Class CfnCertificate
- All Implemented Interfaces:
IConstruct
,IDependable
,IInspectable
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
AWS::ACMPCA::Certificate
.
The AWS::ACMPCA::Certificate
resource is used to issue a certificate using your private certificate authority. For more information, see the IssueCertificate action.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.acmpca.*; CfnCertificate cfnCertificate = CfnCertificate.Builder.create(this, "MyCfnCertificate") .certificateAuthorityArn("certificateAuthorityArn") .certificateSigningRequest("certificateSigningRequest") .signingAlgorithm("signingAlgorithm") .validity(ValidityProperty.builder() .type("type") .value(123) .build()) // the properties below are optional .apiPassthrough(ApiPassthroughProperty.builder() .extensions(ExtensionsProperty.builder() .certificatePolicies(List.of(PolicyInformationProperty.builder() .certPolicyId("certPolicyId") // the properties below are optional .policyQualifiers(List.of(PolicyQualifierInfoProperty.builder() .policyQualifierId("policyQualifierId") .qualifier(QualifierProperty.builder() .cpsUri("cpsUri") .build()) .build())) .build())) .customExtensions(List.of(CustomExtensionProperty.builder() .objectIdentifier("objectIdentifier") .value("value") // the properties below are optional .critical(false) .build())) .extendedKeyUsage(List.of(ExtendedKeyUsageProperty.builder() .extendedKeyUsageObjectIdentifier("extendedKeyUsageObjectIdentifier") .extendedKeyUsageType("extendedKeyUsageType") .build())) .keyUsage(KeyUsageProperty.builder() .crlSign(false) .dataEncipherment(false) .decipherOnly(false) .digitalSignature(false) .encipherOnly(false) .keyAgreement(false) .keyCertSign(false) .keyEncipherment(false) .nonRepudiation(false) .build()) .subjectAlternativeNames(List.of(GeneralNameProperty.builder() .directoryName(SubjectProperty.builder() .commonName("commonName") .country("country") .customAttributes(List.of(CustomAttributeProperty.builder() .objectIdentifier("objectIdentifier") .value("value") .build())) .distinguishedNameQualifier("distinguishedNameQualifier") .generationQualifier("generationQualifier") .givenName("givenName") .initials("initials") .locality("locality") .organization("organization") .organizationalUnit("organizationalUnit") .pseudonym("pseudonym") .serialNumber("serialNumber") .state("state") .surname("surname") .title("title") .build()) .dnsName("dnsName") .ediPartyName(EdiPartyNameProperty.builder() .nameAssigner("nameAssigner") .partyName("partyName") .build()) .ipAddress("ipAddress") .otherName(OtherNameProperty.builder() .typeId("typeId") .value("value") .build()) .registeredId("registeredId") .rfc822Name("rfc822Name") .uniformResourceIdentifier("uniformResourceIdentifier") .build())) .build()) .subject(SubjectProperty.builder() .commonName("commonName") .country("country") .customAttributes(List.of(CustomAttributeProperty.builder() .objectIdentifier("objectIdentifier") .value("value") .build())) .distinguishedNameQualifier("distinguishedNameQualifier") .generationQualifier("generationQualifier") .givenName("givenName") .initials("initials") .locality("locality") .organization("organization") .organizationalUnit("organizationalUnit") .pseudonym("pseudonym") .serialNumber("serialNumber") .state("state") .surname("surname") .title("title") .build()) .build()) .templateArn("templateArn") .validityNotBefore(ValidityProperty.builder() .type("type") .value(123) .build()) .build();
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
Contains X.509 certificate information to be placed in an issued certificate.static final class
A fluent builder forCfnCertificate
.static interface
Defines the X.500 relative distinguished name (RDN).static interface
Specifies the X.509 extension information for a certificate.static interface
Describes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Name in RFC 5280.static interface
Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in theKeyUsage
extension.static interface
Contains X.509 extension information for a certificate.static interface
Describes an ASN.1 X.400GeneralName
as defined in RFC 5280 .static interface
Defines one or more purposes for which the key contained in the certificate can be used.static interface
Defines a custom ASN.1 X.400GeneralName
using an object identifier (OID) and value.static interface
Defines the X.509CertificatePolicies
extension.static interface
Modifies theCertPolicyId
of aPolicyInformation
object with a qualifier.static interface
Defines aPolicyInformation
qualifier.static interface
Contains information about the certificate subject.static interface
Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ModifierConstructorDescriptionCfnCertificate
(Construct scope, String id, CfnCertificateProps props) Create a newAWS::ACMPCA::Certificate
.protected
CfnCertificate
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnCertificate
(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptionSpecifies X.509 certificate information to be included in the issued certificate.The Amazon Resource Name (ARN) of the issued certificate.The issued Base64 PEM-encoded certificate.The Amazon Resource Name (ARN) for the private CA issues the certificate.The certificate signing request (CSR) for the certificate.The name of the algorithm that will be used to sign the certificate to be issued.Specifies a custom configuration template to use when issuing a certificate.The period of time during which the certificate will be valid.Information describing the start of the validity period of the certificate.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setApiPassthrough
