AWS Certificate Manager is a service that lets users provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and internal connected resources.
N/A
OpenSSL
Score 9.9 out of 10
N/A
OpenSSL is a toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
I would always recommend AWS Certificate Manager for anyone using AWS cloud services. The perfect scenario would be with your domain managed by AWS Route 53 as you can obtain auto renewal of certificates with really good security for all your public facing application that uses CloudFront, ALB or API Gateway.
I would recommend OpenSSL for just about any kind of cryptographic operations that you may need. I can't think of a particular situation where it would not be appropriate to use OpenSSL for a cryptographic function of some sort or another. If you are going to provide some sort of encryption service in a product, OpenSSL is probably the best way to get it off the ground and going. With other competitors, you may get it working, but I fear long term support and interoperability will be an issue.
AWS historically has had very confusing interfaces. But in recent times they have improved them. AWS Certificate Manager is a clear sample of this. The interface is clear and straightforward, with no useless or cryptic options. Really I can't think of a way the interface could be better with the actual options available.
Easy to implement within a few clicks, or even from command line, the alternatives doesn't integrate that easy with AWS Application Load Balancers or AWS CloudFront
LibreSSL is another option to OpenSSL, however, the sheer volume of other applications using OpenSSL and the wide support for it makes OpenSSL a compelling product.
roi is hard to measure for openssl. It's not that it doesn't provide a significant roi, but it is in the background of an application, not the foreground.