CreateChallenge
For general-purpose connectors. Creates a challenge password for the specified connector. The SCEP protocol uses a challenge password to authenticate a request before issuing a certificate from a certificate authority (CA). Your SCEP clients include the challenge password as part of their certificate request to Connector for SCEP. To retrieve the connector Amazon Resource Names (ARNs) for the connectors in your account, call ListConnectors.
To create additional challenge passwords for the connector, call CreateChallenge again. We recommend frequently rotating your challenge passwords.
Request Syntax
POST /challenges HTTP/1.1
Content-type: application/json
{
"ClientToken": "string",
"ConnectorArn": "string",
"Tags": {
"string" : "string"
}
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- ClientToken
-
Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for
CreateChallengetime out after five minutes. Therefore, if you callCreateChallengemultiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords.Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[!-~]+Required: No
- ConnectorArn
-
The Amazon Resource Name (ARN) of the connector that you want to create a challenge for.
Type: String
Length Constraints: Minimum length of 5. Maximum length of 200.
Pattern:
arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}Required: Yes
- Tags
-
The key-value pairs to associate with the resource.
Type: String to string map
Required: No
Response Syntax
HTTP/1.1 202
Content-type: application/json
{
"Challenge": {
"Arn": "string",
"ConnectorArn": "string",
"CreatedAt": number,
"Password": "string",
"UpdatedAt": number
}
}Response Elements
If the action is successful, the service sends back an HTTP 202 response.
The following data is returned in JSON format by the service.
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your AWS Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an AWS Organizations service control policy (SCP) that affects your AWS account.
HTTP Status Code: 403
- BadRequestException
-
The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
HTTP Status Code: 400
- ConflictException
-
This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
HTTP Status Code: 409
- InternalServerException
-
The request processing has failed because of an unknown error, exception or failure with an internal server.
HTTP Status Code: 500
- ResourceNotFoundException
-
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE.HTTP Status Code: 404
- ServiceQuotaExceededException
-
The request would cause a service quota to be exceeded.
HTTP Status Code: 402
- ThrottlingException
-
The limit on the number of requests per second was exceeded.
HTTP Status Code: 429
- ValidationException
-
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
