Certificate Authority Service

Secure your workloads, devices, and data with private CAs

Certificate Authority Service enables you to deploy and manage cloud-based private CAs to issue certificates and secure your workloads

View documentation for this product.

기능

Simple deployment and management

Spin up a dedicated, enterprise-grade, private PKI in minutes and start issuing certificates. Free yourself from the burden of operating your own infrastructure, CAs, and HSMs. Easily create your own root CA directly in the cloud or create a subordinate CA that chains up to your on-prem root.

World class reliability and scalability

Certificate Authority Service has some of the highest availability and scalability in the industry and is backed by SLA. Confidently scale to millions of certificates and further increase scale by grouping a few CAs under a CA pool. More importantly, have peace of mind knowing that you are depending on the same infrastructure that powers Google's own workloads and services.

Automatic certificate management for Google Cloud services

Use our native integration with Google Cloud services like Cloud Service Mesh, load balancers, GCE VMs (through managed workload identities), Secure Web Proxy, and many more so you don't have to manage your certificate's life cycle.

Full customization of your CA

Scale from simple to advanced use cases by configuring the root CA (for example, existing on-premises or cloud), custom key sizes and algorithms, location (region) of the CA, bring your own cloud KMS key, and more. Manage, automate, and integrate private CAs and certificates in the way that’s most convenient for you: via APIs, gcloud command line, or cloud console.

Support compliance with various regulations

Have confidence that your CAs are approved as part of ISO 27001, 27017, 27018, SOC1, SOC2, SOC3, BSI C5, and PCI DSS.

Competitive, pay-as-you-go pricing

Help lower your total cost of ownership and simplify licensing with pay-as-you-go pricing and zero capital expenditures. Pay only for what you use. Also, for high volume certificates, consider subscription for even less expensive alternatives.

Enable defense-in-depth with granular access controls

Define granular, context-aware access controls and virtual security perimeters for CA Service with Cloud IAM and VPC Service Controls. Leverage certificate templates and per user-group policies to achieve even more granular control over certificate issuance.

Protect your keys in an HSM

Store your CA keys using Cloud HSM, which is FIPS 140-2 Level 3 validated and available in regions across the Americas, Europe, and Asia Pacific.

Audit user activity

Obtain tamper-proof logs and gain visibility into who did what, when, and where with Cloud Audit Logs.

작동 방식

Certificate Authority Service (CA Service) is a highly scalable Google Cloud service that lets you simplify and automate the deployment, management, and security of private certificate authorities (CA). Private CAs issue digital certificates that include entity identity, issuer identity, and cryptographic signatures.


How to use Certificate Authority Service to create private certificates for DevOps
Get started with Certificate Authority Service

일반적인 용도

CA Service use cases

Visit our YouTube playlist to watch short videos highlighting different use cases and how-tos, including supporting hybrid environments, policy controls, and more.

Manage CAS with Terraform text, Google Cloud logo, and a lady on screen

    Visit our YouTube playlist to watch short videos highlighting different use cases and how-tos, including supporting hybrid environments, policy controls, and more.

    Manage CAS with Terraform text, Google Cloud logo, and a lady on screen

      가격 책정

      Certificate Authority Service pricingThere are two pricing options available: pay-as-you-go and subscription. If you plan to deploy more than 1 million certificates per year, consider our subscription model for more attractive pricing.
      SKUProductPrice

      DevOps

      Monthly CA fee

      $20 per CA per month

      0-50,000 certificates

      $0.3 per certificate

      50,001 -100,000 certificates

      $0.03 per certificate

      100,001+ certificates

      $0.0009 per certificate

      Enterprise

      Monthly CA fee


      $200 per CA per month

      0-50,000 certificates

      $0.5 per certificate

      50,001 -100,000 certificates

      $0.05 per certificate

      100,001+ certificates

      $0.001 per certificate

      The monthly CA fee is separate from the per-certificate fee. Certificate fee is a one-time charge for every certificate issued. Learn more about Certificate Authority Service pricing.

      Certificate Authority Service pricing

      There are two pricing options available: pay-as-you-go and subscription. If you plan to deploy more than 1 million certificates per year, consider our subscription model for more attractive pricing.

      DevOps

      Product

      Monthly CA fee

      Price

      $20 per CA per month

      0-50,000 certificates

      Product

      $0.3 per certificate

      50,001 -100,000 certificates

      Product

      $0.03 per certificate

      100,001+ certificates

      Product

      $0.0009 per certificate

      Enterprise

      Product

      Monthly CA fee


      Price

      $200 per CA per month

      0-50,000 certificates

      Product

      $0.5 per certificate

      50,001 -100,000 certificates

      Product

      $0.05 per certificate

      100,001+ certificates

      Product

      $0.001 per certificate

      The monthly CA fee is separate from the per-certificate fee. Certificate fee is a one-time charge for every certificate issued. Learn more about Certificate Authority Service pricing.

      Pricing Calculator

      Use the Google Cloud Pricing Calculator to estimate the cost of using CA Service.

      CUSTOM QUOTE

      Connect with our sales team to get a custom quote for your organization.

      Start your proof of concept

      CA Service lets you deploy and manage private certificate authorities (CAs) without managing infrastructure

      Learn more about our best practices when deploying your CAs

      Need help getting started?

      Work with a trusted partner

      Get tips and best practices

      비즈니스 사례

      Our customers



      Deutsche Bank logo

      Deutsche Bank partnered with Google Cloud to manage the encryption of data in transit for hundreds of the company’s applications.

      Murat Kubilay, Lead Engineer, Deutsche Bank

      "CAS is a cornerstone for extending PKI to cloud workloads."

      Read blog

      파트너 및 통합

      Partners
      • AppViewX
      • Venafi
      • Keyfactor
      • Jetstack
      • Smallstep
      • AppViewX
      • Venafi
      • Keyfactor
      • Jetstack
      • Smallstep

      Migrate your on-premises PKI to cloud leveraging our partner solutions that integrate with Certificate Authority Service.

      Google Cloud
      • ‪English‬
      • ‪Deutsch‬
      • ‪Español‬
      • ‪Español (Latinoamérica)‬
      • ‪Français‬
      • ‪Indonesia‬
      • ‪Italiano‬
      • ‪Português (Brasil)‬
      • ‪简体中文‬
      • ‪繁體中文‬
      • ‪日本語‬
      • ‪한국어‬
      콘솔
      Google Cloud