This page documents the known limitations of Certificate Authority Service.
Certificate revocation is only supported through Certificate Revocation Lists (CRLs). Online Certificate Status Protocol (OCSP) isn't supported by CA Service, but you can implement and run a delegated OCSP responder.
For more information on implementing an OCSP responder, see OCSP support.
The Cloud SDK and Google Cloud Console surfaces support automatically generating an asymmetric key-pair when issuing certificates for added convenience. Keys generated using Cloud SDK are limited to RSA-2048, while keys generated using Google Cloud Console support a wider selection of algorithms.
- Read answers to the frequently asked questions.
- Learn how to troubleshoot common issues encountered in CA Service.