software.amazon.awscdk.services.acmpca

Class CfnCertificateAuthority.Builder

java.lang.Object

software.amazon.awscdk.services.acmpca.CfnCertificateAuthority.Builder

All Implemented Interfaces:

software.amazon.jsii.Builder<CfnCertificateAuthority>

Enclosing class:

CfnCertificateAuthority

@Stability(value=Stable)
public static final class CfnCertificateAuthority.Builder
extends Object
implements software.amazon.jsii.Builder<CfnCertificateAuthority>

A fluent builder for CfnCertificateAuthority.

Method Summary

Modifier and Type	Method and Description
CfnCertificateAuthority	build()
static CfnCertificateAuthority.Builder	create(Construct scope, String id)
CfnCertificateAuthority.Builder	csrExtensions(CfnCertificateAuthority.CsrExtensionsProperty csrExtensions) Specifies information to be added to the extension section of the certificate signing request (CSR).
CfnCertificateAuthority.Builder	csrExtensions(IResolvable csrExtensions) Specifies information to be added to the extension section of the certificate signing request (CSR).
CfnCertificateAuthority.Builder	keyAlgorithm(String keyAlgorithm) Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
CfnCertificateAuthority.Builder	keyStorageSecurityStandard(String keyStorageSecurityStandard) Specifies a cryptographic key management compliance standard used for handling CA keys.
CfnCertificateAuthority.Builder	revocationConfiguration(CfnCertificateAuthority.RevocationConfigurationProperty revocationConfiguration) Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions.
CfnCertificateAuthority.Builder	revocationConfiguration(IResolvable revocationConfiguration) Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions.
CfnCertificateAuthority.Builder	signingAlgorithm(String signingAlgorithm) Name of the algorithm your private CA uses to sign certificate requests.
CfnCertificateAuthority.Builder	subject(CfnCertificateAuthority.SubjectProperty subject) Structure that contains X.500 distinguished name information for your private CA.
CfnCertificateAuthority.Builder	subject(IResolvable subject) Structure that contains X.500 distinguished name information for your private CA.
CfnCertificateAuthority.Builder	tags(List<? extends CfnTag> tags) Key-value pairs that will be attached to the new private CA.
CfnCertificateAuthority.Builder	type(String type) Type of your private CA.
CfnCertificateAuthority.Builder	usageMode(String usageMode) Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

create

@Stability(value=Stable)
public static CfnCertificateAuthority.Builder create(Construct scope,
                                                                              String id)

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

Returns:

a new instance of CfnCertificateAuthority.AccessDescriptionProperty.Builder.

keyAlgorithm

@Stability(value=Stable)
public CfnCertificateAuthority.Builder keyAlgorithm(String keyAlgorithm)

Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.

When you create a subordinate CA, you must use a key algorithm supported by the parent CA.

Parameters:

keyAlgorithm - Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. This parameter is required.

Returns:

this

signingAlgorithm

@Stability(value=Stable)
public CfnCertificateAuthority.Builder signingAlgorithm(String signingAlgorithm)

Name of the algorithm your private CA uses to sign certificate requests.

This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.

Parameters:

signingAlgorithm - Name of the algorithm your private CA uses to sign certificate requests. This parameter is required.

Returns:

this

subject

@Stability(value=Stable)
public CfnCertificateAuthority.Builder subject(IResolvable subject)

Structure that contains X.500 distinguished name information for your private CA.

Parameters:

subject - Structure that contains X.500 distinguished name information for your private CA. This parameter is required.

Returns:

this

subject

@Stability(value=Stable)
public CfnCertificateAuthority.Builder subject(CfnCertificateAuthority.SubjectProperty subject)

Structure that contains X.500 distinguished name information for your private CA.

Parameters:

subject - Structure that contains X.500 distinguished name information for your private CA. This parameter is required.

Returns:

this

type

@Stability(value=Stable)
public CfnCertificateAuthority.Builder type(String type)

Type of your private CA.

Parameters:

type - Type of your private CA. This parameter is required.

Returns:

this

csrExtensions

@Stability(value=Stable)
public CfnCertificateAuthority.Builder csrExtensions(IResolvable csrExtensions)

Specifies information to be added to the extension section of the certificate signing request (CSR).

Parameters:

csrExtensions - Specifies information to be added to the extension section of the certificate signing request (CSR). This parameter is required.

Returns:

this

csrExtensions

@Stability(value=Stable)
public CfnCertificateAuthority.Builder csrExtensions(CfnCertificateAuthority.CsrExtensionsProperty csrExtensions)

Specifies information to be added to the extension section of the certificate signing request (CSR).

Parameters:

csrExtensions - Specifies information to be added to the extension section of the certificate signing request (CSR). This parameter is required.

Returns:

this

keyStorageSecurityStandard

@Stability(value=Stable)
public CfnCertificateAuthority.Builder keyStorageSecurityStandard(String keyStorageSecurityStandard)

Specifies a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in the following Regions:

• ap-northeast-3
• ap-southeast-3

When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard . Failure to do this results in an InvalidArgsException with the message, "A certificate authority cannot be created in this region with the specified security standard."

Parameters:

keyStorageSecurityStandard - Specifies a cryptographic key management compliance standard used for handling CA keys. This parameter is required.

Returns:

this

revocationConfiguration

@Stability(value=Stable)
public CfnCertificateAuthority.Builder revocationConfiguration(IResolvable revocationConfiguration)

Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* .

The following requirements apply to revocation configurations.

• A configuration disabling CRLs or OCSP must contain only the Enabled=False parameter, and will fail if other parameters such as CustomCname or ExpirationInDays are included.
• In a CRL configuration, the S3BucketName parameter must conform to the Amazon S3 bucket naming rules .
• A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
• In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".

Parameters:

revocationConfiguration - Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* . This parameter is required.

Returns:

this

revocationConfiguration

@Stability(value=Stable)
public CfnCertificateAuthority.Builder revocationConfiguration(CfnCertificateAuthority.RevocationConfigurationProperty revocationConfiguration)

Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* .

The following requirements apply to revocation configurations.

• A configuration disabling CRLs or OCSP must contain only the Enabled=False parameter, and will fail if other parameters such as CustomCname or ExpirationInDays are included.
• In a CRL configuration, the S3BucketName parameter must conform to the Amazon S3 bucket naming rules .
• A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
• In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".

Parameters:

revocationConfiguration - Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* . This parameter is required.

Returns:

this

tags

@Stability(value=Stable)
public CfnCertificateAuthority.Builder tags(List<? extends CfnTag> tags)

Key-value pairs that will be attached to the new private CA.

You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .

Parameters:

tags - Key-value pairs that will be attached to the new private CA. This parameter is required.

Returns:

this

usageMode

@Stability(value=Stable)
public CfnCertificateAuthority.Builder usageMode(String usageMode)

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

Short-lived certificate validity is limited to seven days.

The default value is GENERAL_PURPOSE.

Parameters:

usageMode - Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. This parameter is required.

Returns:

this

build

@Stability(value=Stable)
public CfnCertificateAuthority build()

Specified by:

build in interface software.amazon.jsii.Builder<CfnCertificateAuthority>