> For the complete documentation index, see [llms.txt](https://docs.defguard.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.defguard.net/2.1/deployment-strategies/amis-and-aws-cloudformation/configuring-https-using-aws-certificate-manager.md).

# Configuring HTTPS using AWS Certificate Manager

This guide explains how to secure your Defguard deployment with HTTPS by using a public TLS certificate issued by AWS Certificate Manager (ACM). You will request a certificate for the domains used by Defguard Core and Defguard Edge, validate domain ownership via DNS, and attach the certificate to your CloudFormation stack using its ARN.

Once completed, AWS will automatically manage certificate provisioning and renewal, ensuring your Defguard instance is encrypted and trusted without manual certificate handling.

Go to AWS console and open the Certificate Manager service page.

Request a new certificate (if you don’t have one already).

<figure><img src="/files/S9ylrMONmMVEPAIL40tQ" alt=""><figcaption></figcaption></figure>

A public certificate is enough.

<figure><img src="/files/LWOYdgpW9IaGLum6gLqo" alt=""><figcaption></figcaption></figure>

Specify the domains you will want to use for your Defguard instance (for accessing Defguard Edge and Defguard Core). Those domains should be the same as those you’ll use in `ProxyUrl` and `CoreUrl`.

<figure><img src="/files/pfq86OyYs7hKSiM1xuZj" alt=""><figcaption></figcaption></figure>

Next, you will need to validate your domain ownership by adding appropriate CNAME records in your DNS provider. Use the *CNAME name* and *CNAME value* values provided in the AWS console and set them in you domain’s DNS.

After you complete this step, your certificate can be used. Copy the ARN of your certificate and paste it into the `SSLCertificateArn` parameter in the CloudFormation template.

<figure><img src="/files/2HsoPYmT4I37yqy2XUmP" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.defguard.net/2.1/deployment-strategies/amis-and-aws-cloudformation/configuring-https-using-aws-certificate-manager.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.