(IResolvable value) Specifies X.509 certificate information to be included in the issued certificate.void
Specifies X.509 certificate information to be included in the issued certificate.void
setCertificateAuthorityArn
(String value) The Amazon Resource Name (ARN) for the private CA issues the certificate.void
The certificate signing request (CSR) for the certificate.void
setSigningAlgorithm
(String value) The name of the algorithm that will be used to sign the certificate to be issued.void
setTemplateArn
(String value) Specifies a custom configuration template to use when issuing a certificate.void
setValidity
(IResolvable value) The period of time during which the certificate will be valid.void
The period of time during which the certificate will be valid.void
setValidityNotBefore
(IResolvable value) Information describing the start of the validity period of the certificate.void
Information describing the start of the validity period of the certificate.Methods inherited from class software.amazon.awscdk.core.CfnResource
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.core.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.core.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnCertificate
protected CfnCertificate(software.amazon.jsii.JsiiObjectRef objRef) -
CfnCertificate
protected CfnCertificate(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnCertificate
@Stability(Stable) public CfnCertificate(@NotNull Construct scope, @NotNull String id, @NotNull CfnCertificateProps props) Create a newAWS::ACMPCA::Certificate
.- Parameters:
scope
-- scope in which this resource is defined.
id
-- scoped id of the resource.
props
-- resource properties.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
-- tree inspector to collect and process attributes.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrArn
The Amazon Resource Name (ARN) of the issued certificate. -
getAttrCertificate
The issued Base64 PEM-encoded certificate. -
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getCertificateAuthorityArn
The Amazon Resource Name (ARN) for the private CA issues the certificate. -
setCertificateAuthorityArn
The Amazon Resource Name (ARN) for the private CA issues the certificate. -
getCertificateSigningRequest
The certificate signing request (CSR) for the certificate. -
setCertificateSigningRequest
The certificate signing request (CSR) for the certificate. -
getSigningAlgorithm
The name of the algorithm that will be used to sign the certificate to be issued.This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action.The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
-
setSigningAlgorithm
The name of the algorithm that will be used to sign the certificate to be issued.This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action.The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
-
getValidity
The period of time during which the certificate will be valid. -
setValidity
The period of time during which the certificate will be valid. -
setValidity
The period of time during which the certificate will be valid. -
getApiPassthrough
Specifies X.509 certificate information to be included in the issued certificate. AnAPIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. -
setApiPassthrough
Specifies X.509 certificate information to be included in the issued certificate. AnAPIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. -
setApiPassthrough
@Stability(Stable) public void setApiPassthrough(@Nullable CfnCertificate.ApiPassthroughProperty value) Specifies X.509 certificate information to be included in the issued certificate. AnAPIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. -
getTemplateArn
Specifies a custom configuration template to use when issuing a certificate.If this parameter is not provided, AWS Private CA defaults to the
EndEntityCertificate/V1
template. For more information about AWS Private CA templates, see Using Templates . -
setTemplateArn
Specifies a custom configuration template to use when issuing a certificate.If this parameter is not provided, AWS Private CA defaults to the
EndEntityCertificate/V1
template. For more information about AWS Private CA templates, see Using Templates . -
getValidityNotBefore
Information describing the start of the validity period of the certificate.This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the “Not Before” value.Unlike the
Validity
parameter, theValidityNotBefore
parameter is optional.The
ValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
. -
setValidityNotBefore
@Stability(Stable) public void setValidityNotBefore(@Nullable CfnCertificate.ValidityProperty value) Information describing the start of the validity period of the certificate.This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the “Not Before” value.Unlike the
Validity
parameter, theValidityNotBefore
parameter is optional.The
ValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
. -
setValidityNotBefore
Information describing the start of the validity period of the certificate.This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the “Not Before” value.Unlike the
Validity
parameter, theValidityNotBefore
parameter is optional.The
ValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
.
-