Interface ICfnCertificateAuthorityProps
Properties for defining a CfnCertificateAuthority
.
Namespace: Amazon.CDK.AWS.ACMPCA
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface ICfnCertificateAuthorityProps
Syntax (vb)
Public Interface ICfnCertificateAuthorityProps
Remarks
ExampleMetadata: infused
Examples
var cfnCertificateAuthority = new CfnCertificateAuthority(this, "CA", new CfnCertificateAuthorityProps {
Type = "ROOT",
KeyAlgorithm = "RSA_2048",
SigningAlgorithm = "SHA256WITHRSA",
Subject = new SubjectProperty {
Country = "US",
Organization = "string",
OrganizationalUnit = "string",
DistinguishedNameQualifier = "string",
State = "string",
CommonName = "123",
SerialNumber = "string",
Locality = "string",
Title = "string",
Surname = "string",
GivenName = "string",
Initials = "DG",
Pseudonym = "string",
GenerationQualifier = "DBG"
}
});
Synopsis
Properties
CsrExtensions | Specifies information to be added to the extension section of the certificate signing request (CSR). |
KeyAlgorithm | Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. |
KeyStorageSecurityStandard | Specifies a cryptographic key management compliance standard used for handling CA keys. |
RevocationConfiguration | Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide . |
SigningAlgorithm | Name of the algorithm your private CA uses to sign certificate requests. |
Subject | Structure that contains X.500 distinguished name information for your private CA. |
Tags | Key-value pairs that will be attached to the new private CA. |
Type | Type of your private CA. |
UsageMode | Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. |
Properties
CsrExtensions
Specifies information to be added to the extension section of the certificate signing request (CSR).
virtual object CsrExtensions { get; }
Property Value
System.Object
Remarks
KeyAlgorithm
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
string KeyAlgorithm { get; }
Property Value
System.String
Remarks
When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
KeyStorageSecurityStandard
Specifies a cryptographic key management compliance standard used for handling CA keys.
virtual string KeyStorageSecurityStandard { get; }
Property Value
System.String
Remarks
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Some AWS Regions do not support the default. When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER
as the argument for KeyStorageSecurityStandard
. Failure to do this results in an InvalidArgsException
with the message, "A certificate authority cannot be created in this region with the specified security standard."
For information about security standard support in various Regions, see Storage and security compliance of AWS Private CA private keys .
RevocationConfiguration
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide .
virtual object RevocationConfiguration { get; }
Property Value
System.Object
Remarks
The following requirements apply to revocation configurations.
SigningAlgorithm
Name of the algorithm your private CA uses to sign certificate requests.
string SigningAlgorithm { get; }
Property Value
System.String
Remarks
This parameter should not be confused with the SigningAlgorithm
parameter used to sign certificates when they are issued.
Subject
Structure that contains X.500 distinguished name information for your private CA.
object Subject { get; }
Property Value
System.Object
Remarks
Tags
Key-value pairs that will be attached to the new private CA.
virtual ICfnTag[] Tags { get; }
Property Value
ICfnTag[]
Remarks
You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
Type
Type of your private CA.
string Type { get; }
Property Value
System.String
Remarks
UsageMode
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
virtual string UsageMode { get; }
Property Value
System.String
Remarks
Short-lived certificate validity is limited to seven days.
The default value is GENERAL_PURPOSE.