Posted On: Oct 2, 2019

AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports additional templates that allow CA administrators and PKI operators a way to control and specify X.509 certificate extensions for the certificates they issue with ACM Private CA. 

CA administrators now have the flexibility to issue additional certificate types, including certificates for signing code and OCSP responses, and client-only or server-only TLS certificates. The new templates allow CA administrators to maintain control of the most commonly used and most important X.509 certificate extensions, including key usage, extended key usage, and basic constraints, while allowing users to customize certificates with additional extensions when necessary. 

ACM Private CA is a managed private CA service that helps you easily and securely manage the lifecycle of your private certificates. ACM Private CA provides you a highly-available private CA service without the upfront investment and ongoing maintenance costs of operating your own private CA. ACM Private CA extends ACM’s certificate management capabilities to private certificates, enabling you to manage public and private certificates centrally. 

For a list of regions where ACM Private CA is available, see the AWS Regions and Endpoints table.

To learn more about ACM Private CA, see AWS Certificate Manager Private Certificate Authority and the ACM Private CA User Guide.