Posted On: Mar 21, 2022

AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports customizable certificate subject names. Security and public key infrastructure (PKI) administrators, builders, and developers now have greater control over the types of certificate subject names they can create using ACM Private CA. For example, it’s now possible to represent your organization’s directory structure in certificates by including multiple organizational units (OUs) in your certificate subject names. It’s also possible to create subject names representing Internet of Things (IoT) product and vendor identifiers such as those conforming to Matter, a new industry standard for secure and reliable home automation devices.

This launch also provides customers with the ability to include special purpose extensions in certificates. This includes the name constraint extension in CA certificates. Name constraints are rules for allowing or preventing subject names in certificates. For example, an organization can now create a name-constrained CA for their cloud infrastructure, separate from their on-premises CAs, and require all certificates to use the subject name “”. ACM Private CA now also supports any custom extension for end-user certificates. This includes the Qualified Certificate extension used with Qualified Web Authentication Certificates (QWAC), which are a specific EU form of website certificate.

For more information about these features, visit ACM Private CA documentation to see how to Issue a certificate with Custom Subject Names or Issue a certificate with Custom Extensions. For Java code examples, visit Java API Custom Subject Names or Java API Custom Extensions. To learn more about using ACM Private CA, visit the product page.