@Generated(value="jsii-pacmak/1.60.0 (build ebcefe6)", date="2022-06-22T23:27:49.517Z") public class CfnCertificateAuthority extends CfnResource implements IInspectable
Use the AWS::ACMPCA::CertificateAuthority
resource to create a private CA. Once the CA exists, you can use the AWS::ACMPCA::Certificate
resource to issue a new CA certificate. Alternatively, you can issue a CA certificate using an on-premises CA, and then use the AWS::ACMPCA::CertificateAuthorityActivation
resource to import the new CA certificate and activate the CA.
Before removing a
AWS::ACMPCA::CertificateAuthority
resource from the CloudFormation stack, disable the affected CA. Otherwise, the action will fail. You can disable the CA by removing its associatedAWS::ACMPCA::CertificateAuthorityActivation
resource from CloudFormation.
Example:
CfnCertificateAuthority cfnCertificateAuthority = CfnCertificateAuthority.Builder.create(this, "CA") .type("ROOT") .keyAlgorithm("RSA_2048") .signingAlgorithm("SHA256WITHRSA") .subject(SubjectProperty.builder() .country("US") .organization("string") .organizationalUnit("string") .distinguishedNameQualifier("string") .state("string") .commonName("123") .serialNumber("string") .locality("string") .title("string") .surname("string") .givenName("string") .initials("DG") .pseudonym("string") .generationQualifier("DBG") .build()) .build();
Modifier and Type | Class and Description |
---|---|
static interface |
CfnCertificateAuthority.AccessDescriptionProperty
Provides access information used by the `authorityInfoAccess` and `subjectInfoAccess` extensions described in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) .
|
static interface |
CfnCertificateAuthority.AccessMethodProperty
Describes the type and format of extension access.
|
static class |
CfnCertificateAuthority.Builder
A fluent builder for
CfnCertificateAuthority . |
static interface |
CfnCertificateAuthority.CrlConfigurationProperty
Contains configuration information for a certificate revocation list (CRL).
|
static interface |
CfnCertificateAuthority.CsrExtensionsProperty
Describes the certificate extensions to be added to the certificate signing request (CSR).
|
static interface |
CfnCertificateAuthority.CustomAttributeProperty
Defines the X.500 relative distinguished name (RDN).
|
static interface |
CfnCertificateAuthority.EdiPartyNameProperty
Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.
|
static interface |
CfnCertificateAuthority.GeneralNameProperty
Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) .
|
static interface |
CfnCertificateAuthority.KeyUsageProperty
Defines one or more purposes for which the key contained in the certificate can be used.
|
static interface |
CfnCertificateAuthority.OcspConfigurationProperty
Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
|
static interface |
CfnCertificateAuthority.OtherNameProperty
Defines a custom ASN.1 X.400 `GeneralName` using an object identifier (OID) and value.
|
static interface |
CfnCertificateAuthority.RevocationConfigurationProperty
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
|
static interface |
CfnCertificateAuthority.SubjectProperty
ASN1 subject for the certificate authority.
|
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
IConstruct.Jsii$Default
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
|
Modifier | Constructor and Description |
---|---|
|
CfnCertificateAuthority(Construct scope,
java.lang.String id,
CfnCertificateAuthorityProps props)
Create a new `AWS::ACMPCA::CertificateAuthority`.
|
protected |
CfnCertificateAuthority(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
CfnCertificateAuthority(software.amazon.jsii.JsiiObjectRef objRef) |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getAttrArn()
The Amazon Resource Name (ARN) for the private CA that issued the certificate.
|
java.lang.String |
getAttrCertificateSigningRequest()
The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
|
protected java.util.Map<java.lang.String,java.lang.Object> |
getCfnProperties() |
java.lang.Object |
getCsrExtensions()
Specifies information to be added to the extension section of the certificate signing request (CSR).
|
java.lang.String |
getKeyAlgorithm()
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
|
java.lang.String |
getKeyStorageSecurityStandard()
Specifies a cryptographic key management compliance standard used for handling CA keys.
|
java.lang.Object |
getRevocationConfiguration()
Information about the certificate revocation list (CRL) created and maintained by your private CA.
|
java.lang.String |
getSigningAlgorithm()
Name of the algorithm your private CA uses to sign certificate requests.
