Getting Started with AWS Private CA
Overview
Find tutorials to learn the basic concepts and get started with AWS Private Certificate Authority (AWS Private CA). Learn how you can use AWS Private CA to help you create and operate Matter-compliant Certificate Authorities (CAs).
Ready to start building your own private CA?
Get started with AWS Private CA
To get started, navigate to AWS Certificate Manager in the AWS Management Console and select AWS Private CA on the left side of the screen. Choose get started to start creating a private certificate authority (CA).
Walkthrough the AWS Private CA console
Discover the benefits of AWS Private CA and how to set up a new private CA.
Discover CA hierarchies and why they’re important
Learn the importance of CA hierarchies and see some examples of established patterns for creating CA hierarchies when using AWS Private CA.
Adopting Matter for smart-home systems?
is a founding member and a key contributor to the Matter initiative, an effort managed by the Connectivity Standards Alliance to develop an open standard for device interoperability across smart-home systems with security and privacy as key design tenets. Matter uses X.509 digital certificates to identify devices. Matter certificates can be issued only by CAs that comply with the Matter PKI Certificate Policy (CP). You can use AWS Private CA to create both Device Attestation Certificates (DAC) and Node Operational Certificates (NOC) for use with Matter.
AWS CDK and CloudFormation samples on Github
AWS Private CA has sample AWS Cloud Development Kit (CDK) scripts and AWS CloudFormation stack templates you can use to help you create CAs that issue Matter DACs. You can use the AWS CDK and CloudFormation samples to help you configure Matter CAs that meet the requirements of the Matter PKI CP approved on December 19, 2022. You can use the samples to not only construct the CA, but to also help create the configuration and auditing infrastructure needed to help you comply with the Matter PKI CP. This includes AWS Identity and Access Management (IAM) roles and permissions, log configuration & retention policies. To get started, download the samples from Github.
To create DACs, you need to configure and operate your Device Attestation CA in compliance with the Matter PKI CP. Use the Matter PKI Compliance Customer Guide to learn how you can use AWS Private CA to help you create and operate Device Attestation CAs.