AWS Security ChangesHomeSearch

AWS privateca documentation change

Service: privateca · 2025-03-23 · Documentation low

File: privateca/latest/userguide/crl-planning.md

Summary

Added CRL capacity information and certificate spelling corrections

Security assessment

Change clarifies CRL operational limits without addressing security vulnerabilities or adding security features

Diff

diff --git a/privateca/latest/userguide/crl-planning.md b/privateca/latest/userguide/crl-planning.md
index 227fb1740..d1bce4bf3 100644
--- a/privateca/latest/userguide/crl-planning.md
+++ b/privateca/latest/userguide/crl-planning.md
@@ -30 +30 @@ For information about using Online Certificate Status Protocol (OCSP) as an alte
-  * **Complete** \- The default setting. AWS Private CA maintains a single, unpartitioned CRL file for all unexpired certificates issued by a CA that have been revoked for any reason. Each certificate that AWS Private CA issues is bound to a specific CRL through its CRL distribution point (CDP) extension, defined in [ RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9). 
+  * **Complete** \- The default setting. AWS Private CA maintains a single, unpartitioned CRL file for all unexpired certificates issued by a CA that have been revoked. Each certificate that AWS Private CA issues is bound to a specific CRL through its CRL distribution point (CDP) extension, as defined in [ RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9). You can have up to 1 million private certificates for each CA with complete CRL enabled. For more information, see the [AWS Private CA quotas](https://docs.aws.amazon.com/https://docs.aws.amazon.com/general/latest/gr/pca.html#limits_pca).