AwsCertificateManagerCertificateDetails - AWS Security Hub
ContentsSee Also

AwsCertificateManagerCertificateDetails

Provides details about an AWS Certificate Manager certificate.

Contents

CertificateAuthorityArn

The ARN of the private certificate authority (CA) that will be used to issue the certificate.

Type: String

Pattern: .*\S.*

Required: No

CreatedAt

Indicates when the certificate was requested.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

Type: String

Pattern: .*\S.*

Required: No

DomainName

The fully qualified domain name (FQDN), such as www.example.com, that is secured by the certificate.

Type: String

Pattern: .*\S.*

Required: No

DomainValidationOptions

Contains information about the initial validation of each domain name that occurs as a result of the RequestCertificate request.

Only provided if the certificate type is AMAZON_ISSUED.

Type: Array of AwsCertificateManagerCertificateDomainValidationOption objects

Required: No

ExtendedKeyUsages

Contains a list of Extended Key Usage X.509 v3 extension objects. Each object specifies a purpose for which the certificate public key can be used and consists of a name and an object identifier (OID).

Type: Array of AwsCertificateManagerCertificateExtendedKeyUsage objects

Required: No

FailureReason

For a failed certificate request, the reason for the failure.

Valid values: NO_AVAILABLE_CONTACTS | ADDITIONAL_VERIFICATION_REQUIRED | DOMAIN_NOT_ALLOWED | INVALID_PUBLIC_DOMAIN | DOMAIN_VALIDATION_DENIED | CAA_ERROR | PCA_LIMIT_EXCEEDED | PCA_INVALID_ARN | PCA_INVALID_STATE | PCA_REQUEST_FAILED | PCA_NAME_CONSTRAINTS_VALIDATION | PCA_RESOURCE_NOT_FOUND | PCA_INVALID_ARGS | PCA_INVALID_DURATION | PCA_ACCESS_DENIED | SLR_NOT_FOUND | OTHER

Type: String

Pattern: .*\S.*

Required: No

ImportedAt

Indicates when the certificate was imported. Provided if the certificate type is IMPORTED.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

Type: String

Pattern: .*\S.*

Required: No

InUseBy

The list of ARNs for the AWS resources that use the certificate.

Type: Array of strings

Pattern: .*\S.*

Required: No

IssuedAt

Indicates when the certificate was issued. Provided if the certificate type is AMAZON_ISSUED.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

Type: String

Pattern: .*\S.*

Required: No

Issuer

The name of the certificate authority that issued and signed the certificate.

Type: String

Pattern: .*\S.*

Required: No

KeyAlgorithm

The algorithm that was used to generate the public-private key pair.

Valid values: RSA_2048 | RSA_1024 | RSA_4096 | EC_prime256v1 | EC_secp384r1 | EC_secp521r1

Type: String

Pattern: .*\S.*

Required: No

KeyUsages

A list of key usage X.509 v3 extension objects.

Type: Array of AwsCertificateManagerCertificateKeyUsage objects

Required: No

NotAfter

The time after which the certificate becomes invalid.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

Type: String

Pattern: .*\S.*

Required: No

NotBefore

The time before which the certificate is not valid.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

Type: String

Pattern: .*\S.*

Required: No

Options

Provides a value that specifies whether to add the certificate to a transparency log.

Type: AwsCertificateManagerCertificateOptions object

Required: No

RenewalEligibility

Whether the certificate is eligible for renewal.

Valid values: ELIGIBLE | INELIGIBLE

Type: String

Pattern: .*\S.*

Required: No

RenewalSummary

Information about the status of the AWS Certificate Manager managed renewal for the certificate. Provided only when the certificate type is AMAZON_ISSUED.

Type: AwsCertificateManagerCertificateRenewalSummary object

Required: No

Serial

The serial number of the certificate.

Type: String

Pattern: .*\S.*

Required: No

SignatureAlgorithm

The algorithm that was used to sign the certificate.

Type: String

Pattern: .*\S.*

Required: No

Status

The status of the certificate.

Valid values: PENDING_VALIDATION | ISSUED | INACTIVE | EXPIRED | VALIDATION_TIMED_OUT | REVOKED | FAILED

Type: String

Pattern: .*\S.*

Required: No

Subject

The name of the entity that is associated with the public key contained in the certificate.

Type: String

Pattern: .*\S.*

Required: No

SubjectAlternativeNames

One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate.

The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.

Type: Array of strings

Pattern: .*\S.*

Required: No

Type

The source of the certificate. For certificates that AWS Certificate Manager provides, Type is AMAZON_ISSUED. For certificates that are imported with ImportCertificate, Type is IMPORTED.

Valid values: IMPORTED | AMAZON_ISSUED | PRIVATE

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: