Class CfnCertificate
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.acmpca.CfnCertificate
- All Implemented Interfaces:
IConstruct,IDependable,IInspectable,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
date="2023-06-19T16:29:55.226Z")
@Stability(Stable)
public class CfnCertificate
extends CfnResource
implements IInspectable
A CloudFormation
AWS::ACMPCA::Certificate.
The AWS::ACMPCA::Certificate resource is used to issue a certificate using your private certificate authority. For more information, see the IssueCertificate action.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.acmpca.*;
CfnCertificate cfnCertificate = CfnCertificate.Builder.create(this, "MyCfnCertificate")
.certificateAuthorityArn("certificateAuthorityArn")
.certificateSigningRequest("certificateSigningRequest")
.signingAlgorithm("signingAlgorithm")
.validity(ValidityProperty.builder()
.type("type")
.value(123)
.build())
// the properties below are optional
.apiPassthrough(ApiPassthroughProperty.builder()
.extensions(ExtensionsProperty.builder()
.certificatePolicies(List.of(PolicyInformationProperty.builder()
.certPolicyId("certPolicyId")
// the properties below are optional
.policyQualifiers(List.of(PolicyQualifierInfoProperty.builder()
.policyQualifierId("policyQualifierId")
.qualifier(QualifierProperty.builder()
.cpsUri("cpsUri")
.build())
.build()))
.build()))
.customExtensions(List.of(CustomExtensionProperty.builder()
.objectIdentifier("objectIdentifier")
.value("value")
// the properties below are optional
.critical(false)
.build()))
.extendedKeyUsage(List.of(ExtendedKeyUsageProperty.builder()
.extendedKeyUsageObjectIdentifier("extendedKeyUsageObjectIdentifier")
.extendedKeyUsageType("extendedKeyUsageType")
.build()))
.keyUsage(KeyUsageProperty.builder()
.crlSign(false)
.dataEncipherment(false)
.decipherOnly(false)
.digitalSignature(false)
.encipherOnly(false)
.keyAgreement(false)
.keyCertSign(false)
.keyEncipherment(false)
.nonRepudiation(false)
.build())
.subjectAlternativeNames(List.of(GeneralNameProperty.builder()
.directoryName(SubjectProperty.builder()
.commonName("commonName")
.country("country")
.customAttributes(List.of(CustomAttributeProperty.builder()
.objectIdentifier("objectIdentifier")
.value("value")
.build()))
.distinguishedNameQualifier("distinguishedNameQualifier")
.generationQualifier("generationQualifier")
.givenName("givenName")
.initials("initials")
.locality("locality")
.organization("organization")
.organizationalUnit("organizationalUnit")
.pseudonym("pseudonym")
.serialNumber("serialNumber")
.state("state")
.surname("surname")
.title("title")
.build())
.dnsName("dnsName")
.ediPartyName(EdiPartyNameProperty.builder()
.nameAssigner("nameAssigner")
.partyName("partyName")
.build())
.ipAddress("ipAddress")
.otherName(OtherNameProperty.builder()
.typeId("typeId")
.value("value")
.build())
.registeredId("registeredId")
.rfc822Name("rfc822Name")
.uniformResourceIdentifier("uniformResourceIdentifier")
.build()))
.build())
.subject(SubjectProperty.builder()
.commonName("commonName")
.country("country")
.customAttributes(List.of(CustomAttributeProperty.builder()
.objectIdentifier("objectIdentifier")
.value("value")
.build()))
.distinguishedNameQualifier("distinguishedNameQualifier")
.generationQualifier("generationQualifier")
.givenName("givenName")
.initials("initials")
.locality("locality")
.organization("organization")
.organizationalUnit("organizationalUnit")
.pseudonym("pseudonym")
.serialNumber("serialNumber")
.state("state")
.surname("surname")
.title("title")
.build())
.build())
.templateArn("templateArn")
.validityNotBefore(ValidityProperty.builder()
.type("type")
.value(123)
.build())
.build();
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceContains X.509 certificate information to be placed in an issued certificate.static final classA fluent builder forCfnCertificate.static interfaceDefines the X.500 relative distinguished name (RDN).static interfaceSpecifies the X.509 extension information for a certificate.static interfaceDescribes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Name in RFC 5280.static interfaceSpecifies additional purposes for which the certified public key may be used other than basic purposes indicated in theKeyUsageextension.static interfaceContains X.509 extension information for a certificate.static interfaceDescribes an ASN.1 X.400GeneralNameas defined in RFC 5280 .static interfaceDefines one or more purposes for which the key contained in the certificate can be used.static interfaceDefines a custom ASN.1 X.400GeneralNameusing an object identifier (OID) and value.static interfaceDefines the X.509CertificatePoliciesextension.static interfaceModifies theCertPolicyIdof aPolicyInformationobject with a qualifier.static interfaceDefines aPolicyInformationqualifier.static interfaceContains information about the certificate subject.static interfaceLength of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionCfnCertificate(Construct scope, String id, CfnCertificateProps props) Create a newAWS::ACMPCA::Certificate.protectedCfnCertificate(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnCertificate(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptionSpecifies X.509 certificate information to be included in the issued certificate.The Amazon Resource Name (ARN) of the issued certificate.The issued Base64 PEM-encoded certificate.The Amazon Resource Name (ARN) for the private CA issues the certificate.The certificate signing request (CSR) for the certificate.The name of the algorithm that will be used to sign the certificate to be issued.Specifies a custom configuration template to use when issuing a certificate.The period of time during which the certificate will be valid.Information describing the start of the validity period of the certificate.voidinspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties(Map<String, Object> props) voidsetApiPassthrough(IResolvable value) Specifies X.509 certificate information to be included in the issued