AWS Private CA

Overview

QCecuring integrates with AWS Certificate Manager Private Certificate Authority (ACM PCA) to unify how private certificates are requested, approved, and deployed across your cloud and hybrid environments. This allows security teams to maintain consistent policies while leveraging AWS-native PKI.

Key capabilities

• Brokered certificate enrollment to ACM PCA from applications, services, and devices.
• Policy-driven controls for which workloads can request which ACM PCA templates.
• Automated renewal and re-deployment of ACM PCA certificates to downstream systems.
• Central inventory and reporting that spans AWS and on-premises deployments.

Typical use cases

• Cloud-native microservices that need short-lived internal TLS certificates.
• Hybrid environments where ACM PCA is the issuing CA but enforcement and visibility need to be centralized.
• Organizations standardizing on AWS for PKI while serving workloads running outside AWS.

High-level integration flow

1. Connect QCecuring to your AWS account with scoped IAM permissions for ACM PCA operations.
2. Discover existing ACM PCA hierarchies and map them to QCecuring certificate profiles.
3. Applications and platforms request certificates via QCecuring, which in turn requests issuance from ACM PCA.
4. The platform delivers issued certificates to targets (e.g., web servers, load balancers, containers) using secure channels.
5. Renewals, revocations, and policy updates are orchestrated centrally, with full auditability.

CBOM Discovery

QCecuring’s CBOM module inventories all private CA certificates issued through ACM PCA, mapping algorithms, key sizes, and certificate chains into your organization’s cryptographic asset inventory.