Class CfnCertificateAuthority
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.acmpca.CfnCertificateAuthority
- All Implemented Interfaces:
IInspectable,ITaggable,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct,software.constructs.IDependable
@Generated(value="jsii-pacmak/1.97.0 (build 729de35)",
date="2024-04-18T17:54:11.587Z")
@Stability(Stable)
public class CfnCertificateAuthority
extends CfnResource
implements IInspectable, ITaggable
Use the
AWS::ACMPCA::CertificateAuthority resource to create a private CA.
Once the CA exists, you can use the AWS::ACMPCA::Certificate resource to issue a new CA certificate. Alternatively, you can issue a CA certificate using an on-premises CA, and then use the AWS::ACMPCA::CertificateAuthorityActivation resource to import the new CA certificate and activate the CA.
Before removing a
AWS::ACMPCA::CertificateAuthorityresource from the CloudFormation stack, disable the affected CA. Otherwise, the action will fail. You can disable the CA by removing its associatedAWS::ACMPCA::CertificateAuthorityActivationresource from CloudFormation.
Example:
CfnCertificateAuthority cfnCertificateAuthority = CfnCertificateAuthority.Builder.create(this, "CA")
.type("ROOT")
.keyAlgorithm("RSA_2048")
.signingAlgorithm("SHA256WITHRSA")
.subject(SubjectProperty.builder()
.country("US")
.organization("string")
.organizationalUnit("string")
.distinguishedNameQualifier("string")
.state("string")
.commonName("123")
.serialNumber("string")
.locality("string")
.title("string")
.surname("string")
.givenName("string")
.initials("DG")
.pseudonym("string")
.generationQualifier("DBG")
.build())
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceProvides access information used by theauthorityInfoAccessandsubjectInfoAccessextensions described in RFC 5280 .static interfaceDescribes the type and format of extension access.static final classA fluent builder forCfnCertificateAuthority.static interfaceContains configuration information for a certificate revocation list (CRL).static interfaceContains configuration information for the default behavior of the CRL Distribution Point (CDP) extension in certificates issued by your CA.static interfaceDescribes the certificate extensions to be added to the certificate signing request (CSR).static interfaceDefines the X.500 relative distinguished name (RDN).static interfaceDescribes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Name in RFC 5280.static interfaceDescribes an ASN.1 X.400GeneralNameas defined in RFC 5280 .static interfaceDefines one or more purposes for which the key contained in the certificate can be used.static interfaceContains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.static interfaceDefines a custom ASN.1 X.400GeneralNameusing an object identifier (OID) and value.static interfaceCertificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.static interfaceASN1 subject for the certificate authority.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$ProxyNested classes/interfaces inherited from interface software.amazon.awscdk.ITaggable
ITaggable.Jsii$Default, ITaggable.Jsii$Proxy -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedCfnCertificateAuthority(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnCertificateAuthority(software.amazon.jsii.JsiiObjectRef objRef) CfnCertificateAuthority(software.constructs.Construct scope, String id, CfnCertificateAuthorityProps props) -
Method Summary
Modifier and TypeMethodDescriptionThe Amazon Resource Name (ARN) for the private CA that issued the certificate.The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.Specifies information to be added to the extension section of the certificate signing request (CSR).Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.Specifies a cryptographic key management compliance standard used for handling CA keys.Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.Name of the algorithm your private CA uses to sign certificate requests.Structure that contains X.500 distinguished name information for your private CA.getTags()Tag Manager which manages the tags for this resource.Key-value pairs that will be attached to the new private CA.getType()Type of your private CA.Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.voidinspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties(Map<String, Object> props) voidsetCsrExtensions(IResolvable value) Specifies information to be added to the extension section of the certificate signing request (CSR).voidSpecifies information to be added to the extension section of the certificate signing request (CSR).voidsetKeyAlgorithm(String value) Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.voidSpecifies a cryptographic key management compliance standard used for handling CA keys.voidCertificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.voidCertificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.voidsetSigningAlgorithm(String value) Name of the algorithm your private CA uses to sign certificate requests.voidsetSubject(IResolvable value) Structure that contains X.500 distinguished name information for your private CA.voidStructure that contains X.500 distinguished name information for your private CA.voidsetTagsRaw(List<CfnTag> value) Key-value pairs that will be attached to the new private CA.voidType of your private CA.voidsetUsageMode(String value) Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validatePropertiesMethods inherited from class software.amazon.awscdk.CfnRefElement
getRefMethods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdMethods inherited from class software.constructs.Construct
getNode, isConstructMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnCertificateAuthority
protected CfnCertificateAuthority(software.amazon.jsii.JsiiObjectRef objRef) -
CfnCertificateAuthority
protected CfnCertificateAuthority(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnCertificateAuthority
@Stability(Stable) public CfnCertificateAuthority(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnCertificateAuthorityProps props) - Parameters:
scope- Scope in which this resource is defined. This parameter is required.id- Construct identifier for this resource (unique in its scope). This parameter is required.props- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspectin interfaceIInspectable- Parameters:
inspector- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderPropertiesin classCfnResource- Parameters:
props- This parameter is required.
-
getAttrArn
The Amazon Resource Name (ARN) for the private CA that issued the certificate. -
getAttrCertificateSigningRequest
The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate. -
getCfnProperties
- Overrides:
getCfnPropertiesin classCfnResource
-
getTags
Tag Manager which manages the tags for this resource. -
getKeyAlgorithm
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. -
setKeyAlgorithm
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. -
getSigningAlgorithm
Name of the algorithm your private CA uses to sign certificate requests. -
setSigningAlgorithm
Name of the algorithm your private CA uses to sign certificate requests. -
getSubject
Structure that contains X.500 distinguished name information for your private CA. -
setSubject
Structure that contains X.500 distinguished name information for your private CA. -
setSubject
Structure that contains X.500 distinguished name information for your private CA. -
getType
Type of your private CA. -
setType
Type of your private CA. -
getCsrExtensions
Specifies information to be added to the extension section of the certificate signing request (CSR). -
setCsrExtensions
Specifies information to be added to the extension section of the certificate signing request (CSR). -
setCsrExtensions
@Stability(Stable) public void setCsrExtensions(@Nullable CfnCertificateAuthority.CsrExtensionsProperty value) Specifies information to be added to the extension section of the certificate signing request (CSR). -
getKeyStorageSecurityStandard
Specifies a cryptographic key management compliance standard used for handling CA keys. -
setKeyStorageSecurityStandard
Specifies a cryptographic key management compliance standard used for handling CA keys. -
getRevocationConfiguration
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide . -
setRevocationConfiguration
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide . -
setRevocationConfiguration
@Stability(Stable) public void setRevocationConfiguration(@Nullable CfnCertificateAuthority.RevocationConfigurationProperty value) Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide . -
getTagsRaw
Key-value pairs that will be attached to the new private CA. -
setTagsRaw
Key-value pairs that will be attached to the new private CA. -
getUsageMode
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. -
setUsageMode
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
-