Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
GetCertificateAuthorityCsr
Il seguente esempio di Java mostra come utilizzare l'GetCertificateAuthorityCsroperazione.
Questa operazione consente di recuperare la richiesta di firma del certificato (CSR) per l'autorità di certificazione (CA) privata. La CSR viene creata quando si chiama l'CreateCertificateAuthorityoperazione. Porta la CSR nell'infrastruttura locale X.509 e firmala utilizzando la CA root o subordinata. Quindi importa nuovamente il certificato firmato in ACM PCA richiamando l'operazione. ImportCertificateAuthorityCertificate Il CSR viene restituito come stringa con codifica Base64 in formato PEM.
package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.services.acmpca.model.GetCertificateAuthorityCsrRequest; import com.amazonaws.services.acmpca.model.GetCertificateAuthorityCsrResult; import com.amazonaws.AmazonClientException; import com.amazonaws.services.acmpca.model.ResourceNotFoundException; import com.amazonaws.services.acmpca.model.InvalidArnException; import com.amazonaws.services.acmpca.model.RequestInProgressException; import com.amazonaws.services.acmpca.model.RequestFailedException; import com.amazonaws.services.acmpca.model.AWSACMPCAException; import com.amazonaws.waiters.Waiter; import com.amazonaws.waiters.WaiterParameters; import com.amazonaws.waiters.WaiterTimedOutException; import com.amazonaws.waiters.WaiterUnrecoverableException; public class GetCertificateAuthorityCsr { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from disk", e); } // Define the endpoint for your sample. String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2" String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create the request object and set the CA ARN. GetCertificateAuthorityCsrRequest req = new GetCertificateAuthorityCsrRequest(); req.withCertificateAuthorityArn("arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566"); // Create waiter to wait on successful creation of the CSR file. Waiter<GetCertificateAuthorityCsrRequest> waiter = client.waiters().certificateAuthorityCSRCreated(); try { waiter.run(new WaiterParameters<>(req)); } catch (WaiterUnrecoverableException e) { //Explicit short circuit when the recourse transitions into //an undesired state. } catch (WaiterTimedOutException e) { //Failed to transition into desired state even after polling. } catch (AWSACMPCAException e) { //Unexpected service exception. } // Retrieve the CSR. GetCertificateAuthorityCsrResult result = null; try { result = client.getCertificateAuthorityCsr(req); } catch (RequestInProgressException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } catch (InvalidArnException ex) { throw ex; } catch (RequestFailedException ex) { throw ex; } // Retrieve and display the CSR; String Csr = result.getCsr(); System.out.println(Csr); } }
L'output deve essere simile al seguente per l'autorità di certificazione (CA) specificata. La richiesta di firma del certificato (CSR) è con codifica base64 nel formato PEM. Salvala in un file locale, portala nell'infrastruttura locale X.509 e firmala utilizzando la CA root o subordinata.
-----BEGIN CERTIFICATE REQUEST----- base64-encoded request -----END CERTIFICATE REQUEST-----