CfnCertificateAuthorityProps (software.amazon.awscdk:acmpca 1.191.0 API)

All Superinterfaces:: software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:: CfnCertificateAuthorityProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
           date="2023-01-31T18:36:45.358Z")
 @Stability(value=Stable)
public interface CfnCertificateAuthorityProps
extends software.amazon.jsii.JsiiSerializable

Properties for defining a `CfnCertificateAuthority`.

Example:

 CfnCertificateAuthority cfnCertificateAuthority = CfnCertificateAuthority.Builder.create(this, "CA")
         .type("ROOT")
         .keyAlgorithm("RSA_2048")
         .signingAlgorithm("SHA256WITHRSA")
         .subject(SubjectProperty.builder()
                 .country("US")
                 .organization("string")
                 .organizationalUnit("string")
                 .distinguishedNameQualifier("string")
                 .state("string")
                 .commonName("123")
                 .serialNumber("string")
                 .locality("string")
                 .title("string")
                 .surname("string")
                 .givenName("string")
                 .initials("DG")
                 .pseudonym("string")
                 .generationQualifier("DBG")
                 .build())
         .build();

Nested Class Summary

Nested Classes
Modifier and Type	Interface and Description
`static class`	`CfnCertificateAuthorityProps.Builder` A builder for `CfnCertificateAuthorityProps`
`static class`	`CfnCertificateAuthorityProps.Jsii$Proxy` An implementation for `CfnCertificateAuthorityProps`

Method Summary

All Methods Static Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method and Description
`static CfnCertificateAuthorityProps.Builder`	`builder()`
`default Object`	`getCsrExtensions()` Specifies information to be added to the extension section of the certificate signing request (CSR).
`String`	`getKeyAlgorithm()` Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
`default String`	`getKeyStorageSecurityStandard()` Specifies a cryptographic key management compliance standard used for handling CA keys.
`default Object`	`getRevocationConfiguration()` Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions.
`String`	`getSigningAlgorithm()` Name of the algorithm your private CA uses to sign certificate requests.
`Object`	`getSubject()` Structure that contains X.500 distinguished name information for your private CA.
`default List<CfnTag>`	`getTags()` Key-value pairs that will be attached to the new private CA.
`String`	`getType()` Type of your private CA.
`default String`	`getUsageMode()` Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

- Method Detail
  - getKeyAlgorithm
```
@Stability(value=Stable)
 @NotNull
String getKeyAlgorithm()
```
    Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
  - getSigningAlgorithm
```
@Stability(value=Stable)
 @NotNull
String getSigningAlgorithm()
```
    Name of the algorithm your private CA uses to sign certificate requests.
    This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.
  - getSubject
```
@Stability(value=Stable)
 @NotNull
Object getSubject()
```
    Structure that contains X.500 distinguished name information for your private CA.
  - getType
```
@Stability(value=Stable)
 @NotNull
String getType()
```
    Type of your private CA.
  - getCsrExtensions
```
@Stability(value=Stable)
 @Nullable
default Object getCsrExtensions()
```
    Specifies information to be added to the extension section of the certificate signing request (CSR).
  - getKeyStorageSecurityStandard
```
@Stability(value=Stable)
 @Nullable
default String getKeyStorageSecurityStandard()
```
    Specifies a cryptographic key management compliance standard used for handling CA keys.
    Default: FIPS_140_2_LEVEL_3_OR_HIGHER
    Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in the following Regions:
    - ap-northeast-3
    - ap-southeast-3
    When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard . Failure to do this results in an InvalidArgsException with the message, "A certificate authority cannot be created in this region with the specified security standard."
  - getRevocationConfiguration
```
@Stability(value=Stable)
 @Nullable
default Object getRevocationConfiguration()
```
    Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* .
    The following requirements apply to revocation configurations.
    
    A configuration disabling CRLs or OCSP must contain only the Enabled=False parameter, and will fail if other parameters such as CustomCname or ExpirationInDays are included.
    
    In a CRL configuration, the S3BucketName parameter must conform to the Amazon S3 bucket naming rules .
    
    A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
    
    In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
  - getTags
```
@Stability(value=Stable)
 @Nullable
default List<CfnTag> getTags()
```
    Key-value pairs that will be attached to the new private CA.
    You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
  - getUsageMode
```
@Stability(value=Stable)
 @Nullable
default String getUsageMode()
```
    Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
    Short-lived certificate validity is limited to seven days.
    The default value is GENERAL_PURPOSE.
  - builder
```
@Stability(value=Stable)
static CfnCertificateAuthorityProps.Builder builder()
```
    Returns:
    
    a CfnCertificateAuthorityProps.Builder of CfnCertificateAuthorityProps

Interface CfnCertificateAuthorityProps

Nested Class Summary

Method Summary

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Method Detail

getKeyAlgorithm

getSigningAlgorithm

getSubject

getType

getCsrExtensions

getKeyStorageSecurityStandard

getRevocationConfiguration

getTags

getUsageMode

builder