AWS Certificate Manager 推出了 Private CA,讓使用者可以在不接觸到 CA 的 Private Key 就可以操作 CA 行為:「AWS Certificate Manager Launches Private Certificate Authority」。
支援的演算法除了標準的 RSA 外,還包括了 ECC 的 (雖然是 NIST 的 P-256 與 P-384):
然後直接內建了 CRL 服務,透過 Amazon S3 做:
要注意的是價錢有點奇怪:
Private CAs cost $400 per month (prorated) for each private CA. You are not charged for certificates created and maintained in ACM but you are charged for certificates where you have access to the private key (exported or created outside of ACM). The pricing per certificate is tiered starting at $0.75 per certificate for the first 1000 certificates and going down to $0.001 per certificate after 10,000 certificates.
中間省掉 1k 到 10k 是 USD$0.35/cert (可以在 pricing 頁面看到)。
不管如何,這計價模式有點怪怪的... 收了固定的費用,每個 certificate 的費用要到 USD$0.75,這看不太懂。另外是 10k 後的單價明顯與前面比例不太合。
看起來像是跟某個 partner 合作談出來奇怪的 pricing model,但也不知道是哪家... :o