CertificateAuthority
Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority action to create your private CA. You must then call the GetCertificateAuthorityCertificate action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your ACM Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate action to import the signed certificate into AWS Certificate Manager (ACM).
Contents
- Arn
-
Amazon Resource Name (ARN) for your private certificate authority (CA). The format is
12345678-1234-1234-1234-123456789012
.Type: String
Length Constraints: Minimum length of 5. Maximum length of 200.
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*
Required: No
- CertificateAuthorityConfiguration
-
Your private CA configuration.
Type: CertificateAuthorityConfiguration object
Required: No
- CreatedAt
-
Date and time at which your private CA was created.
Type: Timestamp
Required: No
- FailureReason
-
Reason the request to create your private CA failed.
Type: String
Valid Values:
REQUEST_TIMED_OUT | UNSUPPORTED_ALGORITHM | OTHER
Required: No
- LastStateChangeAt
-
Date and time at which your private CA was last updated.
Type: Timestamp
Required: No
- NotAfter
-
Date and time after which your private CA certificate is not valid.
Type: Timestamp
Required: No
- NotBefore
-
Date and time before which your private CA certificate is not valid.
Type: Timestamp
Required: No
- OwnerAccount
-
The AWS account ID that owns the certificate authority.
Type: String
Length Constraints: Fixed length of 12.
Pattern:
[0-9]+
Required: No
- RestorableUntil
-
The period during which a deleted CA can be restored. For more information, see the
PermanentDeletionTimeInDays
parameter of the DeleteCertificateAuthorityRequest action.Type: Timestamp
Required: No
- RevocationConfiguration
-
Information about the certificate revocation list (CRL) created and maintained by your private CA.
Type: RevocationConfiguration object
Required: No
- Serial
-
Serial number of your private CA.
Type: String
Required: No
- Status
-
Status of your private CA.
Type: String
Valid Values:
CREATING | PENDING_CERTIFICATE | ACTIVE | DELETED | DISABLED | EXPIRED | FAILED
Required: No
- Type
-
Type of your private CA.
Type: String
Valid Values:
ROOT | SUBORDINATE
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: