AWS Private CA 模板品种

AWS 私有 CA 支持四种模板。

基础模板

不允许使用传递参数的预定义模板。
CSRPassthrough模板

CSR通过允许直通来扩展其相应的基础模板版本的模板。中用于颁发证书CSR的扩展名将复制到已颁发的证书中。如果CSR包含的扩展值与模板定义冲突，则模板定义将始终具有更高的优先级。有关优先级的详细信息，请参阅 AWS Private CA 模板操作顺序。
APIPassthrough模板

API通过允许直通来扩展其相应的基础模板版本的模板。管理员或其他中间系统已知的动态值可能不为请求证书的实体所知，可能无法在模板中定义，也可能在中不可用CSR。但是，CA 管理员可以从其他数据来源（例如 Active Directory）检索其他信息来完成请求。例如，如果一台计算机不知道它属于哪个组织单位，则管理员可以在 Active Directory 中查找信息，然后通过将信息包含在JSON结构中来将其添加到证书请求中。

IssueCertificate 操作的 ApiPassthrough 参数中的值将复制到颁发的证书中。如果 ApiPassthrough 参数包含与模板定义冲突的信息，则模板定义将始终具有更高的优先级。有关优先级的详细信息，请参阅 AWS Private CA 模板操作顺序。
APICSRPassthrough模板

CSR通过允许同时使用API和直通来扩展其相应的基础模板版本的模板。CSR用于颁发证书的扩展名被复制到已颁发的证书中，IssueCertificate操作ApiPassthrough参数中的值也被复制过来。如果模板定义、API直通值和直CSR通扩展名存在冲突，则模板定义的优先级最高，其次是API直通值，然后是直通扩展名。CSR有关优先级的详细信息，请参阅 AWS Private CA 模板操作顺序。

下表列出了支持的所有模板类型，并 AWS 私有 CA 附有指向其定义的链接。

注意

有关 GovCloud 区域模板ARNs的信息，请参阅AWS GovCloud (US) 用户指南AWS Private Certificate Authority中的。

基础模板
模板名称	模板 ARN	证书类型
CodeSigningCertificate/V1	`arn:aws:acm-pca:::template/CodeSigningCertificate/V1`	代码签名
EndEntityCertificate/V1	`arn:aws:acm-pca:::template/EndEntityCertificate/V1`	终端实体
EndEntityClientAuthCertificate/V1	`arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1`	终端实体
EndEntityServerAuthCertificate/V1	`arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1`	终端实体
OCSPSigningCertificate/V1	`arn:aws:acm-pca:::template/OCSPSigningCertificate/V1`	OCSP签署
R ootCACertificate /V1	`arn:aws:acm-pca:::template/RootCACertificate/V1`	CA
S ubordinateCACertificate _ PathLen 0/V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0/V1`	CA
S ubordinateCACertificate _ PathLen 1/V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1`	CA
S ubordinateCACertificate _ PathLen 2/V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1`	CA
S ubordinateCACertificate _ PathLen 3/V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1`	CA

CSRPassthrough模板
模板名称	模板 ARN	证书类型
BlankEndEntityCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_CSRPassthrough/V1`	终端实体
BlankEndEntityCertificate_ CriticalBasicConstraints _ CSRPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_CSRPassthrough/V1`	终端实体
BlankSubordinateCACertificate_ PathLen 0_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_CSRPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 1_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_CSRPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 2_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_CSRPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 3_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_CSRPassthrough/V1`	CA
CodeSigningCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/CodeSigningCertificate_CSRPassthrough/V1`	代码签名
EndEntityCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityCertificate_CSRPassthrough/V1`	终端实体
EndEntityClientAuthCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_CSRPassthrough/V1`	终端实体
EndEntityServerAuthCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_CSRPassthrough/V1`	终端实体
OCSPSigningCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/OCSPSigningCertificate_CSRPassthrough/V1`	OCSP签署
S ubordinateCACertificate _ PathLen 0_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_CSRPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 1_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_CSRPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 2_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_CSRPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 3_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_CSRPassthrough/V1`	CA

APIPassthrough模板
模板名称	模板 ARN	证书类型
BlankEndEntityCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_APIPassthrough/V1`	终端实体
BlankEndEntityCertificate_ CriticalBasicConstraints _ APIPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_APIPassthrough/V1`	终端实体
CodeSigningCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/CodeSigningCertificate_APIPassthrough/V1`	代码签名
EndEntityCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityCertificate_APIPassthrough/V1`	终端实体
EndEntityClientAuthCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_APIPassthrough/V1`	终端实体
EndEntityServerAuthCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_APIPassthrough/V1`	终端实体
OCSPSigningCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/OCSPSigningCertificate_APIPassthrough/V1`	OCSP签署
R ootCACertificate _ APIPassthrough /V1	`arn:aws:acm-pca:::template/RootCACertificate_APIPassthrough/V1`	CA
BlankRootCACertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/BlankRootCACertificate_APIPassthrough/V1`	CA
BlankRootCACertificate_ PathLen 0_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen0_APIPassthrough/V1`	CA
BlankRootCACertificate_ PathLen 1_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen1_APIPassthrough/V1`	CA
BlankRootCACertificate_ PathLen 2_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen2_APIPassthrough/V1`	CA
BlankRootCACertificate_ PathLen 3_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen3_APIPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 0_ APIPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_APIPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 0_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_APIPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 1_ APIPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_APIPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 1_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_APIPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 2_ APIPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_APIPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 2_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_APIPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 3_ APIPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_APIPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 3_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_APIPassthrough/V1`	CA

APICSRPassthrough模板
模板名称	模板 ARN	证书类型
BlankEndEntityCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_APICSRPassthrough/V1`	终端实体

BlankEndEntityCertificate_ CriticalBasicConstraints _ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_APICSRPassthrough/V1`	终端实体
CodeSigningCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/CodeSigningCertificate_APICSRPassthrough/V1`	代码签名
EndEntityCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityCertificate_APICSRPassthrough/V1`	终端实体
EndEntityClientAuthCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_APICSRPassthrough/V1`	终端实体
EndEntityServerAuthCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_APICSRPassthrough/V1`	终端实体
OCSPSigningCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/OCSPSigningCertificate_APICSRPassthrough/V1`	OCSP签署
S ubordinateCACertificate _ PathLen 0_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_APICSRPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 0_ /V1 APICSRPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_APICSRPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 1_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_APICSRPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 1_ /V1 APICSRPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_APICSRPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 2_APICSRPassthrough/PathLen3_ APIPassthroughV1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_APICSRPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 2_ /V1 APICSRPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_APICSRPassthrough/V1`	CA
S ubordinateCACertificate _ PathLen 3_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_APICSRPassthrough/V1`	CA
BlankSubordinateCACertificate_ PathLen 3_ /V1 APICSRPassthrough	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_APICSRPassthrough/V1`	CA

Javascript 在您的浏览器中被禁用或不可用。

要使用 Amazon Web Services 文档，必须启用 Javascript。请参阅浏览器的帮助页面以了解相关说明。

文档惯例

证书模板

模板操作顺序