AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Classes

NameDescription
Class AmazonACMPCAClient

Implementation for accessing ACMPCA You can use the ACM PCA API to create a private certificate authority (CA). You must first call the CreateCertificateAuthority operation. If successful, the operation returns an Amazon Resource Name (ARN) for your private CA. Use this ARN as input to the GetCertificateAuthorityCsr operation to retrieve the certificate signing request (CSR) for your private CA certificate. Sign the CSR using the root or an intermediate CA in your on-premises PKI hierarchy, and call the ImportCertificateAuthorityCertificate to import your signed private CA certificate into ACM PCA.

Use your private CA to issue and revoke certificates. These are private certificates that identify and secure client computers, servers, applications, services, devices, and users over SSLS/TLS connections within your organization. Call the IssueCertificate operation to issue a certificate. Call the RevokeCertificate operation to revoke a certificate.

Certificates issued by your private CA can be trusted only within your organization, not publicly.

Your private CA can optionally create a certificate revocation list (CRL) to track the certificates you revoke. To create a CRL, you must specify a RevocationConfiguration object when you call the CreateCertificateAuthority operation. ACM PCA writes the CRL to an S3 bucket that you specify. You must specify a bucket policy that grants ACM PCA write permission.

You can also call the CreateCertificateAuthorityAuditReport to create an optional audit report that lists every time the CA private key is used. The private key is used for signing when the IssueCertificate or RevokeCertificate operation is called.

Class AmazonACMPCAConfig

Configuration for accessing Amazon ACMPCA service

Class AmazonACMPCAException

Common exception for the ACMPCA service.

Class AmazonACMPCARequest

Base class for ACMPCA operation requests.

Class AuditReportResponseFormat

Constants used for properties of type AuditReportResponseFormat.

Class AuditReportStatus

Constants used for properties of type AuditReportStatus.

Class CertificateAuthorityStatus

Constants used for properties of type CertificateAuthorityStatus.

Class CertificateAuthorityType

Constants used for properties of type CertificateAuthorityType.

Class FailureReason

Constants used for properties of type FailureReason.

Class KeyAlgorithm

Constants used for properties of type KeyAlgorithm.

Class RevocationReason

Constants used for properties of type RevocationReason.

Class SigningAlgorithm

Constants used for properties of type SigningAlgorithm.

Class ValidityPeriodType

Constants used for properties of type ValidityPeriodType.

Interfaces

NameDescription
Interface IAmazonACMPCA

Interface for accessing ACMPCA You can use the ACM PCA API to create a private certificate authority (CA). You must first call the CreateCertificateAuthority operation. If successful, the operation returns an Amazon Resource Name (ARN) for your private CA. Use this ARN as input to the GetCertificateAuthorityCsr operation to retrieve the certificate signing request (CSR) for your private CA certificate. Sign the CSR using the root or an intermediate CA in your on-premises PKI hierarchy, and call the ImportCertificateAuthorityCertificate to import your signed private CA certificate into ACM PCA.

Use your private CA to issue and revoke certificates. These are private certificates that identify and secure client computers, servers, applications, services, devices, and users over SSLS/TLS connections within your organization. Call the IssueCertificate operation to issue a certificate. Call the RevokeCertificate operation to revoke a certificate.

Certificates issued by your private CA can be trusted only within your organization, not publicly.

Your private CA can optionally create a certificate revocation list (CRL) to track the certificates you revoke. To create a CRL, you must specify a RevocationConfiguration object when you call the CreateCertificateAuthority operation. ACM PCA writes the CRL to an S3 bucket that you specify. You must specify a bucket policy that grants ACM PCA write permission.

You can also call the CreateCertificateAuthorityAuditReport to create an optional audit report that lists every time the CA private key is used. The private key is used for signing when the IssueCertificate or RevokeCertificate operation is called.