Hello Stack Overflow community,
I've recently started using AWS Transfer Family with AS2, which is a new feature. According to the documentation, when sending AS2 messages or asynchronous MDNs to a trading partner's HTTPS endpoint, I must use a valid SSL certificate signed by a certificate authority (CA) that's trusted by AWS Transfer Family. Self-signed certificates are not supported. The list of trusted CAs can be found at https://www.amazontrust.com/repository/.
I am not sure which certificate to get and how to obtain it. Can someone guide me through the process of choosing the right SSL certificate and obtaining it from a trusted CA for AWS Transfer Family with AS2 HTTPS endpoints?
Thank you in advance!
You can obtain an SSL certificate through Amazon Certificate Manager (ACM) or a third-party Certificate Authority such as Sectigo, Thawte, etc. The main thing to decide is whether you need a domain validation certificate (issued quickly and no paperwork required) or an Organization Validation SSL to prove your legal identity to the trading partners. The second option is not available with ACM.
In the case of third-party CAs, you buy a certificate by generating a Certificate Signing Request (CSR) on the vendor's page via an external CSR generator or directly on your server. The CSR contains contact data about your domain and company. After the CA validates your details, it signs and sends the certificate files in a ZIP archive to your email. You need to extract the files and import them to AWS.