X509CertificatePemProps

class aws_rfdk.X509CertificatePemProps(*, subject, encryption_key=None, signing_certificate=None, valid_for=None)

Bases: object

Properties for generating an X.509 certificate.

Parameters:

• subject (Union[DistinguishedName, Dict[str, Any]]) – The subject, or identity, for the generated certificate.

• encryption_key (Optional[IKey]) – If provided, then this KMS is used to secure the cert, key, and passphrase Secrets created by the construct. [disable-awslint:ref-via-interface] Default: : Uses the account’s default CMK (the one named aws/secretsmanager). If a AWS KMS CMK with that name doesn’t yet exist, then Secrets Manager creates it for you automatically the first time it needs to encrypt a version’s SecretString or SecretBinary fields.

• signing_certificate (Optional[X509CertificatePem]) – If provided, then use this certificate to sign the generated certificate forming a chain of trust. Default: : None. The generated certificate will be self-signed

• valid_for (Union[int, float, None]) – The number of days that the generated certificate will be valid for. Default: 1095 days (3 years)

Attributes

encryption_key

If provided, then this KMS is used to secure the cert, key, and passphrase Secrets created by the construct.

[disable-awslint:ref-via-interface]

Default:

: Uses the account’s default CMK (the one named aws/secretsmanager). If a AWS KMS CMK with that name doesn’t yet exist, then Secrets Manager creates it for you automatically the first time it needs to encrypt a version’s SecretString or SecretBinary fields.

signing_certificate

If provided, then use this certificate to sign the generated certificate forming a chain of trust.

Default:

: None. The generated certificate will be self-signed

subject

The subject, or identity, for the generated certificate.

valid_for

The number of days that the generated certificate will be valid for.

Default:

1095 days (3 years)