Interface CfnCertificateAuthorityMixinProps
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnCertificateAuthorityMixinProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)",
date="2026-04-02T21:55:22.990Z")
@Stability(Stable)
public interface CfnCertificateAuthorityMixinProps
extends software.amazon.jsii.JsiiSerializable
Properties for CfnCertificateAuthorityPropsMixin.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.cfnpropertymixins.services.acmpca.*;
CfnCertificateAuthorityMixinProps cfnCertificateAuthorityMixinProps = CfnCertificateAuthorityMixinProps.builder()
.csrExtensions(CsrExtensionsProperty.builder()
.keyUsage(KeyUsageProperty.builder()
.crlSign(false)
.dataEncipherment(false)
.decipherOnly(false)
.digitalSignature(false)
.encipherOnly(false)
.keyAgreement(false)
.keyCertSign(false)
.keyEncipherment(false)
.nonRepudiation(false)
.build())
.subjectInformationAccess(List.of(AccessDescriptionProperty.builder()
.accessLocation(GeneralNameProperty.builder()
.directoryName(SubjectProperty.builder()
.commonName("commonName")
.country("country")
.customAttributes(List.of(CustomAttributeProperty.builder()
.objectIdentifier("objectIdentifier")
.value("value")
.build()))
.distinguishedNameQualifier("distinguishedNameQualifier")
.generationQualifier("generationQualifier")
.givenName("givenName")
.initials("initials")
.locality("locality")
.organization("organization")
.organizationalUnit("organizationalUnit")
.pseudonym("pseudonym")
.serialNumber("serialNumber")
.state("state")
.surname("surname")
.title("title")
.build())
.dnsName("dnsName")
.ediPartyName(EdiPartyNameProperty.builder()
.nameAssigner("nameAssigner")
.partyName("partyName")
.build())
.ipAddress("ipAddress")
.otherName(OtherNameProperty.builder()
.typeId("typeId")
.value("value")
.build())
.registeredId("registeredId")
.rfc822Name("rfc822Name")
.uniformResourceIdentifier("uniformResourceIdentifier")
.build())
.accessMethod(AccessMethodProperty.builder()
.accessMethodType("accessMethodType")
.customObjectIdentifier("customObjectIdentifier")
.build())
.build()))
.build())
.keyAlgorithm("keyAlgorithm")
.keyStorageSecurityStandard("keyStorageSecurityStandard")
.revocationConfiguration(RevocationConfigurationProperty.builder()
.crlConfiguration(CrlConfigurationProperty.builder()
.crlDistributionPointExtensionConfiguration(CrlDistributionPointExtensionConfigurationProperty.builder()
.omitExtension(false)
.build())
.crlType("crlType")
.customCname("customCname")
.customPath("customPath")
.enabled(false)
.expirationInDays(123)
.s3BucketName("s3BucketName")
.s3ObjectAcl("s3ObjectAcl")
.build())
.ocspConfiguration(OcspConfigurationProperty.builder()
.enabled(false)
.ocspCustomCname("ocspCustomCname")
.build())
.build())
.signingAlgorithm("signingAlgorithm")
.subject(SubjectProperty.builder()
.commonName("commonName")
.country("country")
.customAttributes(List.of(CustomAttributeProperty.builder()
.objectIdentifier("objectIdentifier")
.value("value")
.build()))
.distinguishedNameQualifier("distinguishedNameQualifier")
.generationQualifier("generationQualifier")
.givenName("givenName")
.initials("initials")
.locality("locality")
.organization("organization")
.organizationalUnit("organizationalUnit")
.pseudonym("pseudonym")
.serialNumber("serialNumber")
.state("state")
.surname("surname")
.title("title")
.build())
.tags(List.of(CfnTag.builder()
.key("key")
.value("value")
.build()))
.type("type")
.usageMode("usageMode")
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnCertificateAuthorityMixinPropsstatic final classAn implementation forCfnCertificateAuthorityMixinProps -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default ObjectSpecifies information to be added to the extension section of the certificate signing request (CSR).default StringType of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.default StringSpecifies a cryptographic key management compliance standard for handling and protecting CA keys.default ObjectInformation about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.default StringName of the algorithm your private CA uses to sign certificate requests.default ObjectStructure that contains X.500 distinguished name information for your private CA.getTags()Key-value pairs that will be attached to the new private CA.default StringgetType()Type of your private CA.default StringSpecifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getCsrExtensions
Specifies information to be added to the extension section of the certificate signing request (CSR).Returns union: either
IResolvableorCfnCertificateAuthorityPropsMixin.CsrExtensionsProperty- See Also:
-
getKeyAlgorithm
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
- See Also:
-
getKeyStorageSecurityStandard
Specifies a cryptographic key management compliance standard for handling and protecting CA keys.Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Some AWS Regions don't support the default value. When you create a CA in these Regions, you must use
CCPC_LEVEL_1_OR_HIGHERfor theKeyStorageSecurityStandardparameter. If you don't, the operation returns anInvalidArgsExceptionwith this message: "A certificate authority cannot be created in this region with the specified security standard."For information about security standard support in different AWS Regions, see Storage and security compliance of AWS Private CA private keys .
- See Also:
-
getRevocationConfiguration
Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.Returns union: either
IResolvableorCfnCertificateAuthorityPropsMixin.RevocationConfigurationProperty- See Also:
-
getSigningAlgorithm
Name of the algorithm your private CA uses to sign certificate requests.This parameter should not be confused with the
SigningAlgorithmparameter used to sign certificates when they are issued.- See Also:
-
getSubject
Structure that contains X.500 distinguished name information for your private CA.Returns union: either
IResolvableorCfnCertificateAuthorityPropsMixin.SubjectProperty- See Also:
-
getTags
Key-value pairs that will be attached to the new private CA.You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
- See Also:
-
getType
Type of your private CA.- See Also:
-
getUsageMode
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.Short-lived certificate validity is limited to seven days.
The default value is GENERAL_PURPOSE.
- See Also:
-
builder
-