Using the Amazon Private CA API to implement the Matter standard (Java examples) - Amazon Private Certificate Authority
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using the Amazon Private CA API to implement the Matter standard (Java examples)

You can use the Amazon Private Certificate Authority API to create certificates that conform to the Matter connectivity standard. Matter specifies certificate configurations that improve the security and consistency of internet of things (IoT) devices across multiple engineering platforms. For more information about Matter, see buildwithmatter.com.

The Java examples in this section interact with the service by sending HTTP requests. The service returns HTTP responses. For more information see Amazon Private Certificate Authority API Reference.

In addition to the HTTP API, you can use the Amazon SDKs and command line tools to interact with Amazon Private CA. This is recommended over the HTTP API. For more information, see Tools for Amazon Web Services. The following topics show you how to use the Amazon SDK for Java to program the Amazon Private CA API.

The GetCertificateAuthorityCsr, GetCertificate, and DescribeCertificateAuthorityAuditReport operations support waiters. You can use waiters to control the progression of your code based on the presence or state of certain resources. For more information, see the following topics, as well as Waiters in the Amazon SDK for Java in the Amazon Developer Blog.

Matter 1.2, released in October 2023, supports DAC revocation using Certificate Revocation Lists (CRLs). To help you conform to the current Matter standard, when you enable CRL revocation for CAs that issue Matter certificates, in the CrlConfiguration object, in the CrlDistributionPointExtensionConfiguration structure, set OmitExtension to true.

Typically, CAs embed the CRL Distribution Point (CDP) in the certificates they issue so that the relying parties performing certificate chain validation can fetch the CRL and check the certificate status. In Matter, the CDP URI is not written to certificates. Instead, users fetch CDPs from the Matter Distributed Compliance Ledger (DCL), the trusted Matter data store. You must upload the CDP URI to the Matter DCL so that it can be discovered when validating DACs. For more information about determining the CDP URI, see Determining the CRL Distribution Point (CDP) URI . For more information about Matter, see the Matter DCL documentation.

Topics