Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
CreateCertificateAuthority
L'exemple Java suivant montre comment utiliser l'CreateCerticateAuthorityopération.
L'opération crée une autorité de certification subordonnée privée. Vous devez spécifier la configuration de l'autorité de configuration, la configuration de la révocation, le type de l'autorité de certification et un jeton d'idempotence facultatif.
La configuration de l'autorité de certification spécifie les éléments suivants :
-
Nom de l'algorithme et taille de la clé à utiliser pour créer la clé privée de l'autorité de certification
-
Le type de l'algorithme de signature que l'autorité de certification utilise pour signer
-
Les informations sur l'objet X.500
La configuration de la liste de révocation de certificats spécifie les éléments suivants :
-
La période d'expiration de la liste de révocation de certificats, en jours (la période de validité de la liste de révocation de certificats)
-
Le compartiment Amazon S3 qui contiendra la CRL
-
Un alias CNAME pour le compartiment S3 qui est inclus dans les certificats émis par l'autorité de certification
En cas de réussite, cette fonction renvoie l'Amazon Resource Name (ARN) de l'autorité de certification.
package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.services.acmpca.model.ASN1Subject; import com.amazonaws.services.acmpca.model.CertificateAuthorityConfiguration; import com.amazonaws.services.acmpca.model.CertificateAuthorityType; import com.amazonaws.services.acmpca.model.CreateCertificateAuthorityResult; import com.amazonaws.services.acmpca.model.CreateCertificateAuthorityRequest; import com.amazonaws.services.acmpca.model.CrlConfiguration; import com.amazonaws.services.acmpca.model.KeyAlgorithm; import com.amazonaws.services.acmpca.model.SigningAlgorithm; import com.amazonaws.services.acmpca.model.Tag; import java.util.ArrayList; import java.util.Objects; import com.amazonaws.AmazonClientException; import com.amazonaws.services.acmpca.model.LimitExceededException; import com.amazonaws.services.acmpca.model.InvalidArgsException; import com.amazonaws.services.acmpca.model.InvalidPolicyException; import com.amazonaws.services.acmpca.model.RevocationConfiguration; public class CreateCertificateAuthority { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException( "Cannot load the credentials from the credential profiles file. " + "Please make sure that your credentials file is at the correct " + "location (C:\\Users\\joneps\\.aws\\credentials), and is in valid format.", e); } // Define the endpoint for your sample. String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2" String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Define a CA subject. ASN1Subject subject = new ASN1Subject(); subject.setOrganization("Example Organization"); subject.setOrganizationalUnit("Example"); subject.setCountry("US"); subject.setState("Virginia"); subject.setLocality("Arlington"); subject.setCommonName("www.example.com"); // Define the CA configuration. CertificateAuthorityConfiguration configCA = new CertificateAuthorityConfiguration(); configCA.withKeyAlgorithm(KeyAlgorithm.RSA_2048); configCA.withSigningAlgorithm(SigningAlgorithm.SHA256WITHRSA); configCA.withSubject(subject); // Define a certificate revocation list configuration. CrlConfiguration crlConfigure = new CrlConfiguration(); crlConfigure.withEnabled(true); crlConfigure.withExpirationInDays(365); crlConfigure.withCustomCname(null); crlConfigure.withS3BucketName("your-bucket-name"); RevocationConfiguration revokeConfig = new RevocationConfiguration(); revokeConfig.setCrlConfiguration(crlConfigure); // Define a certificate authority type: ROOT or SUBORDINATE CertificateAuthorityType CAtype = CertificateAuthorityType.<<SUBORDINATE>>; // Create a tag - method 1 Tag tag1 = new Tag(); tag1.withKey("PrivateCA"); tag1.withValue("Sample"); // Create a tag - method 2 Tag tag2 = new Tag() .withKey("Purpose") .withValue("WebServices"); // Add the tags to a collection. ArrayList<Tag> tags = new ArrayList<Tag>(); tags.add(tag1); tags.add(tag2); // Create the request object. CreateCertificateAuthorityRequest req = new CreateCertificateAuthorityRequest(); req.withCertificateAuthorityConfiguration(configCA); req.withRevocationConfiguration(revokeConfig); req.withIdempotencyToken("123987"); req.withCertificateAuthorityType(CAtype); req.withTags(tags); // Create the private CA. CreateCertificateAuthorityResult result = null; try { result = client.createCertificateAuthority(req); } catch (InvalidArgsException ex) { throw ex; } catch (InvalidPolicyException ex) { throw ex; } catch (LimitExceededException ex) { throw ex; } // Retrieve the ARN of the private CA. String arn = result.getCertificateAuthorityArn(); System.out.println(arn); } }
Votre sortie doit ressembler à ce qui suit :
arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566