US 11,888,997 B1
Certificate manager
Peter Zachary Bowen, Bainbridge Island, WA (US); Todd Lawrence Cignetti, Ashburn, VA (US); Preston Anthony Elder, III, Fairfax, VA (US); Brandonn Gorman, Seattle, WA (US); Ronald Andrew Hoskinson, Herndon, VA (US); Jonathan Kozolchyk, Seattle, WA (US); Kenneth Lawler, Seattle, WA (US); Marcel Andrew Levy, Seattle, WA (US); Kyle Benjamin Schultheiss, Centreville, VA (US); Sandeep Shantharaj, Herndon, VA (US); Param Sharma, Haymarket, VA (US); and Jose Maria Silveira Neto, Herndon, VA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Jun. 25, 2018, as Appl. No. 16/018,014.
Claims priority of provisional application 62/652,236, filed on Apr. 3, 2018.
Int. Cl. H04L 9/32 (2006.01); H04L 9/08 (2006.01)
CPC H04L 9/3268 (2013.01) [H04L 9/0897 (2013.01); H04L 9/3247 (2013.01); H04L 9/3297 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
one or more processors; and
memory to store computer-executable instructions that, as a result of being executed by the one or more processors, cause the system to:
provide, to a client computer system associated with an account of a computing resource service provider, an interface for:
creating a private certificate authority; and
performing operations to one or more digital certificates;
obtain, at a certificate management service of the computing resource service provider, a first request from the interface to create a first private certificate authority within a computing resource environment provided by the computing resource service provider;
provision, based at least in part on a first operation of the certificate management service, a computer system within the computing resource environment to operate as the first private certificate authority in accordance with parameters specified with the first request;
obtain, at the certificate management service over a first communication channel, a second request to perform an operation to a digital certificate of the one or more digital certificates;
generate, by the certificate management service, a determination that an issuer of the digital certificate is a second private certificate authority, the second private certificate authority being:
created based at least in part on a second operation of the certificate management service within the computing resource environment; and
accessible, by the client computer system, through an application programming interface provided by the certificate management service, over a second communication channel comprising a distinct protocol from the first communication channel; and
based at least in part on the determination, cause the second private certificate authority to perform the second operation by at least providing the second private certificate authority with the second request obtained by the certificate management service through the application programming interface.