Certificate Authority Service
GCPSecurityHosted private PKI for issuing and managing X.509 certificates inside an organisation — root and subordinate CAs, automated lifecycle (rotation, revocation), and Cloud KMS-backed signing keys, replacing self-managed OpenSSL or Active Directory CS deployments
FluffyStack toolsSub-services (2)
Root and subordinate CAs
Hierarchical CA structure with policy-controlled issuance
Certificate templates
Reusable issuance policies (key usage, EKU, lifetime) shared across CAs
Compliance & Certifications
This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.
Where this runs
Sovereign regions (2)
- T-Systems Sovereign Cloud · FrankfurtT-Systems Sovereign Cloud powered by Google Cloud
- S3NS Sovereign Cloud · ParisS3NS — Google Cloud + Thales joint venture
Commercial regions (42)
Europe (13)
- Belgium
- Finland
- Paris
- Berlin
- Frankfurt
- Milan
- Turin
- Netherlands
- Warsaw
- Madrid
- Stockholm
- Zurich
- London
North America (12)
- Montréal
- Toronto
- Querétaro
- Northern Virginia
- Columbus
- Iowa
- Dallas
- Las Vegas
- Los Angeles
- South Carolina
- Salt Lake City
- Oregon
South America (2)
- São Paulo
- Santiago
Asia (9)
- Hong Kong
- Delhi
- Mumbai
- Jakarta
- Osaka
- Tokyo
- Singapore
- Seoul
- Taiwan
Oceania (2)
- Melbourne
- Sydney
Middle East (3)
- Tel Aviv
- Doha
- Dammam
Africa (1)
- Johannesburg
Tags
Equivalent services on other platforms
Provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and internal connected resources, with free public certificates and fully managed private CA via ACM Private CA
Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement