Class CfnCertificateAuthority
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.acmpca.CfnCertificateAuthority
- All Implemented Interfaces:
IInspectable
,ITaggable
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
@Generated(value="jsii-pacmak/1.106.0 (build e852934)",
date="2025-02-06T22:15:48.439Z")
@Stability(Stable)
public class CfnCertificateAuthority
extends CfnResource
implements IInspectable, ITaggable
Use the
AWS::ACMPCA::CertificateAuthority
resource to create a private CA.
Once the CA exists, you can use the AWS::ACMPCA::Certificate
resource to issue a new CA certificate. Alternatively, you can issue a CA certificate using an on-premises CA, and then use the AWS::ACMPCA::CertificateAuthorityActivation
resource to import the new CA certificate and activate the CA.
Before removing a
AWS::ACMPCA::CertificateAuthority
resource from the CloudFormation stack, disable the affected CA. Otherwise, the action will fail. You can disable the CA by removing its associatedAWS::ACMPCA::CertificateAuthorityActivation
resource from CloudFormation.
Example:
CfnCertificateAuthority cfnCertificateAuthority = CfnCertificateAuthority.Builder.create(this, "CA") .type("ROOT") .keyAlgorithm("RSA_2048") .signingAlgorithm("SHA256WITHRSA") .subject(SubjectProperty.builder() .country("US") .organization("string") .organizationalUnit("string") .distinguishedNameQualifier("string") .state("string") .commonName("123") .serialNumber("string") .locality("string") .title("string") .surname("string") .givenName("string") .initials("DG") .pseudonym("string") .generationQualifier("DBG") .build()) .build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interface
Provides access information used by theauthorityInfoAccess
andsubjectInfoAccess
extensions described in RFC 5280 .static interface
Describes the type and format of extension access.static final class
A fluent builder forCfnCertificateAuthority
.static interface
Contains configuration information for a certificate revocation list (CRL).static interface
Contains configuration information for the default behavior of the CRL Distribution Point (CDP) extension in certificates issued by your CA.static interface
Describes the certificate extensions to be added to the certificate signing request (CSR).static interface
Defines the X.500 relative distinguished name (RDN).static interface
Describes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Name in RFC 5280.static interface
Describes an ASN.1 X.400GeneralName
as defined in RFC 5280 .static interface
Defines one or more purposes for which the key contained in the certificate can be used.static interface
Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.static interface
Defines a custom ASN.1 X.400GeneralName
using an object identifier (OID) and value.static interface
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.static interface
ASN1 subject for the certificate authority.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
Nested classes/interfaces inherited from interface software.amazon.awscdk.ITaggable
ITaggable.Jsii$Default, ITaggable.Jsii$Proxy
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
CfnCertificateAuthority
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnCertificateAuthority
(software.amazon.jsii.JsiiObjectRef objRef) CfnCertificateAuthority
(software.constructs.Construct scope, String id, CfnCertificateAuthorityProps props) -
Method Summary
Modifier and TypeMethodDescriptionThe Amazon Resource Name (ARN) for the private CA that issued the certificate.The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.Specifies information to be added to the extension section of the certificate signing request (CSR).Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.Specifies a cryptographic key management compliance standard used for handling CA keys.Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.Name of the algorithm your private CA uses to sign certificate requests.Structure that contains X.500 distinguished name information for your private CA.getTags()
Tag Manager which manages the tags for this resource.Key-value pairs that will be attached to the new private CA.getType()
Type of your private CA.Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setCsrExtensions
(IResolvable value) Specifies information to be added to the extension section of the certificate signing request (CSR).void
Specifies information to be added to the extension section of the certificate signing request (CSR).void
setKeyAlgorithm
(String value) Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.void
Specifies a cryptographic key management compliance standard used for handling CA keys.void
Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.void
Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.void
setSigningAlgorithm
(String value) Name of the algorithm your private CA uses to sign certificate requests.void
setSubject
(IResolvable value) Structure that contains X.500 distinguished name information for your private CA.void
Structure that contains X.500 distinguished name information for your private CA.void
setTagsRaw
(List<CfnTag> value) Key-value pairs that will be attached to the new private CA.void
Type of your private CA.void
setUsageMode
(String value) Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.constructs.Construct
getNode, isConstruct
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnCertificateAuthority
protected CfnCertificateAuthority(software.amazon.jsii.JsiiObjectRef objRef) -
CfnCertificateAuthority
protected CfnCertificateAuthority(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnCertificateAuthority
@Stability(Stable) public CfnCertificateAuthority(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnCertificateAuthorityProps props) - Parameters:
scope
- Scope in which this resource is defined. This parameter is required.id
- Construct identifier for this resource (unique in its scope). This parameter is required.props
- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrArn
The Amazon Resource Name (ARN) for the private CA that issued the certificate. -
getAttrCertificateSigningRequest
The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate. -
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getTags
Tag Manager which manages the tags for this resource. -
getKeyAlgorithm
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. -
setKeyAlgorithm
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. -
getSigningAlgorithm
Name of the algorithm your private CA uses to sign certificate requests. -
setSigningAlgorithm
Name of the algorithm your private CA uses to sign certificate requests. -
getSubject
Structure that contains X.500 distinguished name information for your private CA. -
setSubject
Structure that contains X.500 distinguished name information for your private CA. -
setSubject
Structure that contains X.500 distinguished name information for your private CA. -
getType
Type of your private CA. -
setType
Type of your private CA. -
getCsrExtensions
Specifies information to be added to the extension section of the certificate signing request (CSR). -
setCsrExtensions
Specifies information to be added to the extension section of the certificate signing request (CSR). -
setCsrExtensions
@Stability(Stable) public void setCsrExtensions(@Nullable CfnCertificateAuthority.CsrExtensionsProperty value) Specifies information to be added to the extension section of the certificate signing request (CSR). -
getKeyStorageSecurityStandard
Specifies a cryptographic key management compliance standard used for handling CA keys. -
setKeyStorageSecurityStandard
Specifies a cryptographic key management compliance standard used for handling CA keys. -
getRevocationConfiguration
Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA. -
setRevocationConfiguration
Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA. -
setRevocationConfiguration
@Stability(Stable) public void setRevocationConfiguration(@Nullable CfnCertificateAuthority.RevocationConfigurationProperty value) Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA. -
getTagsRaw
Key-value pairs that will be attached to the new private CA. -
setTagsRaw
Key-value pairs that will be attached to the new private CA. -
getUsageMode
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. -
setUsageMode
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
-