AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)


The following Java sample shows how to use the TagCertificateAuthority function.

This function adds one or more tags to your private CA. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. You specify the private CA on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value pair. You can apply a tag to just one private CA if you want to identify a specific characteristic of that CA, or you can apply the same tag to multiple private CAs if you want to filter for a common relationship among those CAs. To remove one or more tags, use the UntagCertificateAuthority function. Call the ListTags function to see what tags are associated with your CA.

package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import java.util.ArrayList; import com.amazonaws.AmazonClientException; import com.amazonaws.auth.AWSStaticCredentialsProvider; import; import; import; import; import; import; import; import; public class AddTags { public static void main(String[] args) { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try{ credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from disk", e); } // Define the endpoint for your sample. String endpointProtocol = ""; String endpointRegion = "region"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSPrivateCA client = AWSPrivateCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create a tag - method 1 Tag tag1 = new Tag(); tag1.setKey("Administrator"); tag1.setValue("Bob"); // Create a tag - method 2 Tag tag2 = new Tag() .withKey("Purpose") .withValue("WebServices"); // Add the tags to a collection. ArrayList<Tag> tags = new ArrayList<Tag>(); tags.add(tag1); tags.add(tag2); // Create a request object and specify the ARN of the certificate. TagCertificateAuthorityRequest req = new TagCertificateAuthorityRequest(); req.setCertificateAuthorityArn("arn:aws:acm-pca:region:account:" + "certificate-authority/12345678-1234-1234-1234-123456789012"); req.setTags(tags); // Add a tag try{ client.tagCertificateAuthority(req); } catch (InvalidArnException ex) { throw ex; } catch(ResourceNotFoundException ex) { throw ex; } catch (InvalidTagException ex) { throw ex; } catch (TooManyTagsException ex) { throw ex; } } }