certificate.voidSpecifies X.509 certificate information to be included in the issued certificate.voidsetCertificateAuthorityArn(String value) The Amazon Resource Name (ARN) for the private CA issues the certificate.voidThe certificate signing request (CSR) for the certificate.voidsetSigningAlgorithm(String value) The name of the algorithm that will be used to sign the certificate to be issued.voidsetTemplateArn(String value) Specifies a custom configuration template to use when issuing a certificate.voidsetValidity(IResolvable value) The period of time during which the certificate will be valid.voidThe period of time during which the certificate will be valid.voidsetValidityNotBefore(IResolvable value) Information describing the start of the validity period of the certificate.voidInformation describing the start of the validity period of the certificate.Methods inherited from class software.amazon.awscdk.core.CfnResource
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validatePropertiesMethods inherited from class software.amazon.awscdk.core.CfnRefElement
getRefMethods inherited from class software.amazon.awscdk.core.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdMethods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validateMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnCertificate
protected CfnCertificate(software.amazon.jsii.JsiiObjectRef objRef) -
CfnCertificate
protected CfnCertificate(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnCertificate
@Stability(Stable) public CfnCertificate(@NotNull Construct scope, @NotNull String id, @NotNull CfnCertificateProps props) Create a newAWS::ACMPCA::Certificate.- Parameters:
scope-- scope in which this resource is defined.
id-- scoped id of the resource.
props-- resource properties.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspectin interfaceIInspectable- Parameters:
inspector-- tree inspector to collect and process attributes.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderPropertiesin classCfnResource- Parameters:
props- This parameter is required.
-
getAttrArn
The Amazon Resource Name (ARN) of the issued certificate. -
getAttrCertificate
The issued Base64 PEM-encoded certificate. -
getCfnProperties
- Overrides:
getCfnPropertiesin classCfnResource
-
getCertificateAuthorityArn
The Amazon Resource Name (ARN) for the private CA issues the certificate. -
setCertificateAuthorityArn
The Amazon Resource Name (ARN) for the private CA issues the certificate. -
getCertificateSigningRequest
The certificate signing request (CSR) for the certificate. -
setCertificateSigningRequest
The certificate signing request (CSR) for the certificate. -
getSigningAlgorithm
The name of the algorithm that will be used to sign the certificate to be issued.This parameter should not be confused with the
SigningAlgorithmparameter used to sign a CSR in theCreateCertificateAuthorityaction.The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
-
setSigningAlgorithm
The name of the algorithm that will be used to sign the certificate to be issued.This parameter should not be confused with the
SigningAlgorithmparameter used to sign a CSR in theCreateCertificateAuthorityaction.The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
-
getValidity
The period of time during which the certificate will be valid. -
setValidity
The period of time during which the certificate will be valid. -
setValidity
The period of time during which the certificate will be valid. -
getApiPassthrough
Specifies X.509 certificate information to be included in the issued certificate. AnAPIPassthroughorAPICSRPassthroughtemplate variant must be selected, or else this parameter is ignored. -
setApiPassthrough
Specifies X.509 certificate information to be included in the issued certificate. AnAPIPassthroughorAPICSRPassthroughtemplate variant must be selected, or else this parameter is ignored. -
setApiPassthrough
@Stability(Stable) public void setApiPassthrough(@Nullable CfnCertificate.ApiPassthroughProperty value) Specifies X.509 certificate information to be included in the issued certificate. AnAPIPassthroughorAPICSRPassthroughtemplate variant must be selected, or else this parameter is ignored. -
getTemplateArn
Specifies a custom configuration template to use when issuing a certificate.If this parameter is not provided, AWS Private CA defaults to the
EndEntityCertificate/V1template. For more information about AWS Private CA templates, see Using Templates . -
setTemplateArn
Specifies a custom configuration template to use when issuing a certificate.If this parameter is not provided, AWS Private CA defaults to the
EndEntityCertificate/V1template. For more information about AWS Private CA templates, see Using Templates . -
getValidityNotBefore
Information describing the start of the validity period of the certificate.This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBeforeparameter can be used to customize the “Not Before” value.Unlike the
Validityparameter, theValidityNotBeforeparameter is optional.The
ValidityNotBeforevalue is expressed as an explicit date and time, using theValiditytype valueABSOLUTE. -
setValidityNotBefore
@Stability(Stable) public void setValidityNotBefore(@Nullable CfnCertificate.ValidityProperty value) Information describing the start of the validity period of the certificate.This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBeforeparameter can be used to customize the “Not Before” value.Unlike the
Validityparameter, theValidityNotBeforeparameter is optional.The
ValidityNotBeforevalue is expressed as an explicit date and time, using theValiditytype valueABSOLUTE. -
setValidityNotBefore
Information describing the start of the validity period of the certificate.This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBeforeparameter can be used to customize the “Not Before” value.Unlike the
Validityparameter, theValidityNotBeforeparameter is optional.The
ValidityNotBeforevalue is expressed as an explicit date and time, using theValiditytype valueABSOLUTE.
-