AWS Certificate Manager Private Certificate Authority
AWS Private Certificate Authority Documentation (API Version 2017-08-22)


Deletes the private certificate authority (CA) that you created or started to create by calling the CreateCertificateAuthority function. This action requires that you enter an ARN (Amazon Resource Name) for the private CA that you want to delete. You can find the ARN by calling the ListCertificateAuthorities function. You can delete the CA if you are waiting for it to be created (the Status field of the CertificateAuthority is CREATING) or if the CA has been created but you haven't yet imported the signed certificate (the Status is PENDING_CERTIFICATE) into ACM PCA. If you've already imported the certificate, you cannot delete the CA unless it has been disabled for more than 30 days. To disable a CA, call the UpdateCertificateAuthority function and set the CertificateAuthorityStatus argument to DISABLED.

Request Syntax

{ "CertificateAuthorityArn": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:

arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


A previous update to your private CA is still ongoing.

HTTP Status Code: 400


The requested Amazon Resource Name (ARN) does not refer to an existing resource.

HTTP Status Code: 400


The private CA is in a state during which a report cannot be generated.

HTTP Status Code: 400


A resource such as a private CA, S3 bucket, certificate, or audit report cannot be found.

HTTP Status Code: 400



Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity Content-Length: 128 X-Amz-Target: ACMPrivateCA.DeleteCertificateAuthority X-Amz-Date: 20180226T200731Z User-Agent: aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AWS_Access_Key_ID/20180226/AWS_Region/acm-pca/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=92e1b3f329c6e5d7d65341c7764d3061f201276522f3c4e0df234f12c1abab2f { "CertificateAuthorityArn": "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012" }


Sample Response

This function does not return a value.

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: