Use Amazon Private CA to implement Matter certificates
You can use the Amazon Private Certificate Authority API to create certificates that conform to the Matter connectivity
standard
Matter 1.2, released in October 2023, supports DAC revocation using Certificate Revocation Lists (CRLs).
To help you conform to the current Matter standard, when you enable CRL revocation for CAs that issue Matter
certificates, in the CrlConfiguration
object, in the CrlDistributionPointExtensionConfiguration
structure, set OmitExtension
to true
.
Typically, CAs embed the CRL Distribution Point (CDP) in the certificates they issue so that the relying parties
performing certificate chain validation can fetch the CRL and check the certificate status. In Matter, the CDP URI
is not written to certificates. Instead, users fetch CDPs from the Matter Distributed Compliance Ledger (DCL), the trusted Matter data store. You must upload the CDP URI to the Matter DCL so that it can be discovered when validating DACs.
For more information about determining the CDP URI, see Determining the CRL Distribution Point (CDP) URI .
For more information about Matter, see the Matter DCL documentation
Topics
- Activate a Product Attestation Authority (PAA)
- Activate an Product Attestation Intermediate (PAI)
- Create a Device Attestation Certificate (DAC)
- Activate a Root CA for Node Operational Certificates (NOC).
- Activate a Subordinate CA for Node Operational Certificates (NOC)
- Create a Node Operational Certificate (NOC)