AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Using Templates

ACM Private CA uses templates to create both CA certificates and end-entity certificates that identify users, hosts, resources, and devices. When you create a certificate in the console, a template is applied automatically based on the type of certificate you have chosen and the path-length that you specify. If you use the CLI or API to create a certificate, you manually provide the ARN of the template that you want to apply. (The end-entity template is applied if you provide no ARN.)

The following template types are supported:

Template name Template ARN Certificate type Path length

RootCACertificate/V1

arn:aws:acm-pca:::template/RootCACertificate/V1

CA Unconstrained by root

SubordinateCACertificate_PathLen0/V1

arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0/V1

CA 0

SubordinateCACertificate_PathLen1/V1

arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1

CA 1

SubordinateCACertificate_PathLen2/V1

arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1

CA 2

SubordinateCACertificate_PathLen3/V1

arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1

CA 3

EndEntityCertificate/V1

arn:aws:acm-pca:::template/EndEntityCertificate/V1 End-entity Not applicable

The following links provide additional information about creating a certificate with ACM Private CA.