RegisterCACertificate - Amazon IoT
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.


Registers a CA certificate with Amazon IoT. This CA certificate can then be used to sign device certificates, which can be then registered with Amazon IoT. You can register up to 10 CA certificates per Amazon Web Services account that have the same subject field. This enables you to have up to 10 certificate authorities sign your device certificates. If you have more than one CA certificate registered, make sure you pass the CA certificate when you register your device certificates with the RegisterCertificate action.

Requires permission to access the RegisterCACertificate action.

Request Syntax

POST /cacertificate?allowAutoRegistration=allowAutoRegistration&setAsActive=setAsActive HTTP/1.1 Content-type: application/json { "caCertificate": "string", "registrationConfig": { "roleArn": "string", "templateBody": "string" }, "tags": [ { "Key": "string", "Value": "string" } ], "verificationCertificate": "string" }

URI Request Parameters

The request uses the following URI parameters.


Allows this CA certificate to be used for auto registration of device certificates.


A boolean value that specifies if the CA certificate is set to active.

Valid values: ACTIVE | INACTIVE

Request Body

The request accepts the following data in JSON format.


The CA certificate.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 65536.

Pattern: [\s\S]*

Required: Yes


Information about the registration configuration.

Type: RegistrationConfig object

Required: No


Metadata which can be used to manage the CA certificate.


For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

Type: Array of Tag objects

Required: No


The private key verification certificate.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 65536.

Pattern: [\s\S]*

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "certificateArn": "string", "certificateId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The CA certificate ARN.

Type: String


The CA certificate identifier.

Type: String

Length Constraints: Fixed length of 64.

Pattern: (0x)?[a-fA-F0-9]+



The certificate is invalid.

HTTP Status Code: 400


An unexpected error has occurred.

HTTP Status Code: 500


The request is not valid.

HTTP Status Code: 400


A limit has been exceeded.

HTTP Status Code: 410


The registration code is invalid.

HTTP Status Code: 400


The resource already exists.

HTTP Status Code: 409


The service is temporarily unavailable.

HTTP Status Code: 503


The rate exceeds the limit.

HTTP Status Code: 400


You are not authorized to perform this operation.

HTTP Status Code: 401

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: