Use Amazon Private CA certificate templates - Amazon Private Certificate Authority
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use Amazon Private CA certificate templates

Amazon Private CA uses configuration templates to issue both CA certificates and end-entity certificates. When you issue a CA certificate from the PCA console, the appropriate root or subordinate CA certificate template is applied automatically.

If you use the CLI or API to issue a certificate, you can supply a template ARN as a parameter to the IssueCertificate action. If you provide no ARN, then the EndEntityCertificate/V1 template is applied by default. For more information, see the IssueCertificate API and issue-certificate command documentation.

Note

Amazon Certificate Manager (ACM) users with cross-account shared access to a private CA can issue managed certificates that are signed by the CA. Cross-account issuers are constrained by a resource-based policy and have access only to the following end-entity certificate templates:

For more information, see Resource-based policies.