Stay organized with collections
Save and categorize content based on your preferences.
Certificate Authority Service is a scalable Google Distributed Cloud (GDC) air-gapped
service that lets you simplify, automate, and customize the deployment,
management, and security of private certificate authorities (CA). Private
certificate authorities are one of the most common ways to authenticate users, machines, or
services over networks. Private CAs issue digital certificates for entity
identity, issuer identity, and cryptographic signatures.
With CA Service, you can create both root CAs and sub CAs:
Root CAs: The root CA has a self-signed certificate. This certificate type
sits at the top of the certificate chain.
Sub CAs: The signer of the CA certificate is either another CA created in the
CA Service, or an external CA.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eCertificate Authority Service is a scalable GDC air-gapped service for simplifying, automating, and securing private certificate authority deployment and management.\u003c/p\u003e\n"],["\u003cp\u003ePrivate certificate authorities are a common method for authenticating users, machines, or services over networks using digital certificates.\u003c/p\u003e\n"],["\u003cp\u003eCA Service enables the creation of both root CAs, which are self-signed and sit at the top of the certificate chain, and sub CAs, which are signed by another CA.\u003c/p\u003e\n"],["\u003cp\u003eThe service allows users to create root CAs, create subordinate certificate authorities and request certificates.\u003c/p\u003e\n"]]],[],null,["# Certificate Authority Service overview\n\nCertificate Authority Service is a scalable Google Distributed Cloud (GDC) air-gapped\nservice that lets you simplify, automate, and customize the deployment,\nmanagement, and security of private certificate authorities (CA). Private\ncertificate authorities are one of the most common ways to authenticate users, machines, or\nservices over networks. Private CAs issue digital certificates for entity\nidentity, issuer identity, and cryptographic signatures.\n\nWith CA Service, you can create both root CAs and sub CAs:\n\n- Root CAs: The root CA has a self-signed certificate. This certificate type sits at the top of the certificate chain.\n- Sub CAs: The signer of the CA certificate is either another CA created in the CA Service, or an external CA.\n\nWhat's next\n-----------\n\n- [Create a root CA](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/ca-service/create-root-ca)\n- [Create a managed subordinate certificate authority](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/ca-service/create-subca)\n- [Request a certificate](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/ca-service/request-cert)"]]