You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::ACMPCA::Types::CreateCertificateAuthorityRequest

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing CreateCertificateAuthorityRequest as input to an Aws::Client method, you can use a vanilla Hash:

{
  certificate_authority_configuration: { # required
    key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
    signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
    subject: { # required
      country: "CountryCodeString",
      organization: "String64",
      organizational_unit: "String64",
      distinguished_name_qualifier: "DistinguishedNameQualifierString",
      state: "String128",
      common_name: "String64",
      serial_number: "String64",
      locality: "String128",
      title: "String64",
      surname: "String40",
      given_name: "String16",
      initials: "String5",
      pseudonym: "String128",
      generation_qualifier: "String3",
    },
  },
  revocation_configuration: {
    crl_configuration: {
      enabled: false, # required
      expiration_in_days: 1,
      custom_cname: "String253",
      s3_bucket_name: "String3To255",
    },
  },
  certificate_authority_type: "SUBORDINATE", # required, accepts SUBORDINATE
  idempotency_token: "IdempotencyToken",
}

Instance Attribute Summary collapse

Instance Attribute Details

#certificate_authority_configurationTypes::CertificateAuthorityConfiguration

Name and bit size of the private key algorithm, the name of the signing algorithm, and X.500 certificate subject information.

Returns:

#certificate_authority_typeString

The type of the certificate authority. Currently, this must be SUBORDINATE.

Possible values:

  • SUBORDINATE

Returns:

  • (String)

    The type of the certificate authority.

#idempotency_tokenString

Alphanumeric string that can be used to distinguish between calls to CreateCertificateAuthority. Idempotency tokens time out after five minutes. Therefore, if you call CreateCertificateAuthority multiple times with the same idempotency token within a five minute period, ACM PCA recognizes that you are requesting only one certificate. As a result, ACM PCA issues only one. If you change the idempotency token for each call, however, ACM PCA recognizes that you are requesting multiple certificates.

Returns:

  • (String)

    Alphanumeric string that can be used to distinguish between calls to CreateCertificateAuthority.

#revocation_configurationTypes::RevocationConfiguration

Contains a Boolean value that you can use to enable a certification revocation list (CRL) for the CA, the name of the S3 bucket to which ACM PCA will write the CRL, and an optional CNAME alias that you can use to hide the name of your bucket in the CRL Distribution Points extension of your CA certificate. For more information, see the CrlConfiguration structure.

Returns:

  • (Types::RevocationConfiguration)

    Contains a Boolean value that you can use to enable a certification revocation list (CRL) for the CA, the name of the S3 bucket to which ACM PCA will write the CRL, and an optional CNAME alias that you can use to hide the name of your bucket in the CRL Distribution Points extension of your CA certificate.