Interface CfnCertificateAuthority.RevocationConfigurationProperty

All Superinterfaces:
All Known Implementing Classes:
Enclosing class:

@Stability(Stable) public static interface CfnCertificateAuthority.RevocationConfigurationProperty extends
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide .

The following requirements apply to revocation configurations.

  • A configuration disabling CRLs or OCSP must contain only the Enabled=False parameter, and will fail if other parameters such as CustomCname or ExpirationInDays are included.
  • In a CRL configuration, the S3BucketName parameter must conform to the Amazon S3 bucket naming rules .
  • A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
  • In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".


 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 RevocationConfigurationProperty revocationConfigurationProperty = RevocationConfigurationProperty.builder()