# Create an ACM certificate Create an ACM certificate By default, RES hosts the web portal under an application load balancer using the domain amazonaws.com. To use your own domain, you will need to configure a public SSL/TLS certificate provided by you or requested from AWS Certificate Manager (ACM). If you use ACM, you will receive an AWS resource name you will need to provide as a parameter to encrypt the SSL/TLS channel between the client and web services host. **Tip** If you are deploying the external resources demo package, you will need to enter your chosen domain in `PortalDomainName` when deploying the external resources stack in [Create external resources](create-external-resources.md). **To create a certificate for custom domains:** 1. From the console, open [AWS Certificate Manager](https://console.aws.amazon.com/acm/home#/certificates/request) to request a public certificate. If you are deploying in a GovCloud Region, create the certificate in your GovCloud partition account. 1. Choose **Request a public certificate**, and choose **Next**. 1. Under **Domain names**, request a certificate for both `*.PortalDomainName` and `PortalDomainName`. 1. Under **Validation method**, choose **DNS validation**. 1. Choose **Request**. 1. From the **Certificates** list, open your requested certificates. Each certificate will have **Pending validation** as the status. **Note** If you do not see your certificates, refresh the list. 1. Do one of the following: + **Commercial deployment:** From the **Certificate details** for each requested certificate, choose **Create records in RouteĀ 53**. The status of the certificate should change to **Issued**. + **GovCloud deployment:** If you are deploying in a GovCloud region, copy the CNAME key and value. From the commercial partition account, use the values to create a new record in the Public Hosted Zone. The status of the certificate should change to **Issued**. 1. Copy the new certificate ARN to input as the parameter for `ACMCertificateARNforWebApp`.