Interface CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Jsii$Proxy
- Enclosing class:
CfnTLSInspectionConfiguration
ServerCertificates
for inbound SSL/TLS inspection, a CertificateAuthorityArn
for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see Using SSL/TLS server certficiates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.networkfirewall.*; ServerCertificateConfigurationProperty serverCertificateConfigurationProperty = ServerCertificateConfigurationProperty.builder() .certificateAuthorityArn("certificateAuthorityArn") .checkCertificateRevocationStatus(CheckCertificateRevocationStatusProperty.builder() .revokedStatusAction("revokedStatusAction") .unknownStatusAction("unknownStatusAction") .build()) .scopes(List.of(ServerCertificateScopeProperty.builder() .destinationPorts(List.of(PortRangeProperty.builder() .fromPort(123) .toPort(123) .build())) .destinations(List.of(AddressProperty.builder() .addressDefinition("addressDefinition") .build())) .protocols(List.of(123)) .sourcePorts(List.of(PortRangeProperty.builder() .fromPort(123) .toPort(123) .build())) .sources(List.of(AddressProperty.builder() .addressDefinition("addressDefinition") .build())) .build())) .serverCertificates(List.of(ServerCertificateProperty.builder() .resourceArn("resourceArn") .build())) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
static final class
An implementation forCfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
default String
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.default Object
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.default Object
A list of scopes.default Object
The list of server certificates to use for inbound SSL/TLS inspection.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getCertificateAuthorityArn
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.The following limitations apply:
- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
- You can't use certificates issued by AWS Private Certificate Authority .
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .
- See Also:
-
getCheckCertificateRevocationStatus
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a
CertificateAuthorityArn
in ServerCertificateConfiguration .- See Also:
-
getScopes
A list of scopes.- See Also:
-
getServerCertificates
The list of server certificates to use for inbound SSL/TLS inspection.- See Also:
-
builder
@Stability(Stable) static CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Builder builder()
-