Package software.amazon.awscdk.services.acmpca

Interface CfnCertificateAuthority.RevocationConfigurationProperty

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
CfnCertificateAuthority.RevocationConfigurationProperty.Jsii$Proxy
Enclosing class:
CfnCertificateAuthority
@Stability(Stable) public static interface CfnCertificateAuthority.RevocationConfigurationProperty extends software.amazon.jsii.JsiiSerializable
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide .

The following requirements and constraints apply to revocation configurations.

  • A configuration disabling CRLs or OCSP must contain only the Enabled=False parameter, and will fail if other parameters such as CustomCname or ExpirationInDays are included.
  • In a CRL configuration, the S3BucketName parameter must conform to the Amazon S3 bucket naming rules .
  • A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
  • In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
  • To revoke a certificate, delete the resource from your template, and call the AWS Private CA RevokeCertificate API and specify the resource's certificate authority ARN.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.acmpca.*;
 RevocationConfigurationProperty revocationConfigurationProperty = RevocationConfigurationProperty.builder()
         .crlConfiguration(CrlConfigurationProperty.builder()
                 .enabled(false)
                 // the properties below are optional
                 .crlDistributionPointExtensionConfiguration(CrlDistributionPointExtensionConfigurationProperty.builder()
                         .omitExtension(false)
                         .build())
                 .crlType("crlType")
                 .customCname("customCname")
                 .customPath("customPath")
                 .expirationInDays(123)
                 .s3BucketName("s3BucketName")
                 .s3ObjectAcl("s3ObjectAcl")
                 .build())
         .ocspConfiguration(OcspConfigurationProperty.builder()
                 .enabled(false)
                 // the properties below are optional
                 .ocspCustomCname("ocspCustomCname")
                 .build())
         .build();

See Also: