Package software.amazon.awscdk.services.acmpca

Interface CfnCertificateAuthority.RevocationConfigurationProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnCertificateAuthority.RevocationConfigurationProperty.Jsii$Proxy

Enclosing class:

CfnCertificateAuthority

@Stability(Stable)
public static interface CfnCertificateAuthority.RevocationConfigurationProperty
extends software.amazon.jsii.JsiiSerializable

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide .

The following requirements apply to revocation configurations.

• A configuration disabling CRLs or OCSP must contain only the Enabled=False parameter, and will fail if other parameters such as CustomCname or ExpirationInDays are included.
• In a CRL configuration, the S3BucketName parameter must conform to the Amazon S3 bucket naming rules .
• A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
• In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.acmpca.*;
 RevocationConfigurationProperty revocationConfigurationProperty = RevocationConfigurationProperty.builder()
         .crlConfiguration(CrlConfigurationProperty.builder()
                 .crlDistributionPointExtensionConfiguration(CrlDistributionPointExtensionConfigurationProperty.builder()
                         .omitExtension(false)
                         .build())
                 .customCname("customCname")
                 .enabled(false)
                 .expirationInDays(123)
                 .s3BucketName("s3BucketName")
                 .s3ObjectAcl("s3ObjectAcl")
                 .build())
         .ocspConfiguration(OcspConfigurationProperty.builder()
                 .enabled(false)
                 .ocspCustomCname("ocspCustomCname")
                 .build())
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-revocationconfiguration.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnCertificateAuthority.RevocationConfigurationProperty.Builder	A builder for CfnCertificateAuthority.RevocationConfigurationProperty
static final class	CfnCertificateAuthority.RevocationConfigurationProperty.Jsii$Proxy	An implementation for CfnCertificateAuthority.RevocationConfigurationProperty

Method Summary

Modifier and Type	Method	Description
static CfnCertificateAuthority.RevocationConfigurationProperty.Builder	builder()
default Object	getCrlConfiguration()	Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
default Object	getOcspConfiguration()	Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getCrlConfiguration

@Stability(Stable)
@Nullable
default Object getCrlConfiguration()

Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-revocationconfiguration.html#cfn-acmpca-certificateauthority-revocationconfiguration-crlconfiguration

getOcspConfiguration

@Stability(Stable)
@Nullable
default Object getOcspConfiguration()

Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-revocationconfiguration.html#cfn-acmpca-certificateauthority-revocationconfiguration-ocspconfiguration

builder

@Stability(Stable)
static CfnCertificateAuthority.RevocationConfigurationProperty.Builder builder()

Returns:

a CfnCertificateAuthority.RevocationConfigurationProperty.Builder of CfnCertificateAuthority.RevocationConfigurationProperty