Find tutorials to learn the basic concepts and get started with AWS Private Certificate Authority (AWS Private CA). Learn how you can use AWS Private CA to help you create and operate Matter-compliant Certificate Authorities (CAs).

Ready to start building your own private CA?

Step 1

Get started with AWS Private CA

To get started, navigate to AWS Certificate Manager in the AWS Management Console and select AWS Private CA on the left side of the screen. Choose get started to start creating a private certificate authority (CA).

Sign in »
Step 2

Walkthrough the AWS Private CA console

Discover the benefits of AWS Private CA and how to set up a new private CA.

Watch video »
Step 3

Discover CA hierarchies and why they’re important

Learn the importance of CA hierarchies and see some examples of established patterns for creating CA hierarchies when using AWS Private CA.

Watch video »

Adopting Matter for smart-home systems?

Learn how AWS Private CA supports Matter

Amazon is a founding member and a key contributor to the Matter initiative, an effort managed by the Connectivity Standards Alliance to develop an open standard for device interoperability across smart-home systems with security and privacy as key design tenets. Matter uses X.509 digital certificates to identify devices. Matter certificates can be issued only by CAs that comply with the Matter PKI Certificate Policy (CP). You can use AWS Private CA to create both Device Attestation Certificates (DAC) and Node Operational Certificates (NOC) for use with Matter.

Learn more in the FAQs »

Building Certificate Authorities for Matter using AWS Private CA (15:06)

AWS CDK and CloudFormation samples on Github

AWS Private CA has sample AWS Cloud Development Kit (CDK) scripts and AWS CloudFormation stack templates you can use to help you create CAs that issue Matter DACs. You can use the AWS CDK and CloudFormation samples to help you configure Matter CAs that meet the requirements of the Matter PKI CP approved on December 19, 2022. You can use the samples to not only construct the CA, but to also help create the configuration and auditing infrastructure needed to help you comply with the Matter PKI CP. This includes AWS Identity and Access Management (IAM) roles and permissions, log configuration & retention policies. To get started, download the samples from Github.

To create DACs, you need to configure and operate your Device Attestation CA in compliance with the Matter PKI CP. Use the Matter PKI Compliance Customer Guide to learn how you can use AWS Private CA to help you create and operate Device Attestation CAs.

Using the AWS Private CA API to create the Matter certificates (Java examples)
Amazon Alexa Relies on AWS Private CA for Matter Certificates
Use AWS Private CA to issue device attestation certificates for Matter

Want to learn more about AWS Private CA solutions for Matter?

Learn more about product pricing

See pricing details and examples.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building with AWS Private Certificate Authority in the AWS Management Console.

Sign in