RegisterCACertificate

Registers a CA certificate with AWS IoT Core. There is no limit to the number of CA certificates you can register in your AWS account. You can register up to 10 CA certificates with the same CA subject field per AWS account.

Requires permission to access the RegisterCACertificate action.

Request Syntax

POST /cacertificate?allowAutoRegistration=allowAutoRegistration&setAsActive=setAsActive HTTP/1.1
Content-type: application/json

{
   "caCertificate": "string",
   "certificateMode": "string",
   "registrationConfig": { 
      "roleArn": "string",
      "templateBody": "string",
      "templateName": "string"
   },
   "tags": [ 
      { 
         "Key": "string",
         "Value": "string"
      }
   ],
   "verificationCertificate": "string"
}

URI Request Parameters

The request uses the following URI parameters.

allowAutoRegistration

Allows this CA certificate to be used for auto registration of device certificates.

setAsActive

A boolean value that specifies if the CA certificate is set to active.

Valid values: ACTIVE | INACTIVE

Request Body

The request accepts the following data in JSON format.

caCertificate

The CA certificate.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 65536.

Pattern: [\s\S]*

Required: Yes

certificateMode

Describes the certificate mode in which the Certificate Authority (CA) will be registered. If the verificationCertificate field is not provided, set certificateMode to be SNI_ONLY. If the verificationCertificate field is provided, set certificateMode to be DEFAULT. When certificateMode is not provided, it defaults to DEFAULT. All the device certificates that are registered using this CA will be registered in the same certificate mode as the CA. For more information about certificate mode for device certificates, see certificate mode.

Type: String

Valid Values: DEFAULT | SNI_ONLY

Required: No

registrationConfig

Information about the registration configuration.

Type: RegistrationConfig object

Required: No

tags

Metadata which can be used to manage the CA certificate.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

Type: Array of Tag objects

Required: No

verificationCertificate

The private key verification certificate. If certificateMode is SNI_ONLY, the verificationCertificate field must be empty. If certificateMode is DEFAULT or not provided, the verificationCertificate field must not be empty.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 65536.

Pattern: [\s\S]*

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "certificateArn": "string",
   "certificateId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

certificateArn

The CA certificate ARN.

Type: String

certificateId

The CA certificate identifier.

Type: String

Length Constraints: Fixed length of 64.

Pattern: (0x)?[a-fA-F0-9]+

Errors

CertificateValidationException

The certificate is invalid.

message

Additional information about the exception.

HTTP Status Code: 400

InternalFailureException

An unexpected error has occurred.

message

The message for the exception.

HTTP Status Code: 500

InvalidRequestException

The request is not valid.

message

The message for the exception.

HTTP Status Code: 400

LimitExceededException

A limit has been exceeded.

message

The message for the exception.

HTTP Status Code: 410

RegistrationCodeValidationException

The registration code is invalid.

message

Additional information about the exception.

HTTP Status Code: 400

ResourceAlreadyExistsException

The resource already exists.

message

The message for the exception.

resourceArn

The ARN of the resource that caused the exception.

resourceId

The ID of the resource that caused the exception.

HTTP Status Code: 409

ResourceNotFoundException

The specified resource does not exist.

message

The message for the exception.

HTTP Status Code: 404

ServiceUnavailableException

The service is temporarily unavailable.

message

The message for the exception.

HTTP Status Code: 503

ThrottlingException

The rate exceeds the limit.

message

The message for the exception.

HTTP Status Code: 400

UnauthorizedException

You are not authorized to perform this operation.

message

The message for the exception.

HTTP Status Code: 401

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go v2

• AWS SDK for Java V2

• AWS SDK for JavaScript V3

• AWS SDK for Kotlin

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3