Current Documents

Certificate Policy

Amazon Trust Services Certificate Policy v1.0.3

Certification Practice Statement

Amazon Trust Services Certification Practice Statement v1.0.4

Subscriber Agreement

Amazon Trust Services Certificate Subscriber Agreement v1.2

Relying Party Agreement

Amazon Trust Services Relying Party Agreement v1.1

Certification Authorities

The following certificate authorities are operated according to the practices described in the above CPS.
Distingushed Names are represented using the algorithm recommended in RFC 4514.

Root CAs

Distinguished NameSHA-256 Hash of Subject Public Key InformationSelf-Signed CertificateTest URLs
CN=Amazon Root CA 1,O=Amazon,C=USfbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2DER PEMValid Revoked Expired
CN=Amazon Root CA 2,O=Amazon,C=US7f4296fc5b6a4e3b35d3c369623e364ab1af381d8fa7121533c9d6c633ea2461DER PEMValid Revoked Expired
CN=Amazon Root CA 3,O=Amazon,C=US36abc32656acfc645c61b71613c4bf21c787f5cabbee48348d58597803d7abc9DER PEMValid Revoked Expired
CN=Amazon Root CA 4,O=Amazon,C=USf7ecded5c66047d28ed6466b543c40e0743abe81d109254dcf845d4c2c7853c5DER PEMValid Revoked Expired
CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US2b071c59a0a0ae76b0eadb2bad23bad4580b69c3601b630c2eaf0613afa83f92DER PEMValid Revoked Expired
The certificate files above are licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Other CAs

Distinguished NameSHA-256 Hash of Subject Public Key InformationTrust Anchor Info
CN=Amazon,OU=Server CA 0A,O=Amazon,C=USb58539ecaa13921ccdb80d38d34875fde6471c5a159d9beef2fa6f99983bd611DER PEM
CN=Amazon,OU=Server CA 1A,O=Amazon,C=US64bb5bd80311fa3f53bd99404cab8762ad6e048447d0a97f219fceca1661f37cDER PEM
CN=Amazon,OU=Server CA 2A,O=Amazon,C=US1bda5afff83781380bf708198f9f7d2db1e067f14bb9ea7bae70aac0b0305e7bDER PEM
CN=Amazon,OU=Server CA 3A,O=Amazon,C=US7c53b5df79135d9af6195ef6bb73ab98c2c89950b892b192dffd784db925a41cDER PEM
CN=Amazon,OU=Server CA 4A,O=Amazon,C=US17708dff2b7faec9cb1b5215ebb2421d97b0543c936fac9d6e02b92f20e5c707DER PEM

WebTrust for Certification Authorities Audits

Cross Certificates

The following certificates have a CA listed above as the subject.

CertificateCertificate Hash (SHA-256)
DER PEM 1e3e5f714569b45d73657b242f07b236c26c3a9db5c1e36acb5e0e8f77966c3c
DER PEM 205154b777edc55a5146585a5e54e054a70be4aad3b85d02318da27bf807adf1
DER PEM 2847b37ef0ff545e744a45b90119cd6c7938f6f709ea3b93499aa6e57552ab3b
DER PEM 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
DER PEM 2d12b619a660cefb013271831d891213fc434e982a21568256cf4e2e86324bea
DER PEM 391220705b75bcf3ed3cd4b3631213f569d2cf8226101e170799a5354ab12861
DER PEM 39c763a9cf19d923f977d23626ab890449a444ab8b795c815ef1ef81febc1e38
DER PEM 40c826fdb22ba32a2f9db4f94770f72b8b1da9c8ffda7b11e6f27af245c89b5e
DER PEM 40cd66a295294fd0fbdc869b10e8b98f1a454a98420c84dc26885d5565b7deb1
DER PEM 4e37f74b30dd054c90cb61e3e95f6266a1f5d528d876b4c0797d4ff864598008
DER PEM 543d9b7fc2a6471cd84fca52c2cf6159df83ebfcd88d8b08b5af3f88737f52e6
DER PEM 72130e3b28900349214617f4d6f3fb85d08475ee78bf095c59458a14d1828866
DER PEM 7bed29276acbed9f176f38bba3a67ce5815b5cbf1522c7bb59ecd86b09e16ed2
DER PEM 80dd9e3497f354e30b8acf39d046dd4f5a618f7889236eb34f78d54d15cd6a50
DER PEM 87dcd4dc74640a322cd205552506d1be64f12596258096544986b4850bc72706
DER PEM 8b358466d66126312120645a5875a6a57e3c81d98476a967604244254eac00f0
DER PEM b2d98c992cf7ed639190854b7d66a26dbc22b0b8d8a87dfc7d19e25f5d6c9953
DER PEM b3feee99d4d595fa837828e14dec2c4d91e8669f92413d007a94db0059fd0dac
DER PEM dfcc775c644db4a33ad71293433f463c8e31057ce22cb267f9d31a0353f4fc2f
DER PEM e39d3ed886e5a3af26b9d6ab608028bc6fbc52e599cb323da7e9e775b530337c
DER PEM eb159c922a3fc2191475ca20a53816d87a38a1a79a7264789193d2f1f750e85e

