnzugvzymsd6zphlzz4.png)