AWS::ACMPCA::CertificateAuthority RevocationConfiguration
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide.
Note
The following requirements apply to revocation configurations.
-
A configuration disabling CRLs or OCSP must contain only the
Enabled=Falseparameter, and will fail if other parameters such asCustomCnameorExpirationInDaysare included. -
In a CRL configuration, the
S3BucketNameparameter must conform to the Amazon S3 bucket naming rules. -
A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396
restrictions on the use of special characters in a CNAME. -
In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "CrlConfiguration" :CrlConfiguration, "OcspConfiguration" :OcspConfiguration}
Properties
-
Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
Required: No
Type: CrlConfiguration
Update requires: No interruption
-
Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
Required: No
Type: OcspConfiguration
Update requires: No interruption
