PrivateCertificateProps
- class aws_cdk.aws_certificatemanager.PrivateCertificateProps(*, certificate_authority, domain_name, key_algorithm=None, subject_alternative_names=None)
Bases:
object
Properties for your private certificate.
- Parameters:
certificate_authority (
ICertificateAuthority
) – Private certificate authority (CA) that will be used to issue the certificate.domain_name (
str
) – Fully-qualified domain name to request a private certificate for. May contain wildcards, such as*.domain.com
.key_algorithm (
Optional
[KeyAlgorithm
]) – Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA’s secret key. Default: KeyAlgorithm.RSA_2048subject_alternative_names (
Optional
[Sequence
[str
]]) – Alternative domain names on your private certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.
- ExampleMetadata:
infused
Example:
import aws_cdk.aws_acmpca as acmpca acm.PrivateCertificate(self, "PrivateCertificate", domain_name="test.example.com", subject_alternative_names=["cool.example.com", "test.example.net"], # optional certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77"), key_algorithm=acm.KeyAlgorithm.RSA_2048 )
Attributes
- certificate_authority
Private certificate authority (CA) that will be used to issue the certificate.
- domain_name
Fully-qualified domain name to request a private certificate for.
May contain wildcards, such as
*.domain.com
.
- key_algorithm
Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA’s secret key.
- Default:
KeyAlgorithm.RSA_2048
- See:
https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title
- subject_alternative_names
Alternative domain names on your private certificate.
Use this to register alternative domain names that represent the same site.
- Default:
No additional FQDNs will be included as alternative domain names.