How to Create Private Certificate Manager on Amazon Web Service(AWS)

ACM’s certificate management capabilities to both public and private certificates. ACM Private CA allows developers to be more agile by providing them APIs to create and deploy private certificates programmatically.

Using Private Certificate Manager, we can easily establish a secure managed infrastructure for issuing and revoking private digital certificates. Private certificates identify and secure applications, services, devices and users within an organization.


  • Login to aws portal.
  • Click on Services.


Fig 1


  • Under Security, Identity & Compliance select Certificate Manager.


Fig 2


  • Click on Get Started Private Certificate Authority.


Fig. 3


  • Select Root CA for create a new CA.
  • Click on Next.


Fig. 4


  • Provide Organization name & Organization Unit name.
  • Select Country name.
  • Provide State or province name.


Fig. 5


  • Provide Locality name & Common Name for Certificate manager.
  • Click on Next.


Fig. 6


  • Click on Advanced.


Fig. 7


  • Select Algorithm. It is a set of rules or protocols which is used for solving a problems.
  • Click on Next.


Fig. 8


  • Enable CRL distribution, ACM sends certificate revocation lists to Amazon S3 bucket.
  • Provide Amazon S3 bucket name or select existing bucket name.
  • Click on Next.


Fig 9


  • Provide tag name & value.
  • Click on Next.


Fig 10


  • Click on Next.


Fig 11


  • Review all configurations.


Fig 12


  • Click on Checkbox for confirmation.
  • Click on Confirm & Create.


Fig 13


  • Ca was created successfully.
  • Click on Get started for install a CA certificate to activated CA.

Fig 14


  • Provide Validity time.
  • Click on Next.


Fig 15


  • Review the configurations.
  • Click on confirm & install.


Fig 16


  • After sometime Root Ca certificate was installed successfully.
  • The status of this CA is Active & able to Issue private certificate.


Fig 17


Create Private Certificate Authority using Shell

aws acm-pca create-certificate-authority –certificate-authority-configuration <value> –revocation-configuration <value> –certificate-authority-type <value> --tags Key=Name,Value=example


Leave a Reply