AWS Certificate Manager (ACM) Private Certificate Authority (CA) now enforces name constraints in imported CA certificates


Administrators can now control which names are allowed or prohibited in certificates issued from their private CAs. Customers use private CAs to issue certificates that identify resources within their organizations, such as API endpoints with names like api-example.corp, or server names such as server1.project1.corp. Administrators can allow names they want to be used such as project1.corp, and deny names, including public DNS domain names, such as or *.com or private domain names reserved for other internal projects, such as project2.corp. With these name constraints policies in place, CA administrators can ensure their CA will be used to issue private certificates only for approved resource names. To learn more about name constraints see the ACM Private CA documentation.

To get started, first time ACM Private CA customers can try the service for 30 days with no charge for the operation of their first CA. Visit the ACM Private CA website to learn more about ACM Private CA. 

Source link

Related Posts