AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)


The following Java sample shows how to use the DeleteCertificateAuthority function.

The function deletes the certificate authority that you created with the CreateCertificateAuthority function. The DeleteCertificateAuthority function requires that you enter an ARN for the CA to be deleted. You can find the ARN by using the ListCertificateAuthorities function. You can delete the CA immediately if its status is CREATING or PENDING_CERTIFICATE. If you have already imported the certificate, however, you cannot delete the CA unless it has been disabled for more than 30 days. To disable a CA, call the UpdateCertificateAuthority function and set the Status parameter to DISABLED.

package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.AmazonClientException; import com.amazonaws.auth.AWSStaticCredentialsProvider; import; import; import; import; import; import; public class DeletePCA { public static void main(String[] args) throws Exception{ // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try{ credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from disk", e); } // Define the endpoint for your sample. String endpointProtocol = ""; String endpointRegion = "region"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSPrivateCA client = AWSPrivateCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create a request object and set the ARN of the private CA to delete. DeleteCertificateAuthorityRequest req = new DeleteCertificateAuthorityRequest(); // Set the certificate ARN. req.setCertificateAuthorityArn("arn:aws:acm-pca:region:account:" + "certificate-authority/11111111-2222-3333-4444-555555555555"); // Delete the CA. try { client.deleteCertificateAuthority(req); } catch(ResourceNotFoundException ex) { throw ex; } catch(InvalidArnException ex) { throw ex; } catch(InvalidStateException ex) { throw ex; } } }