Creating a private CA - AWS Private Certificate Authority

Creating a private CA

You can use the procedures in this section to create either root CAs or subordinate CAs, resulting in an auditable hierarchy of trust relationships that matches your organizational needs. You can create a CA using the AWS Management Console, the PCA portion of the AWS CLI, or AWS CloudFormation.

For information about updating the configuration of a CA that you have already created, see Updating your private CA.

For information about using a CA to sign end-entity certificates for your users, devices, and applications, see Issuing private end-entity certificates.


Your account is charged a monthly price for each private CA starting from the time that you create it.

For the latest AWS Private CA pricing information, see AWS Private Certificate Authority Pricing. You can also use the AWS pricing calculator to estimate costs.