Interface CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Jsii$Proxy
Enclosing class:
CfnTLSInspectionConfiguration

@Stability(Stable) public static interface CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty extends software.amazon.jsii.JsiiSerializable
Configures the AWS Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration . You can configure ServerCertificates for inbound SSL/TLS inspection, a CertificateAuthorityArn for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see Using SSL/TLS server certficiates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 ServerCertificateConfigurationProperty serverCertificateConfigurationProperty = ServerCertificateConfigurationProperty.builder()
         .certificateAuthorityArn("certificateAuthorityArn")
         .checkCertificateRevocationStatus(CheckCertificateRevocationStatusProperty.builder()
                 .revokedStatusAction("revokedStatusAction")
                 .unknownStatusAction("unknownStatusAction")
                 .build())
         .scopes(List.of(ServerCertificateScopeProperty.builder()
                 .destinationPorts(List.of(PortRangeProperty.builder()
                         .fromPort(123)
                         .toPort(123)
                         .build()))
                 .destinations(List.of(AddressProperty.builder()
                         .addressDefinition("addressDefinition")
                         .build()))
                 .protocols(List.of(123))
                 .sourcePorts(List.of(PortRangeProperty.builder()
                         .fromPort(123)
                         .toPort(123)
                         .build()))
                 .sources(List.of(AddressProperty.builder()
                         .addressDefinition("addressDefinition")
                         .build()))
                 .build()))
         .serverCertificates(List.of(ServerCertificateProperty.builder()
                 .resourceArn("resourceArn")
                 .build()))
         .build();
 

See Also: