Menu
AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)

UpdateCertificateAuthority

The following Java sample shows how to use the UpdateCertificateAuthority function.

The function updates the status or configuration of a private certificate authority (CA). Your private CA must be in the ACTIVE or DISABLED state before you can update it. You can disable a private CA that is in the ACTIVE state or make a CA that is in the DISABLED state active again.

package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.services.acmpca.model.UpdateCertificateAuthorityRequest; import com.amazonaws.services.acmpca.model.CertificateAuthorityStatus; import com.amazonaws.AmazonClientException; import com.amazonaws.services.acmpca.model.ConcurrentModificationException; import com.amazonaws.services.acmpca.model.ResourceNotFoundException; import com.amazonaws.services.acmpca.model.InvalidArgsException; import com.amazonaws.services.acmpca.model.InvalidArnException; import com.amazonaws.services.acmpca.model.InvalidStateException; import com.amazonaws.services.acmpca.model.InvalidPolicyException; import com.amazonaws.services.acmpca.model.CrlConfiguration; import com.amazonaws.services.acmpca.model.RevocationConfiguration; public class UpdateCertificateAuthority { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try{ credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from file.", e); } // Define the endpoint for your sample. String endpointProtocol = "https://acm-pca.region.amazonaws.com/"; String endpointRegion = "region"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create the request object. UpdateCertificateAuthorityRequest req = new UpdateCertificateAuthorityRequest(); // Set the ARN of the private CA that you want to update. req.setCertificateAuthorityArn("arn:aws:acm-pca:region:account:" + "certificate-authority/12345678-1234-1234-1234-123456789012"); // Define the certificate revocation list configuration. If you do not want to // update the CRL configuration, leave the CrlConfiguration structure alone and // do not set it on your UpdateCertificateAuthorityRequest object. CrlConfiguration crlConfigure = new CrlConfiguration(); crlConfigure.withEnabled(true); crlConfigure.withExpirationInDays(365); crlConfigure.withCustomCname("your-custom-name"); crlConfigure.withS3BucketName("your-bucket-name"); // Set the CRL configuration onto your UpdateCertificateAuthorityRequest object. // If you do not want to change your CRL configuration, do not use the // setCrlConfiguration method. RevocationConfiguration revokeConfig = new RevocationConfiguration(); revokeConfig.setCrlConfiguration(crlConfigure); // Set the status. req.withStatus(CertificateAuthorityStatus.ACTIVE); // Create the result object. try { client.updateCertificateAuthority(req); } catch(ConcurrentModificationException ex) { throw ex; } catch(ResourceNotFoundException ex) { throw ex; } catch(InvalidArgsException ex) { throw ex; } catch(InvalidArnException ex) { throw ex; } catch(InvalidStateException ex) { throw ex; } catch(InvalidPolicyException ex) { throw ex; } } }