Sign In to the Console
AWS Certificate Manager Private Certificate Authority
AWS Private Certificate Authority Documentation (API Version 2017-08-22)

AWS Documentation » AWS Private Certificate Authority Documentation » Data Types » CertificateAuthority

CertificateAuthority

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority operation to create your private CA. You must then call the GetCertificateAuthorityCertificate operation to retrieve a private CA certificate signing request (CSR). Take the CSR to your on-premises CA and sign it with the root CA certificate or a subordinate certificate. Call the ImportCertificateAuthorityCertificate operation to import the signed certificate into AWS Certificate Manager (ACM).

Contents

Arn

Amazon Resource Name (ARN) for your private certificate authority (CA). The format is 12345678-1234-1234-1234-123456789012 .

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*

Required: No

CertificateAuthorityConfiguration

Your private CA configuration.

Type: CertificateAuthorityConfiguration object

Required: No

CreatedAt

Date and time at which your private CA was created.

Type: Timestamp

Required: No

FailureReason

Reason the request to create your private CA failed.

Type: String

Valid Values: REQUEST_TIMED_OUT | UNSUPPORTED_ALGORITHM | OTHER

Required: No

LastStateChangeAt

Date and time at which your private CA was last updated.

Type: Timestamp

Required: No

NotAfter

Date and time after which your private CA certificate is not valid.

Type: Timestamp

Required: No

NotBefore

Date and time before which your private CA certificate is not valid.

Type: Timestamp

Required: No

RestorableUntil

The period during which a deleted CA can be restored. For more information, see the PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest operation.

Type: Timestamp

Required: No

RevocationConfiguration

Information about the certificate revocation list (CRL) created and maintained by your private CA.

Type: RevocationConfiguration object

Required: No

Serial

Serial number of your private CA.

Type: String

Required: No

Status

Status of your private CA.

Type: String

Valid Values: CREATING | PENDING_CERTIFICATE | ACTIVE | DELETED | DISABLED | EXPIRED | FAILED

Required: No

Type

Type of your private CA.

Type: String

Valid Values: SUBORDINATE

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

On this page: