Document History
The following table describes significant changes to this documentation since January 2018. In addition to major changes listed here, we also update the documentation frequently to improve the descriptions and examples, and to address the feedback that you send to us. To be notified about significant changes, use the link in the upper right corner to subscribe to the RSS feed.
Change | Description | Date |
---|---|---|
Connector for SCEP is now generally available. | September 16, 2024 | |
Added a new topic that helps you to troubleshoot issues related to updating your Connector for Active Directory templates. | July 31, 2024 | |
Added a procedure describing how to update a Connector for AD template, and how Amazon Private CA propagates those updates. | July 31, 2024 | |
Amazon Private CA doesn't support the use of Amazon S3 Object Lock with buckets used for audit reports. | July 3, 2024 | |
Amazon Private CA now supports the SM2 signing algorithm, for China Region only. | June 27, 2024 | |
Use Connector for SCEP to link Amazon Private CA to your SCEP-enabled clients and devices. | June 11, 2024 | |
Added new sections on troubleshooting connector and SPN creation failures. | April 4, 2024 | |
Adds support for the Certificate Revocation List Distribution Point (CDP) extension for Matter. | January 25, 2024 | |
Added API support for creating certificates that conform to the ISO/IEC standard for mobile driving
license (mDL) | January 16, 2024 | |
Amazon Private CA Connector for Active Directory | User guide, API, and CLI support for Connector for AD. For more information, see the Connector for AD documentation. | August 24, 2023 |
Changing security policy names to match new service name | Adoption of new names for Amazon managed IAM policies that specify standard permissions on Amazon Private CA. For more information, see Amazon managed policies. | February 13, 2023 |
Adding change tracker for Amazon managed policies | Documentation added to track changes to Amazon managed IAM policies that specify standard permissions on Amazon Private CA. For more information, see Updates to Amazon managed policies for Amazon Private CA. | November 11, 2022 |
API and CLI support for CAs that issue short-lived certificates | With the introduction of CA usage modes, a CA can be configured to issue either general-purpose or exclusively short-lived certificates. For more information, see Certificate authority modes. | October 24, 2022 |
Service rebranding and console update | The service is renamed to Amazon Private Certificate Authority (Amazon Private CA). The Amazon Private CA console gets usability improvements including integrated help panels that link to complete documentation. | September 27, 2022 |
Matter-compliant certificate support | Three new certificate templates add support for Matter-compliant CA and end-entity certificates. For more information, see Understanding certificate templates. | July 20, 2022 |
New region support | Endpoint added for Asia Pacific (Jakarta). For a complete list of Amazon Private CA endpoints, see ACM Private Certificate Authority Endpoints and Quotas. | May 4, 2022 |
Support for Custom Attributes and Extensions | Use the CustomAttribute object to configure customized CAs and certificates, and the CustomExtension object to configure customized certificates. | March 16, 2022 |
Support for Managed OCSP | See Setting up a certificate revocation method for revocation options including OCSP. | August 18, 2021 |
Support for S3 Block Public Access feature for CRLs | May 27, 2021 | |
New and updated Java implementation examples | September 9, 2020 | |
New region support | Endpoints added for Africa (Cape Town) and Europe (Milan). For a complete list of Amazon Private CA endpoints, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas. | August 27, 2020 |
Cross-account private CA access supported | Amazon Certificate Manager users can be authorized to issue certificates using private CAs that they do not own. For more information, see Cross-Account Access to Private CAs. | August 17, 2020 |
VPC endpoints (PrivateLink) support | Added support for use of VPC endpoints (AmazonPrivateLink) for enhanced network security. For more information, see ACM Private CA VPC Endpoints (Amazon PrivateLink). | March 26, 2020 |
Dedicated security section added | Security documentation for Amazon has been consolidated into a dedicated security section. For information about security, see Security in Amazon Certificate Manager Private Certificate Authority. | March 26, 2020 |
Template ARN added to audit reports. | For more information, see Creating an Audit Report for Your Private CA. | March 6, 2020 |
CloudFormation support | Support added for Amazon CloudFormation. For more information, see ACMPCA Resource Type Reference in the Amazon CloudFormation User Guide. | January 22, 2020 |
CloudWatch Events integration | Integration with CloudWatch Events for asynchronous events, including CA creation, certificate issuance, and CRL creation. For more information, see Using CloudWatch Events. | December 23, 2019 |
FIPS endpoints | FIPS endpoints added for Amazon GovCloud (US-East) and Amazon GovCloud (US-West). For a complete list of Amazon Private CA endpoints, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas. | December 13, 2019 |
Tag-based permissions | Tag-based permissions supported using the new APIs | November 5, 2019 |
Name constraints enforcement | Added support for enforcing subject name constraints on imported CA certificates. For more information, see Enforcing Name Constraints on a Private CA. | October 28, 2019 |
New certificate templates | New certificate templates added, including templates for code signing with Amazon Signer. For more information, see Using Templates. | October 1, 2019 |
Planning your CA | New section added on planning your PKI using Amazon Private CA. For more information, see Planning Your ACM Private CA Deployment. | September 30, 2019 |
Added region support | Added region support for the Amazon Asia Pacific (Hong Kong) Region. For a complete list of supported regions, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas. | July 24, 2019 |
Added complete private CA hierarchy support | Support for creating and hosting root CAs removes need for an external parent. | June 20, 2019 |
Added region support | Added region support for the Amazon GovCloud (US-West and US-East) Regions. For a complete list of supported regions, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas. | May 8, 2019 |
Added region support | Added region support for the Amazon Asia Pacific (Mumbai and Seoul), US West (N. California), and EU (Paris and Stockholm) Regions. For a complete list of supported regions, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas. | April 4, 2019 |
Testing certificate renewal workflow | Customers can now manually test the configuration of their ACM managed renewal workflow. For more information, see Testing ACM's Managed Renewal Configuration. | March 14, 2019 |
Added region support | Added region support for the Amazon EU (London) Region. For a complete list of supported regions, see Amazon Certificate Manager Private Certificate Authority Endpoints and Quotas. | August 1, 2018 |
Restore deleted CAs | Private CA restore allows customers to restore certificate authorities (CAs) for up to 30 days after they have been deleted. For more information, see Restoring Your Private CA. | June 20, 2018 |
Earlier Updates
The following table describes the documentation release history of Amazon Private Certificate Authority before June 2018.
Change | Description | Date |
---|---|---|
New guide | This release introduces Amazon Private Certificate Authority. | April 04, 2018 |