OcspConfiguration

Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.

Contents

Enabled

Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

Type: Boolean

Required: Yes

OcspCustomCname

By default, ACM Private CA injects an AWS domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

For more information, see Customizing Online Certificate Status Protocol (OCSP) in the AWS Certificate Manager Private Certificate Authority (PCA) User Guide.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 253.

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for Ruby V3