This article introduces AWS Private CA Connector for Active Directory, a new feature that simplifies certificate provisioning for Active Directory environments without requiring on-premises PKI infrastructure.

• Connector for AD integrates AWS Private CA with on-premises or AWS Managed Microsoft AD
• Eliminates need to build and manage Windows Server CAs and hardware security modules
• CA private keys stored in FIPS 140-2 Level 3 validated HSMs managed by AWS
• Supports auto-enrollment using existing AD group policy mechanisms
• Reduces operational overhead, compliance costs, and certificate lifecycle management
• Works with both on-premises AD via AD Connector and AWS Managed Microsoft AD
• Managed revocation through OCSP and certificate revocation lists
• Setup via AWS Management Console wizard in a few clicks

AWS Private CA Connector for AD enables organizations to migrate from self-managed PKI to a fully managed certificate authority service while maintaining existing AD workflows and processes.