AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)


AWS Certificate Manager Private Certificate Authority limits the number of certificates and certificate authorities as well as the API rate.

Limits on Certificates

The following ACM Private CA certificate limits apply to each Region and each account. To request higher limits, create a case at the AWS Support Center.

Item Default Limit
Number of private certificate authorities (CAs) 10
Number of private certificates per private CA (lifetime) 1,000,000
Number of unexpired revoked private certificates per CA* 1,000,000

* This limit reflects the number of unexpired certificates that can be included in the Certificate Revocation List (CRL), based on the maximum CRL size that can be processed by clients consuming CRLs. This limit cannot be increased.


A private CA that has been deleted counts towards your certificate limit until the end of its restoration period. For more information, see Delete Your Private CA.

ACM Private CA is integrated with ACM. You can use the ACM console, AWS CLI, or ACM API to request private certificates from an existing private certificate authority (CA). The certificates are managed by ACM and have the same restrictions as public certificates that are issued by ACM. For a list of the restrictions, see Request a Private Certificate. You can also issue private certificates with the ACM Private CA API or AWS CLI. For more information, see Issuing a Private End-Entity Certificate. Regardless of which method you use, you can create 10 private CAs, request 1,000,000 private certificates, and revoke 1,000,000 certificate per account per Region. ACM places limits on public and imported certificates. For more information, see ACM Limits.

API Rate Limits

The following limits apply to the ACM Private CA API for each Region and account. ACM Private CA throttles API requests at different limits depending on the API operation. Throttling means that ACM Private CA rejects an otherwise valid request because the request exceeds the operation's limit for the number of requests per second. When a request is throttled, ACM Private CA returns a ThrottlingException error. The following table lists each API operation and the limit at which ACM Private CA throttles requests for that operation.


At this time, ACM Private CA does not support individual API rate limit increases per customer.