@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class ServerCertificateConfiguration extends Object implements Serializable, Cloneable, StructuredPojo
Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt
traffic using a TLSInspectionConfiguration. You can configure ServerCertificates
for inbound
SSL/TLS inspection, a CertificateAuthorityArn
for outbound SSL/TLS inspection, or both. For information
about working with certificates for TLS inspection, see
Using SSL/TLS server certficiates with TLS inspection configurations in the Network Firewall Developer
Guide.
If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.
Constructor and Description |
---|
ServerCertificateConfiguration() |
Modifier and Type | Method and Description |
---|---|
ServerCertificateConfiguration |
clone() |
boolean |
equals(Object obj) |
String |
getCertificateAuthorityArn()
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager
(ACM) to use for outbound SSL/TLS inspection.
|
CheckCertificateRevocationStatusActions |
getCheckCertificateRevocationStatus()
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status.
|
List<ServerCertificateScope> |
getScopes()
A list of scopes.
|
List<ServerCertificate> |
getServerCertificates()
The list of server certificates to use for inbound SSL/TLS inspection.
|
int |
hashCode() |
void |
marshall(ProtocolMarshaller protocolMarshaller)
Marshalls this structured data using the given
ProtocolMarshaller . |
void |
setCertificateAuthorityArn(String certificateAuthorityArn)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager
(ACM) to use for outbound SSL/TLS inspection.
|
void |
setCheckCertificateRevocationStatus(CheckCertificateRevocationStatusActions checkCertificateRevocationStatus)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status.
|
void |
setScopes(Collection<ServerCertificateScope> scopes)
A list of scopes.
|
void |
setServerCertificates(Collection<ServerCertificate> serverCertificates)
The list of server certificates to use for inbound SSL/TLS inspection.
|
String |
toString()
Returns a string representation of this object.
|
ServerCertificateConfiguration |
withCertificateAuthorityArn(String certificateAuthorityArn)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager
(ACM) to use for outbound SSL/TLS inspection.
|
ServerCertificateConfiguration |
withCheckCertificateRevocationStatus(CheckCertificateRevocationStatusActions checkCertificateRevocationStatus)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status.
|
ServerCertificateConfiguration |
withScopes(Collection<ServerCertificateScope> scopes)
A list of scopes.
|
ServerCertificateConfiguration |
withScopes(ServerCertificateScope... scopes)
A list of scopes.
|
ServerCertificateConfiguration |
withServerCertificates(Collection<ServerCertificate> serverCertificates)
The list of server certificates to use for inbound SSL/TLS inspection.
|
ServerCertificateConfiguration |
withServerCertificates(ServerCertificate... serverCertificates)
The list of server certificates to use for inbound SSL/TLS inspection.
|
public List<ServerCertificate> getServerCertificates()
The list of server certificates to use for inbound SSL/TLS inspection.
public void setServerCertificates(Collection<ServerCertificate> serverCertificates)
The list of server certificates to use for inbound SSL/TLS inspection.
serverCertificates
- The list of server certificates to use for inbound SSL/TLS inspection.public ServerCertificateConfiguration withServerCertificates(ServerCertificate... serverCertificates)
The list of server certificates to use for inbound SSL/TLS inspection.
NOTE: This method appends the values to the existing list (if any). Use
setServerCertificates(java.util.Collection)
or withServerCertificates(java.util.Collection)
if
you want to override the existing values.
serverCertificates
- The list of server certificates to use for inbound SSL/TLS inspection.public ServerCertificateConfiguration withServerCertificates(Collection<ServerCertificate> serverCertificates)
The list of server certificates to use for inbound SSL/TLS inspection.
serverCertificates
- The list of server certificates to use for inbound SSL/TLS inspection.public List<ServerCertificateScope> getScopes()
A list of scopes.
public void setScopes(Collection<ServerCertificateScope> scopes)
A list of scopes.
scopes
- A list of scopes.public ServerCertificateConfiguration withScopes(ServerCertificateScope... scopes)
A list of scopes.
NOTE: This method appends the values to the existing list (if any). Use
setScopes(java.util.Collection)
or withScopes(java.util.Collection)
if you want to override the
existing values.
scopes
- A list of scopes.public ServerCertificateConfiguration withScopes(Collection<ServerCertificateScope> scopes)
A list of scopes.
scopes
- A list of scopes.public void setCertificateAuthorityArn(String certificateAuthorityArn)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
certificateAuthorityArn
- The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate
Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
public String getCertificateAuthorityArn()
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
public ServerCertificateConfiguration withCertificateAuthorityArn(String certificateAuthorityArn)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
certificateAuthorityArn
- The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate
Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
public void setCheckCertificateRevocationStatus(CheckCertificateRevocationStatusActions checkCertificateRevocationStatus)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions
that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also
specify a CertificateAuthorityArn
in ServerCertificateConfiguration.
checkCertificateRevocationStatus
- When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS
connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must
specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation
status, you must also specify a CertificateAuthorityArn
in
ServerCertificateConfiguration.public CheckCertificateRevocationStatusActions getCheckCertificateRevocationStatus()
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions
that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also
specify a CertificateAuthorityArn
in ServerCertificateConfiguration.
CertificateAuthorityArn
in
ServerCertificateConfiguration.public ServerCertificateConfiguration withCheckCertificateRevocationStatus(CheckCertificateRevocationStatusActions checkCertificateRevocationStatus)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions
that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also
specify a CertificateAuthorityArn
in ServerCertificateConfiguration.
checkCertificateRevocationStatus
- When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS
connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must
specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation
status, you must also specify a CertificateAuthorityArn
in
ServerCertificateConfiguration.public String toString()
toString
in class Object
Object.toString()
public ServerCertificateConfiguration clone()
public void marshall(ProtocolMarshaller protocolMarshaller)
StructuredPojo
ProtocolMarshaller
.marshall
in interface StructuredPojo
protocolMarshaller
- Implementation of ProtocolMarshaller
used to marshall this object's data.