Externally Operated Subordinate CAs

The following certificates have a CA listed above as the issuer.

CertificateCertificate Hash (SHA-256)Additional Information
DER PEM 4a1ff6bbf481170d3b773cec1f3a84de3b5096575cdbf8b08432209318ca0fbd Constraints: Path length: 0, Policy: 2.23.140.1.2.1
Operator: DigiCert, Inc.
CP, CPS, and Audit statements
Test Website
DER PEM f55f9ffcb83c73453261601c7e044db15a0f034b93c05830f28635ef889cf670

Requests and Problem Reporting

Problem Reporting

Reports of problems with certificates issued by Amazon may be submitted by emailing ats-tsp-requests[at]amazon.com. All reports need to include sufficient detail to identify the specific certificates in question and the problem being reported.

Revocation Requests

Subscribers may request revocation of their own certificates by emailing ats-tsp-requests[at]amazon.com. All reports need to include sufficient detail to identify the specific certificates to be revoked.

Requester Authorization

Applicants may limit individuals who may request certificates on their behalf and may request a list of their currently authorized certificate requesters. Requests to limit or list requesters should be addressed to validation-questions[at]amazon.com.

Archives

DocumentEffectiveSuperseded DateSuccessor Verson
Amazon Trust Services Relying Party Agreement v1.0October 28, 2015September 9, 2016v1.2
Amazon Trust Services Certificate Subscriber Agreement v1.1November 2, 2015September 9, 2016v1.2
Amazon Web Services Certificate Subscriber Agreement v1.0May 26, 2015November 2, 2015v1.1
Amazon Trust Services Certificate Policy v1.0.2October 21, 2015December 16, 2015v1.0.3
Amazon Web Services Certificate Policy v1.0.1May 26, 2015October 21, 2015v1.0.2
Amazon Trust Services Certification Practice Statement v1.0.3October 21, 2015December 16, 2015v1.0.4
Amazon Web Services Certification Practice Statement v1.0.2June 10, 2015October 21, 2015v1.0.3
Amazon Web Services Certification Practice Statement v1.0.1May 26, 2015June 10, 2015v1.0.2

Point in Time Audits
Trust Service Principles and Criteria for Certification Authorities Version 2.0
WebTrust Principles and Criteria for Certification Authorities - SSL Baseline with Network Security - Version 2.0
WebTrust Principles and Criteria for Certification Authorities - Extended Validation SSL - Version 1.4.5
WebTrust Principles and Criteria for Certification Authorities - Extended Validation Code Signing
Trust Service Principles and Criteria for Certification Authorities Version 2.0
WebTrust Principles and Criteria for Certification Authorities - SSL Baseline with Network Security - Version 2.0
WebTrust Principles and Criteria for Certification Authorities - Extended Validation SSL - Version 1.4.5