Class CfnCertificateAuthority
A CloudFormation AWS::ACMPCA::CertificateAuthority.
Inherited Members
Namespace: Amazon.CDK.AWS.ACMPCA
Assembly: Amazon.CDK.AWS.ACMPCA.dll
Syntax (csharp)
public class CfnCertificateAuthority : CfnResource, IConstruct, IConstruct, IDependable, IInspectableSyntax (vb)
Public Class CfnCertificateAuthority
Inherits CfnResource
Implements IConstruct, IConstruct, IDependable, IInspectableRemarks
Use the AWS::ACMPCA::CertificateAuthority resource to create a private CA. Once the CA exists, you can use the AWS::ACMPCA::Certificate resource to issue a new CA certificate. Alternatively, you can issue a CA certificate using an on-premises CA, and then use the AWS::ACMPCA::CertificateAuthorityActivation resource to import the new CA certificate and activate the CA.
Before removing a AWS::ACMPCA::CertificateAuthority resource from the CloudFormation stack, disable the affected CA. Otherwise, the action will fail. You can disable the CA by removing its associated AWS::ACMPCA::CertificateAuthorityActivation resource from CloudFormation.
CloudformationResource: AWS::ACMPCA::CertificateAuthority
ExampleMetadata: infused
Examples
CfnCertificateAuthority cfnCertificateAuthority = new CfnCertificateAuthority(this, "CA", new CfnCertificateAuthorityProps {
Type = "ROOT",
KeyAlgorithm = "RSA_2048",
SigningAlgorithm = "SHA256WITHRSA",
Subject = new SubjectProperty {
Country = "US",
Organization = "string",
OrganizationalUnit = "string",
DistinguishedNameQualifier = "string",
State = "string",
CommonName = "123",
SerialNumber = "string",
Locality = "string",
Title = "string",
Surname = "string",
GivenName = "string",
Initials = "DG",
Pseudonym = "string",
GenerationQualifier = "DBG"
}
});Synopsis
Constructors
| CfnCertificateAuthority(Construct, String, ICfnCertificateAuthorityProps) | Create a new |
| CfnCertificateAuthority(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
| CfnCertificateAuthority(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
| AttrArn | The Amazon Resource Name (ARN) for the private CA that issued the certificate. |
| AttrCertificateSigningRequest | The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate. |
| CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
| CfnProperties | |
| CsrExtensions | Specifies information to be added to the extension section of the certificate signing request (CSR). |
| KeyAlgorithm | Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. |
| KeyStorageSecurityStandard | Specifies a cryptographic key management compliance standard used for handling CA keys. |
| RevocationConfiguration | Information about the certificate revocation list (CRL) created and maintained by your private CA. |
| SigningAlgorithm | Name of the algorithm your private CA uses to sign certificate requests. |
| Subject | Structure that contains X.500 distinguished name information for your private CA. |
| Tags | Key-value pairs that will be attached to the new private CA. |
| Type | Type of your private CA. |
Methods
| Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
| RenderProperties(IDictionary<String, Object>) |
Constructors
CfnCertificateAuthority(Construct, String, ICfnCertificateAuthorityProps)
Create a new AWS::ACMPCA::CertificateAuthority.
public CfnCertificateAuthority(Construct scope, string id, ICfnCertificateAuthorityProps props)Parameters
- scope Construct
- scope in which this resource is defined.
- id System.String
- scoped id of the resource.
- props ICfnCertificateAuthorityProps
- resource properties.
CfnCertificateAuthority(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected CfnCertificateAuthority(ByRefValue reference)Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
CfnCertificateAuthority(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected CfnCertificateAuthority(DeputyBase.DeputyProps props)Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
AttrArn
The Amazon Resource Name (ARN) for the private CA that issued the certificate.
public virtual string AttrArn { get; }Property Value
System.String
Remarks
CloudformationAttribute: Arn
AttrCertificateSigningRequest
The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
public virtual string AttrCertificateSigningRequest { get; }Property Value
System.String
Remarks
CloudformationAttribute: CertificateSigningRequest
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }Property Value
System.String
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Overrides
CsrExtensions
Specifies information to be added to the extension section of the certificate signing request (CSR).
public virtual object CsrExtensions { get; set; }Property Value
System.Object
Remarks
KeyAlgorithm
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
public virtual string KeyAlgorithm { get; set; }Property Value
System.String
Remarks
When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
KeyStorageSecurityStandard
Specifies a cryptographic key management compliance standard used for handling CA keys.
public virtual string KeyStorageSecurityStandard { get; set; }Property Value
System.String
Remarks
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in the following Regions:
When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard . Failure to do this results in an InvalidArgsException with the message, "A certificate authority cannot be created in this region with the specified security standard."
RevocationConfiguration
Information about the certificate revocation list (CRL) created and maintained by your private CA.
public virtual object RevocationConfiguration { get; set; }Property Value
System.Object
Remarks
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.
SigningAlgorithm
Name of the algorithm your private CA uses to sign certificate requests.
public virtual string SigningAlgorithm { get; set; }Property Value
System.String
Remarks
This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.
Subject
Structure that contains X.500 distinguished name information for your private CA.
public virtual object Subject { get; set; }Property Value
System.Object
Remarks
Tags
Key-value pairs that will be attached to the new private CA.
public virtual TagManager Tags { get; }Property Value
Remarks
You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
Type
Type of your private CA.
public virtual string Type { get; set; }Property Value
System.String
Remarks
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)Parameters
- inspector TreeInspector
- tree inspector to collect and process attributes.
RenderProperties(IDictionary<String, Object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)Parameters
- props System.Collections.Generic.IDictionary<System.String, System.Object>
Returns
System.Collections.Generic.IDictionary<System.String, System.Object>