Document History - Amazon Private Certificate Authority
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Document History

The following table describes significant changes to this documentation since January 2018. In addition to major changes listed here, we also update the documentation frequently to improve the descriptions and examples, and to address the feedback that you send to us. To be notified about significant changes, use the link in the upper right corner to subscribe to the RSS feed.

ChangeDescriptionDate

Connector for SCEP is now generally available

Connector for SCEP is now generally available.

September 16, 2024

New troubleshooting topic

Added a new topic that helps you to troubleshoot issues related to updating your Connector for Active Directory templates.

July 31, 2024

Added how to update Connector for AD templates

Added a procedure describing how to update a Connector for AD template, and how Amazon Private CA propagates those updates.

July 31, 2024

Added constraint for audit reports

Amazon Private CA doesn't support the use of Amazon S3 Object Lock with buckets used for audit reports.

July 3, 2024

Now supports SM2 for China Region

Amazon Private CA now supports the SM2 signing algorithm, for China Region only.

June 27, 2024

Amazon Private CA now supports Connector for SCEP (Preview)

Use Connector for SCEP to link Amazon Private CA to your SCEP-enabled clients and devices.

June 11, 2024

New connector troubleshooting guidance

Added new sections on troubleshooting connector and SPN creation failures.

April 4, 2024

Adding CDP extension for Matter

Adds support for the Certificate Revocation List Distribution Point (CDP) extension for Matter.

January 25, 2024

Amazon Private CA API support for mDL

Added API support for creating certificates that conform to the ISO/IEC standard for mobile driving license (mDL).

January 16, 2024

Amazon Private CA Connector for Active Directory

User guide, API, and CLI support for Connector for AD. For more information, see the Connector for AD documentation.

August 24, 2023

Changing security policy names to match new service name

Adoption of new names for Amazon managed IAM policies that specify standard permissions on Amazon Private CA. For more information, see Amazon managed policies.

February 13, 2023

Adding change tracker for Amazon managed policies

Documentation added to track changes to Amazon managed IAM policies that specify standard permissions on Amazon Private CA. For more information, see Updates to Amazon managed policies for Amazon Private CA.

November 11, 2022

API and CLI support for CAs that issue short-lived certificates

With the introduction of CA usage modes, a CA can be configured to issue either general-purpose or exclusively short-lived certificates. For more information, see Certificate authority modes.

October 24, 2022

Service rebranding and console update

The service is renamed to Amazon Private Certificate Authority (Amazon Private CA). The Amazon Private CA console gets usability improvements including integrated help panels that link to complete documentation.

September 27, 2022

Matter-compliant certificate support

Three new certificate templates add support for Matter-compliant CA and end-entity certificates. For more information, see Understanding certificate templates.

July 20, 2022

New region support

Endpoint added for Asia Pacific (Jakarta). For a complete list of Amazon Private CA endpoints, see ACM Private Certificate Authority Endpoints and Quotas.

May 4, 2022

Support for Custom Attributes and Extensions

Use the CustomAttribute object to configure customized CAs and certificates, and the CustomExtension object to configure customized certificates.

March 16, 2022

Support for Managed OCSP

See Setting up a certificate revocation method for revocation options including OCSP.

August 18, 2021

Support for S3 Block Public Access feature for CRLs

See Enabling the S3 Block Public Access feature.

May 27, 2021

New and updated Java implementation examples

See Using the ACM Private CA API (Java Examples).

September 9, 2020

New region support

Endpoints added for Africa (Cape Town) and Europe (Milan). For a complete list of Amazon Private CA endpoints, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas.

August 27, 2020

Cross-account private CA access supported

Amazon Certificate Manager users can be authorized to issue certificates using private CAs that they do not own. For more information, see Cross-Account Access to Private CAs.

August 17, 2020

VPC endpoints (PrivateLink) support

Added support for use of VPC endpoints (AmazonPrivateLink) for enhanced network security. For more information, see ACM Private CA VPC Endpoints (Amazon PrivateLink).

March 26, 2020

Dedicated security section added

Security documentation for Amazon has been consolidated into a dedicated security section. For information about security, see Security in Amazon Certificate Manager Private Certificate Authority.

March 26, 2020

Template ARN added to audit reports.

For more information, see Creating an Audit Report for Your Private CA.

March 6, 2020

CloudFormation support

Support added for Amazon CloudFormation. For more information, see ACMPCA Resource Type Reference in the Amazon CloudFormation User Guide.

January 22, 2020

CloudWatch Events integration

Integration with CloudWatch Events for asynchronous events, including CA creation, certificate issuance, and CRL creation. For more information, see Using CloudWatch Events.

December 23, 2019

FIPS endpoints

FIPS endpoints added for Amazon GovCloud (US-East) and Amazon GovCloud (US-West). For a complete list of Amazon Private CA endpoints, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas.

December 13, 2019

Tag-based permissions

Tag-based permissions supported using the new APIs TagResource, UntagResource, and ListTagsForResource. For general information about tag-based controls, see Controlling Access to and for IAM Users and Roles Using IAM Resource Tags.

November 5, 2019

Name constraints enforcement

Added support for enforcing subject name constraints on imported CA certificates. For more information, see Enforcing Name Constraints on a Private CA.

October 28, 2019

New certificate templates

New certificate templates added, including templates for code signing with Amazon Signer. For more information, see Using Templates.

October 1, 2019

Planning your CA

New section added on planning your PKI using Amazon Private CA. For more information, see Planning Your ACM Private CA Deployment.

September 30, 2019

Added region support

Added region support for the Amazon Asia Pacific (Hong Kong) Region. For a complete list of supported regions, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas.

July 24, 2019

Added complete private CA hierarchy support

Support for creating and hosting root CAs removes need for an external parent.

June 20, 2019

Added region support

Added region support for the Amazon GovCloud (US-West and US-East) Regions. For a complete list of supported regions, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas.

May 8, 2019

Added region support

Added region support for the Amazon Asia Pacific (Mumbai and Seoul), US West (N. California), and EU (Paris and Stockholm) Regions. For a complete list of supported regions, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas.

April 4, 2019

Testing certificate renewal workflow

Customers can now manually test the configuration of their ACM managed renewal workflow. For more information, see Testing ACM's Managed Renewal Configuration.

March 14, 2019

Added region support

Added region support for the Amazon EU (London) Region. For a complete list of supported regions, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas.

August 1, 2018

Restore deleted CAs

Private CA restore allows customers to restore certificate authorities (CAs) for up to 30 days after they have been deleted. For more information, see Restoring Your Private CA.

June 20, 2018

Earlier Updates

The following table describes the documentation release history of Amazon Private Certificate Authority before June 2018.

Change Description Date
New guide This release introduces Amazon Private Certificate Authority. April 04, 2018