Documentation
Below, access user and reference guides to learn more about AWS Private Certificate Authority (AWS Private CA).
AWS Private CA User Guide
This user guide provides conceptual overviews and explains how to create a private certificate authority (CA).
AWS Private CA in the AWS CLI Reference Guide
This guide describes the AWS Private CA commands available in AWS Command Line Interface (CLI).
AWS Private CA API Reference
This webpage covers the API operations available for AWS Private CA, along with sample requests, responses, and errors for the supported web services protocols.
What's new
Blog posts
Below, read the latest blog posts and articles on AWS Private CA to learn about the latest use cases and features.
How to use AWS Private Certificate Authority short-lived certificate mode | February 20, 2023
This blog post compares the two Certificate Authority modes, examines their pricing models, and discusses several potential use cases for short-lived certificates. It also provides a walkthrough that shows you how to create a short-lived mode CA by using the AWS Command Line Interface (AWS CLI).
How to configure certificate-based authentication for Amazon WorkSpaces | January 12, 2023
This blog discusses the benefits of using certificate-based authentication for Amazon WorkSpaces with an overview of the short-lived CA mode offered by AWS Private Certificate Authority and why it is important to this use case.
SAML 2.0 and certificate-based authentication now available with Amazon WorkSpaces | November 18, 2022
Discover how certificate-based authentication integrates with AWS Private CA to issue automatically short-lived certificates when users sign in to their WorkSpaces.
Seamless Active Directory domain logon architecture with Amazon AppStream 2.0 | November 1, 2022
Learn how AppStream 2.0 CBA uses AWS Private CA’s short-lived certificate mode to rotate user certificates for every AppStream 2.0 session.
How to secure an enterprise scale AWS Private CA hierarchy for automotive and manufacturing | June 13, 2022
Find out how you can use AWS Private CA to help follow security best practices when you build a CA hierarchy.
Choosing the right certificate revocation method in AWS Private CA | May 16, 2022
Learn more about the Online Certificate Status Protocol (OCSP) and certificate revocation lists (CRLs), two fully managed certificate revocation status checking mechanisms provided by AWS Private CA.
TLS-enabled Kubernetes clusters with AWS Private CA and Amazon EKS | July 14, 2021
Read about how you can set up end-to-end encryption on Amazon Elastic Kubernetes Service (EKS) with AWS Private CA.
Create a portable root CA using AWS CloudHSM and AWS Private CA | June 24, 2021
Learn how you can use AWS Private CA with CloudHSM to operate a hybrid public key infrastructure (PKI) in which the root CA is in CloudHSM and the subordinate CAs are in AWS Private CA.
Videos and webinars
Below, you will find tutorials on getting started with AWS Private CA.
Certificate templates (16:01)
In this video, learn how AWS Private CA offers certificate templates so you can control and specify the X.509 certificate extensions for the certificates you issue. It covers the basics on certificate extensions, template options, and relevant use cases, and it finishes with a 10-minute demonstration.
Deep dive on creating and managing certificate authorities (52:37)
Get an overview of AWS Private CA and some common use cases, plus learn how to quickly and more easily create a complete CA hierarchy.
Disaster Recovery reference architectures (2:08)
This video helps you design your AWS Private CA hierarchy so it can be resilient to AWS Region failures. It also talks through planning a disaster recovery strategy for your public key infrastructure on AWS.
Reduce costs by sharing private CAs using AWS RAM (7:27)
This video demonstrates how to reduce costs and simplify certificate management on AWS by sharing private CAs using AWS Private CA and AWS Resource Access Manager (RAM).
Least privilege & separation of duties for AWS Private CA conceptual demo (4:08)
This conceptual overview shows you how to achieve least privilege and separation of duties using AWS Private CA. It describes how different AWS Private CA API calls are used through the process of setting up a CA.
Using AWS Private CA to issue and manage enterprise SSL/TLS certs (39:31)
In this tech talk, you will learn how to deploy SSL/TLS across an organization, which requires both certificate and CA management.

Get started building with AWS Private Certificate Authority in the AWS Management Console.