X509CertificatePemProps
- class aws_rfdk.X509CertificatePemProps(*, subject, encryption_key=None, signing_certificate=None, valid_for=None)
Bases:
object
Properties for generating an X.509 certificate.
- Parameters:
subject (
Union
[DistinguishedName
,Dict
[str
,Any
]]) – The subject, or identity, for the generated certificate.encryption_key (
Optional
[IKey
]) – If provided, then this KMS is used to secure the cert, key, and passphrase Secrets created by the construct. [disable-awslint:ref-via-interface] Default: : Uses the account’s default CMK (the one named aws/secretsmanager). If a AWS KMS CMK with that name doesn’t yet exist, then Secrets Manager creates it for you automatically the first time it needs to encrypt a version’s SecretString or SecretBinary fields.signing_certificate (
Optional
[X509CertificatePem
]) – If provided, then use this certificate to sign the generated certificate forming a chain of trust. Default: : None. The generated certificate will be self-signedvalid_for (
Union
[int
,float
,None
]) – The number of days that the generated certificate will be valid for. Default: 1095 days (3 years)
Attributes
- encryption_key
If provided, then this KMS is used to secure the cert, key, and passphrase Secrets created by the construct.
[disable-awslint:ref-via-interface]
- Default:
: Uses the account’s default CMK (the one named aws/secretsmanager). If a AWS KMS CMK with that name doesn’t yet exist, then Secrets Manager creates it for you automatically the first time it needs to encrypt a version’s SecretString or SecretBinary fields.
- signing_certificate
If provided, then use this certificate to sign the generated certificate forming a chain of trust.
- Default:
: None. The generated certificate will be self-signed
- subject
The subject, or identity, for the generated certificate.
- valid_for
The number of days that the generated certificate will be valid for.
- Default:
1095 days (3 years)