Certificate Authority Service
Secure your workloads, devices, and data with private CAs
Certificate Authority Service enables you to deploy and manage cloud-based private CAs to issue certificates and secure your workloads
View documentation for this product.
Features
Simple deployment and management
Spin up a dedicated, enterprise-grade, private PKI in minutes and start issuing certificates. Free yourself from the burden of operating your own infrastructure, CAs, and HSMs. Easily create your own root CA directly in the cloud or create a subordinate CA that chains up to your on-prem root.
World class reliability and scalability
Certificate Authority Service has some of the highest availability and scalability in the industry and is backed by SLA. Confidently scale to millions of certificates and further increase scale by grouping a few CAs under a CA pool. More importantly, have peace of mind knowing that you are depending on the same infrastructure that powers Google's own workloads and services.
Automatic certificate management for Google Cloud services
Use our native integration with Google Cloud services like Cloud Service Mesh, load balancers, GCE VMs (through managed workload identities), Secure Web Proxy, and many more so you don't have to manage your certificate's life cycle.
Full customization of your CA
Scale from simple to advanced use cases by configuring the root CA (for example, existing on-premises or cloud), custom key sizes and algorithms, location (region) of the CA, bring your own cloud KMS key, and more. Manage, automate, and integrate private CAs and certificates in the way that’s most convenient for you: via APIs, gcloud command line, or cloud console.
Support compliance with various regulations
Have confidence that your CAs are approved as part of ISO 27001, 27017, 27018, SOC1, SOC2, SOC3, BSI C5, and PCI DSS.
Competitive, pay-as-you-go pricing
Help lower your total cost of ownership and simplify licensing with pay-as-you-go pricing and zero capital expenditures. Pay only for what you use. Also, for high volume certificates, consider subscription for even less expensive alternatives.
Enable defense-in-depth with granular access controls
Define granular, context-aware access controls and virtual security perimeters for CA Service with Cloud IAM and VPC Service Controls. Leverage certificate templates and per user-group policies to achieve even more granular control over certificate issuance.
Audit user activity
Obtain tamper-proof logs and gain visibility into who did what, when, and where with Cloud Audit Logs.
How It Works
Certificate Authority Service (CA Service) is a highly scalable Google Cloud service that lets you simplify and automate the deployment, management, and security of private certificate authorities (CA). Private CAs issue digital certificates that include entity identity, issuer identity, and cryptographic signatures.
Certificate Authority Service (CA Service) is a highly scalable Google Cloud service that lets you simplify and automate the deployment, management, and security of private certificate authorities (CA). Private CAs issue digital certificates that include entity identity, issuer identity, and cryptographic signatures.
Common Uses
CA Service use cases
Visit our YouTube playlist to watch short videos highlighting different use cases and how-tos, including supporting hybrid environments, policy controls, and more.
Visit our YouTube playlist to watch short videos highlighting different use cases and how-tos, including supporting hybrid environments, policy controls, and more.
Tutorials, quickstarts, & labs
Visit our YouTube playlist to watch short videos highlighting different use cases and how-tos, including supporting hybrid environments, policy controls, and more.
Visit our YouTube playlist to watch short videos highlighting different use cases and how-tos, including supporting hybrid environments, policy controls, and more.
Pricing
| Certificate Authority Service pricing | There are two pricing options available: pay-as-you-go and subscription. If you plan to deploy more than 1 million certificates per year, consider our subscription model for more attractive pricing. | |
|---|---|---|
| SKU | Product | Price |
DevOps | Monthly CA fee | $20 per CA per month |
0-50,000 certificates | $0.3 per certificate | |
50,001 -100,000 certificates | $0.03 per certificate | |
100,001+ certificates | $0.0009 per certificate | |
Enterprise | Monthly CA fee | $200 per CA per month |
0-50,000 certificates | $0.5 per certificate | |
50,001 -100,000 certificates | $0.05 per certificate | |
100,001+ certificates | $0.001 per certificate | |
The monthly CA fee is separate from the per-certificate fee. Certificate fee is a one-time charge for every certificate issued. Learn more about Certificate Authority Service pricing.
Certificate Authority Service pricing
There are two pricing options available: pay-as-you-go and subscription. If you plan to deploy more than 1 million certificates per year, consider our subscription model for more attractive pricing.
DevOps
Monthly CA fee
$20 per CA per month
0-50,000 certificates
$0.3 per certificate
50,001 -100,000 certificates
$0.03 per certificate
100,001+ certificates
$0.0009 per certificate
Enterprise
Monthly CA fee
$200 per CA per month
0-50,000 certificates
$0.5 per certificate
50,001 -100,000 certificates
$0.05 per certificate
100,001+ certificates
$0.001 per certificate
The monthly CA fee is separate from the per-certificate fee. Certificate fee is a one-time charge for every certificate issued. Learn more about Certificate Authority Service pricing.
Pricing Calculator
CUSTOM QUOTE
Start your proof of concept
CA Service lets you deploy and manage private certificate authorities (CAs) without managing infrastructure
Learn more about our best practices when deploying your CAs
Need help getting started?
Work with a trusted partner
Get tips and best practices
Business Case
Our customers
Deutsche Bank partnered with Google Cloud to manage the encryption of data in transit for hundreds of the company’s applications.
Murat Kubilay, Lead Engineer, Deutsche Bank
"CAS is a cornerstone for extending PKI to cloud workloads."
Read blog
Partners & Integration
Partners
Our Partners
Migrate your on-premises PKI to cloud leveraging our partner solutions that integrate with Certificate Authority Service.
