Amazon is now offering a service that allows their AWS Certificate Manager to act as a private subordinate CA. I’m all for this and it should allow business customers easier management of their private certificates without having to invest significant resources into infrastructure. Once again Amazon jumps out there with a great idea that makes their cloud services hard to beat.



This enables developers to provision certificates in just a few simple API calls while administrators have a central CA management console and fine grained access control through granular IAM policies. ACM Private CA keys are stored securely in AWS managed hardware security modules (HSMs) that adhere to FIPS 140-2 Level 3 security standards.

Discussion

Source: [H]ardOCP – Amazon Getting Into the Private Certificate Authority Business