Posted On: Jan 25, 2024

AWS Private Certificate Authority (AWS Private CA) now supports revocation for Matter certificates. Matter is an industry standard for smart home devices that provides seamless and secure cross-vendor connectivity for devices like light bulbs, door locks, and media devices. You can use AWS Private CA to issue digital certificates for identifying Matter devices. Matter 1.2 introduced revocation support for device attestation certificates (DACs) to improve the security of the smart home standard. With this new support for revocation from AWS Private CA, you can maintain Matter standard compliance without any disruption to your existing Matter certificate authorities (CAs).

AWS Private CA is a highly available, managed private CA service. You can use the AWS Private CA API, CLI or AWS CloudFormation to enable certificate revocation list (CRL) based revocation and configure your CA to omit the CRL distribution point (CDP) extension in certificates. Certificates typically include the CRL distribution point, so that clients can retrieve a list of revoked certificates. Matter clients can find the CRL distribution point in a well-known trusted Matter data store. This avoids the need for Matter certificates to include the CRL distribution point in the certificate itself.

This new feature is available in all AWS Regions where AWS Private CA is available, including the AWS GovCloud (US) Regions. To create new Matter CAs, see the Matter PKI Compliance Guide. To learn more about this feature, see the User guide. To get started, see the Getting started guide.