AWS Certificate Manager Private Certificate Authority now supports root CA hierarchies

Posted on: Jun 20, 2019

Certificate authority (CA) administrators can now create a private CA hierarchy, including root and subordinate CAs. A CA hierarchy is a way to organize CAs that provides strong security and restrictive access controls for the most-trusted root CA at the top of the hierarchy, while allowing more permissive access and bulk certificate issuance for subordinate CAs lower in the trust chain. This feature expands ACM Private CA capabilities from a single level hierarchy that required you to operate your root and intermediate CAs, to an AWS-managed solution that provides a full CA hierarchy without the need to maintain external root CAs.

AWS Certificate Manager (ACM) Private CA provides you a secure and highly-available private CA service without the upfront investment and ongoing maintenance costs of operating your own private CA infrastructure. In addition to simple management, ACM Private CA provides essential security for operating a CA in accordance with your internal compliance rules and security best practices. ACM Private CA also provides APIs to automate creation and renewal of private certificates to identify EC2 instances, containers, IoT devices, and on-premises resources.

You can use ACM Private CA in 15 public AWS Regions and GovCloud (US). See the AWS Regions Table for details. 

To learn more about ACM Private CA, see AWS Certificate Manager Private Certificate Authority and the ACM Private CA User Guide.