Retrieves the certificate signing request (CSR) for your private certificate authority (CA). The CSR is created when you call the CreateCertificateAuthority action. Sign the CSR with your AWS Private CA-hosted or on-premises root or subordinate CA. Then import the signed certificate back into AWS Private CA by calling the ImportCertificateAuthorityCertificate action. The CSR is returned as a base64 PEM-encoded string.
Request Syntax
{
"CertificateAuthorityArn": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CertificateAuthorityArn
-
The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012Type: String
Length Constraints: Minimum length of 5. Maximum length of 200.
Pattern:
arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*Required: Yes
Response Syntax
{
"Csr": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- Csr
-
The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidArnException
-
The requested Amazon Resource Name (ARN) does not refer to an existing resource.
HTTP Status Code: 400
- InvalidStateException
-
The state of the private CA does not allow this action to occur.
HTTP Status Code: 400
- RequestFailedException
-
The request has failed for an unspecified reason.
HTTP Status Code: 400
- RequestInProgressException
-
Your request is already in progress.
HTTP Status Code: 400
- ResourceNotFoundException
-
A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot be found.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of GetCertificateAuthorityCsr.
Sample Request
POST / HTTP/1.1
Host: acm-pca.amazonaws.com
Accept-Encoding: identity
Content-Length: 128
X-Amz-Target: ACMPrivateCA.GetCertificateAuthorityCsr
X-Amz-Date: 20180226T175413Z
User-Agent: aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=AWS_Key_ID/20180226/AWS_Region/acm-pca/aws4_request,
SignedHeaders=content-type;host;x-amz-date;x-amz-target,
Signature=aa5f823a8637e4709fd4b06988934f4ed4f38f2541889a2f6894f09d75f8b071
{"CertificateAuthorityArn": "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012"}
Example
This example illustrates one usage of GetCertificateAuthorityCsr.
Sample Response
HTTP/1.1 200 OK
Date: Tue, 15 May 2018 17:50:52 GMT
Content-Type: application/x-amz-json-1.1
Content-Length: 1098
x-amzn-RequestId: f96921bf-8b07-4e2a-876a-f76946e666d2
Connection: keep-alive
{
"Csr": "-----BEGIN CERTIFICATE REQUEST----- base64-encoded CSR -----END CERTIFICATE REQUEST-----"
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
