OcspConfiguration

Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.

Contents

Enabled

Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

Type: Boolean

Required: Yes

OcspCustomCname

By default, AWS Private CA injects an AWS domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

Note

The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

For more information, see Customizing Online Certificate Status Protocol (OCSP) in the AWS Private Certificate Authority User Guide.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 253.

Pattern: ^[-a-zA-Z0-9;/?:@&=+$,%_.!~*()']*$

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3