AWS – AWS Private CA now supports issuing up to 100 million certificates per CA

AWS Private Certificate Authority (AWS Private CA) now enables you to issue up to 100 million certificates per certificate authority (CA), an increase from the previous default limit of 1 million certificates. This limit increase allows you to optimize your CA operations by managing fewer CAs while maintaining the security and flexibility of your public key infrastructure (PKI).

The new 100 million certificates per CA limit is available by default for CAs configured without revocation or with revocation configuration set to partitioned Certificate Revocation List (CRL) and/or Online Certificate Status Protocol (OCSP). CAs configured with complete CRL will continue to have a maximum limit of 1 million certificates per CA. If you are currently using complete CRL and need to issue more certificates, you can switch to partitioned CRL to automatically increase the certificates per CA limit to 100 million certificates. AWS Private CA is a managed service that lets you create private certificate authorities (CAs) to issue digital certificates for authenticating internal users, servers, applications, and devices within your organization, while securing the CA’s private keys using Federal Information Processing Standard (FIPS) 140-3 Level 3 hardware security modules (HSMs). AWS Private CA offers connectors so you can use AWS Private CA with Kubernetes, Active Directory, and mobile device management (MDM) software.

AWS Private CA is available in all commercial AWS Regions, the AWS GovCloud (US) Regions, and the China Regions.

To learn more about AWS Private CA certificate limits, see AWS Private CA Service Quotas.

Read More for the details.