public static interface CrlConfiguration.Builder extends SdkPojo, CopyableBuilder<CrlConfiguration.Builder,CrlConfiguration>
| Modifier and Type | Method and Description |
|---|---|
CrlConfiguration.Builder |
customCname(String customCname)
Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias
for the CRL distribution point.
|
CrlConfiguration.Builder |
enabled(Boolean enabled)
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
|
CrlConfiguration.Builder |
expirationInDays(Integer expirationInDays)
Validity period of the CRL in days.
|
CrlConfiguration.Builder |
s3BucketName(String s3BucketName)
Name of the S3 bucket that contains the CRL.
|
CrlConfiguration.Builder |
s3ObjectAcl(S3ObjectAcl s3ObjectAcl)
Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket.
|
CrlConfiguration.Builder |
s3ObjectAcl(String s3ObjectAcl)
Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket.
|
equalsBySdkFields, sdkFieldscopyapplyMutation, buildCrlConfiguration.Builder enabled(Boolean enabled)
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority action or for an existing CA when you call the UpdateCertificateAuthority action.
enabled - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this
value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority action or for an existing CA when you call the UpdateCertificateAuthority action.CrlConfiguration.Builder expirationInDays(Integer expirationInDays)
Validity period of the CRL in days.
expirationInDays - Validity period of the CRL in days.CrlConfiguration.Builder customCname(String customCname)
Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.
The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
customCname - Name inserted into the certificate CRL Distribution Points extension that enables the use of an
alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to
be public. The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
CrlConfiguration.Builder s3BucketName(String s3BucketName)
Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows Amazon Web Services Private CA to write the CRL to your bucket.
The S3BucketName parameter must conform to the S3 bucket naming
rules.
s3BucketName - Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname
argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of
the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket
policy that allows Amazon Web Services Private CA to write the CRL to your bucket.
The S3BucketName parameter must conform to the S3 bucket naming
rules.
CrlConfiguration.Builder s3ObjectAcl(String s3ObjectAcl)
Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.
If no value is specified, the default is PUBLIC_READ.
Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the
Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as
BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you have disabled BPA in S3,
then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.
For more information, see Blocking public access to the S3 bucket.
s3ObjectAcl - Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If
you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose
BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI
clients may need an alternative method of access.
If no value is specified, the default is PUBLIC_READ.
Note: This default can cause CA creation to fail in some circumstances. If you have have
enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of
this parameter as BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you
have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or
PUBLIC_READ as the value.
For more information, see Blocking public access to the S3 bucket.
S3ObjectAcl,
S3ObjectAclCrlConfiguration.Builder s3ObjectAcl(S3ObjectAcl s3ObjectAcl)
Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.
If no value is specified, the default is PUBLIC_READ.
Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the
Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as
BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you have disabled BPA in S3,
then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.
For more information, see Blocking public access to the S3 bucket.
s3ObjectAcl - Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If
you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose
BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI
clients may need an alternative method of access.
If no value is specified, the default is PUBLIC_READ.
Note: This default can cause CA creation to fail in some circumstances. If you have have
enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of
this parameter as BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you
have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or
PUBLIC_READ as the value.
For more information, see Blocking public access to the S3 bucket.
S3ObjectAcl,
S3ObjectAclCopyright © 2023. All rights reserved.