|
java.lang.Object |
getSubject()
Structure that contains X.500 distinguished name information for your private CA.
|
TagManager |
getTags()
Key-value pairs that will be attached to the new private CA.
|
java.lang.String |
getType()
Type of your private CA.
|
void |
inspect(TreeInspector inspector)
Examines the CloudFormation resource and discloses attributes.
|
protected java.util.Map<java.lang.String,java.lang.Object> |
renderProperties(java.util.Map<java.lang.String,java.lang.Object> props) |
void |
setCsrExtensions(CfnCertificateAuthority.CsrExtensionsProperty value)
Specifies information to be added to the extension section of the certificate signing request (CSR).
|
void |
setCsrExtensions(IResolvable value)
Specifies information to be added to the extension section of the certificate signing request (CSR).
|
void |
setKeyAlgorithm(java.lang.String value)
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
|
void |
setKeyStorageSecurityStandard(java.lang.String value)
Specifies a cryptographic key management compliance standard used for handling CA keys.
|
void |
setRevocationConfiguration(CfnCertificateAuthority.RevocationConfigurationProperty value)
Information about the certificate revocation list (CRL) created and maintained by your private CA.
|
void |
setRevocationConfiguration(IResolvable value)
Information about the certificate revocation list (CRL) created and maintained by your private CA.
|
void |
setSigningAlgorithm(java.lang.String value)
Name of the algorithm your private CA uses to sign certificate requests.
|
void |
setSubject(CfnCertificateAuthority.SubjectProperty value)
Structure that contains X.500 distinguished name information for your private CA.
|
void |
setSubject(IResolvable value)
Structure that contains X.500 distinguished name information for your private CA.
|
void |
setType(java.lang.String value)
Type of your private CA.
|
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties
getRef
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
public static final java.lang.String CFN_RESOURCE_TYPE_NAME
protected CfnCertificateAuthority(software.amazon.jsii.JsiiObjectRef objRef)
protected CfnCertificateAuthority(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
public CfnCertificateAuthority(Construct scope, java.lang.String id, CfnCertificateAuthorityProps props)
scope
- - scope in which this resource is defined. This parameter is required.id
- - scoped id of the resource. This parameter is required.props
- - resource properties. This parameter is required.public void inspect(TreeInspector inspector)
inspect
in interface IInspectable
inspector
- - tree inspector to collect and process attributes. This parameter is required.protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
renderProperties
in class CfnResource
props
- This parameter is required.public java.lang.String getAttrArn()
public java.lang.String getAttrCertificateSigningRequest()
protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()
getCfnProperties
in class CfnResource
public TagManager getTags()
You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
public java.lang.String getKeyAlgorithm()
When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
public void setKeyAlgorithm(java.lang.String value)
When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
public java.lang.String getSigningAlgorithm()
This parameter should not be confused with the SigningAlgorithm
parameter used to sign certificates when they are issued.
public void setSigningAlgorithm(java.lang.String value)
This parameter should not be confused with the SigningAlgorithm
parameter used to sign certificates when they are issued.
public java.lang.Object getSubject()
public void setSubject(IResolvable value)
public void setSubject(CfnCertificateAuthority.SubjectProperty value)
public java.lang.String getType()
public void setType(java.lang.String value)
public java.lang.Object getCsrExtensions()
public void setCsrExtensions(IResolvable value)
public void setCsrExtensions(CfnCertificateAuthority.CsrExtensionsProperty value)
public java.lang.String getKeyStorageSecurityStandard()
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Note: FIPS_140_2_LEVEL_3_OR_HIGHER
is not supported in the following Regions:
When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER
as the argument for KeyStorageSecurityStandard
. Failure to do this results in an InvalidArgsException
with the message, "A certificate authority cannot be created in this region with the specified security standard."
public void setKeyStorageSecurityStandard(java.lang.String value)
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Note: FIPS_140_2_LEVEL_3_OR_HIGHER
is not supported in the following Regions:
When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER
as the argument for KeyStorageSecurityStandard
. Failure to do this results in an InvalidArgsException
with the message, "A certificate authority cannot be created in this region with the specified security standard."
public java.lang.Object getRevocationConfiguration()
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.
public void setRevocationConfiguration(IResolvable value)
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.
public void setRevocationConfiguration(CfnCertificateAuthority.RevocationConfigurationProperty value)
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.