Creating a private CA - AWS Certificate Manager Private Certificate Authority

Creating a private CA

You can use the procedures in this section to create either root CAs or subordinate CAs, resulting in an auditable hierarchy of trust relationships that matches your organizational needs. You can create a CA using the AWS Management Console, the PCA portion of the AWS CLI, or AWS CloudFormation.

For information about updating the configuration of a CA that you have already created, see Updating your private CA.

For information about using a CA to sign end-entity certificates for your users, devices, and applications, see Issuing private end-entity certificates.


Your account is charged a monthly price for each private CA starting from the time that you create it.

For the latest ACM Private CA pricing information, see the ACM Pricing page on the AWS website. You can also use the AWS pricing calculator to estimate costs.