AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

A complex type that specifies the following:

You must specify only one of the following values:

Don't specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP instead of HTTPS to request your objects: Specify the following value:

true

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Inheritance Hierarchy

System.Object
  Amazon.CloudFront.Model.ViewerCertificate

Namespace: Amazon.CloudFront.Model
Assembly: AWSSDK.CloudFront.dll
Version: 3.x.y.z

Syntax

C#
public class ViewerCertificate

The ViewerCertificate type exposes the following members

Constructors

NameDescription
Public Method ViewerCertificate()

Properties

NameTypeDescription
Public Property ACMCertificateArn System.String

Gets and sets the property ACMCertificateArn.

For information about how and when to use ACMCertificateArn, see ViewerCertificate.

Public Property Certificate System.String

Gets and sets the property Certificate.

This field has been deprecated. Use one of the following fields instead:

Public Property CertificateSource Amazon.CloudFront.CertificateSource

Gets and sets the property CertificateSource.

This field has been deprecated. Use one of the following fields instead:

Public Property CloudFrontDefaultCertificate System.Boolean

Gets and sets the property CloudFrontDefaultCertificate.

For information about how and when to use CloudFrontDefaultCertificate, see ViewerCertificate.

Public Property IAMCertificateId System.String

Gets and sets the property IAMCertificateId.

For information about how and when to use IAMCertificateId, see ViewerCertificate.

Public Property MinimumProtocolVersion Amazon.CloudFront.MinimumProtocolVersion

Gets and sets the property MinimumProtocolVersion.

Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:

  • The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers

  • The cipher that CloudFront uses to encrypt the content that it returns to viewers

On the CloudFront console, this setting is called Security policy.

We recommend that you specify TLSv1.1_2016 unless your users are using browsers or devices that do not support TLSv1.1 or later.

When both of the following are true, you must specify TLSv1 or later for the security policy:

  • You're using a custom certificate: you specified a value for ACMCertificateArn or for IAMCertificateId

  • You're using SNI: you specified sni-only for SSLSupportMethod

If you specify true for CloudFrontDefaultCertificate, CloudFront automatically sets the security policy to TLSv1 regardless of the value that you specify for MinimumProtocolVersion.

For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

Public Property SSLSupportMethod Amazon.CloudFront.SSLSupportMethod

Gets and sets the property SSLSupportMethod.

If you specify a value for ViewerCertificate$ACMCertificateArn or for ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

  • vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

  • sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

    • Use the vip option (dedicated IP addresses) instead of sni-only.

    • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

    • If you can control which browser your users use, upgrade the browser to one that supports SNI.

    • Use HTTP instead of HTTPS.

Don't specify a value for SSLSupportMethod if you specified true.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Version Information

.NET Standard:
Supported in: 1.3

.NET Framework:
Supported in: 4.5, 4.0, 3.5

Portable Class Library:
Supported in: Windows Store Apps
Supported in: Windows Phone 8.1
Supported in: Xamarin Android
Supported in: Xamarin iOS (Unified)
Supported in: Xamarin.Forms