GetCertificateAuthorityCsr - AWS Private Certificate Authority

GetCertificateAuthorityCsr

Retrieves the certificate signing request (CSR) for your private certificate authority (CA). The CSR is created when you call the CreateCertificateAuthority action. Sign the CSR with your AWS Private CA-hosted or on-premises root or subordinate CA. Then import the signed certificate back into AWS Private CA by calling the ImportCertificateAuthorityCertificate action. The CSR is returned as a base64 PEM-encoded string.

Request Syntax

{ "CertificateAuthorityArn": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CertificateAuthorityArn

The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:

arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*

Required: Yes

Response Syntax

{ "Csr": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Csr

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidArnException

The requested Amazon Resource Name (ARN) does not refer to an existing resource.

HTTP Status Code: 400

InvalidStateException

The state of the private CA does not allow this action to occur.

HTTP Status Code: 400

RequestFailedException

The request has failed for an unspecified reason.

HTTP Status Code: 400

RequestInProgressException

Your request is already in progress.

HTTP Status Code: 400

ResourceNotFoundException

A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot be found.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of GetCertificateAuthorityCsr.

Sample Request

POST / HTTP/1.1 Host: acm-pca.amazonaws.com Accept-Encoding: identity Content-Length: 128 X-Amz-Target: ACMPrivateCA.GetCertificateAuthorityCsr X-Amz-Date: 20180226T175413Z User-Agent: aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32 Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256 Credential=AWS_Key_ID/20180226/AWS_Region/acm-pca/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=aa5f823a8637e4709fd4b06988934f4ed4f38f2541889a2f6894f09d75f8b071 {"CertificateAuthorityArn": "arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012"}

Example

This example illustrates one usage of GetCertificateAuthorityCsr.

Sample Response

HTTP/1.1 200 OK Date: Tue, 15 May 2018 17:50:52 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 1098 x-amzn-RequestId: f96921bf-8b07-4e2a-876a-f76946e666d2 Connection: keep-alive { "Csr": "-----BEGIN CERTIFICATE REQUEST----- base64-encoded CSR -----END CERTIFICATE REQUEST-----" }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: