Menu
AWS SDK for C++
Developer Guide

Working with IAM Server Certificates

To enable HTTPS connections to your website or application on AWS, you need an SSL/TLS server certificate. You can use a server certificate provided by AWS Certificate Manager or one that you obtained from an external provider.

We recommend that you use ACM to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to your AWS resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about ACM, see the ACM User Guide.

Note

These code snippets assume that you understand the material in Getting Started Using the AWS SDK for C++ and have configured default AWS credentials using the information in Providing AWS Credentials.

Getting a Server Certificate

You can retrieve a server certificate by calling the IAMClient's GetServerCertificate function, passing it a GetServerCertificateRequest with the certificate's name.

Includes:

Copy
#include <aws/core/Aws.h> #include <aws/iam/IAMClient.h> #include <aws/iam/model/GetServerCertificateRequest.h> #include <aws/iam/model/GetServerCertificateResult.h> #include <iostream>

Code:

Copy
Aws::IAM::IAMClient iam; Aws::IAM::Model::GetServerCertificateRequest request; request.SetServerCertificateName(cert_name); auto outcome = iam.GetServerCertificate(request); if (!outcome.IsSuccess()) { std::cout << "Error getting server certificate " << cert_name << ": " << outcome.GetError().GetMessage() << std::endl; } else { const auto &certificate = outcome.GetResult().GetServerCertificate(); std::cout << "Name: " << certificate.GetServerCertificateMetadata().GetServerCertificateName() << std::endl << "Body: " << certificate.GetCertificateBody() << std::endl << "Chain: " << certificate.GetCertificateChain() << std::endl; }

See the complete example.

Listing Server Certificates

To list your server certificates, call the IAMClient's ListServerCertificates function with a ListServerCertificatesRequest. It returns a ListServerCertificatesResult.

Call the returned ListServerCertificateResult object's GetServerCertificateMetadataList function to get a list of ServerCertificateMetadata objects that you can use to get information about each certificate.

Results may be truncated; if the ListServerCertificateResult object's GetIsTruncated function returns true, call the ListServerCertificatesRequest object's SetMarker function and use it to call listServerCertificates again to get the next batch of results.

Includes:

Copy
#include <aws/core/Aws.h> #include <aws/iam/IAMClient.h> #include <aws/iam/model/ListServerCertificatesRequest.h> #include <aws/iam/model/ListServerCertificatesResult.h> #include <iostream> #include <iomanip>

Code:

Copy
Aws::IAM::IAMClient iam; Aws::IAM::Model::ListServerCertificatesRequest request; bool done = false; bool header = false; while (!done) { auto outcome = iam.ListServerCertificates(request); if (!outcome.IsSuccess()) { std::cout << "Failed to list server certificates: " << outcome.GetError().GetMessage() << std::endl; break; } if (!header) { std::cout << std::left << std::setw(55) << "Name" << std::setw(30) << "ID" << std::setw(80) << "Arn" << std::setw(14) << "UploadDate" << std::setw(14) << "ExpirationDate" << std::endl; header = true; } const auto &certificates = outcome.GetResult().GetServerCertificateMetadataList(); for (const auto &certificate : certificates) { std::cout << std::left << std::setw(55) << certificate.GetServerCertificateName() << std::setw(30) << certificate.GetServerCertificateId() << std::setw(80) << certificate.GetArn() << std::setw(14) << certificate.GetUploadDate().ToGmtString(DATE_FORMAT) << std::setw(14) << certificate.GetExpiration().ToGmtString(DATE_FORMAT) << std::endl; } if (outcome.GetResult().GetIsTruncated()) { request.SetMarker(outcome.GetResult().GetMarker()); } else { done = true; } }

See the complete example.

Updating a Server Certificate

You can update a server certificate's name or path by calling the IAMClient's UpdateServerCertificate function. It takes a UpdateServerCertificateRequest object set with the server certificate's current name and either a new name or new path to use.

Includes:

Copy
#include <aws/core/Aws.h> #include <aws/iam/IAMClient.h> #include <aws/iam/model/UpdateServerCertificateRequest.h> #include <iostream>

Code:

Copy
Aws::IAM::IAMClient iam; Aws::IAM::Model::UpdateServerCertificateRequest request; request.SetServerCertificateName(old_name); request.SetNewServerCertificateName(new_name); auto outcome = iam.UpdateServerCertificate(request); if (outcome.IsSuccess()) { std::cout << "Server certificate " << old_name << " successfully renamed as " << new_name << std::endl; } else { std::cout << "Error changing name of server certificate " << old_name << " to " << new_name << ":" << outcome.GetError().GetMessage() << std::endl; }

See the complete example.

Deleting a Server Certificate

To delete a server certificate, call the IAMClient's DeleteServerCertificate function with a DeleteServerCertificateRequest containing the certificate's name.

Includes:

Copy
#include <aws/core/Aws.h> #include <aws/iam/IAMClient.h> #include <aws/iam/model/DeleteServerCertificateRequest.h> #include <iostream>

Code:

Copy
Aws::IAM::IAMClient iam; Aws::IAM::Model::DeleteServerCertificateRequest request; request.SetServerCertificateName(cert_name); const auto outcome = iam.DeleteServerCertificate(request); if (!outcome.IsSuccess()) { std::cout << "Error deleting server certificate " << cert_name << ": " << outcome.GetError().GetMessage() << std::endl; } else { std::cout << "Successfully deleted server certificate " << cert_name << std::endl; }

See the complete example.

More Information