Harness over 40 enterprise-class cloud services to drive business efficiency

 ✕

Getting Started with Amazon Private CA

Find tutorials to learn the basic concepts and get started with Amazon Private Certificate Authority (Amazon Private CA). Learn how you can use Amazon Private CA to help you create and operate Matter-compliant Certificate Authorities (CAs).

Ready to start building your own private CA?

Step 1

Get started with Amazon Private CA

To get started, navigate to Amazon Certificate Manager in the Amazon Web Services Management Console and select Amazon Private CA on the left side of the screen. Choose get started to start creating a private certificate authority (CA).

Sign in »
Step 2

Walkthrough Amazon Private CA

Learn how to set up a new private CA.

Read documentation »
Step 3

Learn about CA hierarchies and why they’re important

Learn the importance of CA hierarchies and see some examples of established patterns for creating CA hierarchies when using Amazon Private CA.

Read documentation »

Adopting Matter for smart-home systems?

Learn how Amazon Private CA supports Matter

Amazon is a founding member and a key contributor to the Matter initiative, an effort managed by the Connectivity Standards Alliance to develop an open standard for device interoperability across smart-home systems with security and privacy as key design tenets. Matter uses X.509 digital certificates to identify devices. Matter certificates can be issued only by CAs that comply with the Matter PKI Certificate Policy (CP). You can use Amazon Private CA to create both Device Attestation Certificates (DAC) and Node Operational Certificates (NOC) for use with Matter.

Learn more in the FAQs »

Amazon Web Services CDK and CloudFormation samples on Github

Amazon Private CA has sample Amazon Web Services Cloud Development Kit (CDK) scripts and Amazon CloudFormation stack templates you can use to help you create CAs that issue Matter DACs. You can use the Amazon Web Services CDK and CloudFormation samples to help you configure Matter CAs that meet the requirements of the Matter PKI CP approved on December 19, 2022. You can use the samples to not only construct the CA, but to also help create the configuration and auditing infrastructure needed to help you comply with the Matter PKI CP. This includes Amazon Identity and Access Management (IAM) roles and permissions, log configuration & retention policies. To get started, download the samples from Github.

To create DACs, you need to configure and operate your Device Attestation CA in compliance with the Matter PKI CP. Use the Matter PKI Compliance Customer Guide to learn how you can use Amazon Private CA to help you create and operate Device Attestation CAs.

Using the Amazon Private CA API to create the Matter certificates (Java examples)