기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
# CreateCertificateAuthority
다음 Java 샘플은 [CreateCerticateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) 작업을 사용하는 방법을 보여줍니다.
이 작업은 사설 하위 인증 기관(CA)을 생성합니다. CA 구성, 해지 구성, CA 유형 및 선택적 멱등성 토큰을 지정해야 합니다.
CA 구성은 다음을 지정합니다.
+ CA 프라이빗 키를 생성하는 데 사용할 알고리즘 및 키 크기의 이름
+ CA가 자체 인증서 서명 요청, CRLs 및 OCSP 응답에 서명하는 데 사용하는 서명 알고리즘의 유형입니다.
+ X.500 주체 정보
CRL 구성은 다음을 지정합니다.
+ CRL 만료 기간(일)(CRL의 유효 기간)
+ CRL이 포함되어 있는 Amazon S3 버킷
+ CA에서 발급한 인증서에 포함된 S3 버킷의 CNAME 별칭
성공하면 이 함수는 CA의 Amazon 리소스 이름(ARN)을 반환합니다.
```
package com.amazonaws.samples;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.services.acmpca.AWSACMPCA;
import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder;
import com.amazonaws.services.acmpca.model.ASN1Subject;
import com.amazonaws.services.acmpca.model.CertificateAuthorityConfiguration;
import com.amazonaws.services.acmpca.model.CertificateAuthorityType;
import com.amazonaws.services.acmpca.model.CreateCertificateAuthorityResult;
import com.amazonaws.services.acmpca.model.CreateCertificateAuthorityRequest;
import com.amazonaws.services.acmpca.model.CrlConfiguration;
import com.amazonaws.services.acmpca.model.KeyAlgorithm;
import com.amazonaws.services.acmpca.model.SigningAlgorithm;
import com.amazonaws.services.acmpca.model.Tag;
import java.util.ArrayList;
import java.util.Objects;
import com.amazonaws.AmazonClientException;
import com.amazonaws.services.acmpca.model.LimitExceededException;
import com.amazonaws.services.acmpca.model.InvalidArgsException;
import com.amazonaws.services.acmpca.model.InvalidPolicyException;
import com.amazonaws.services.acmpca.model.RevocationConfiguration;
public class CreateCertificateAuthority {
public static void main(String[] args) throws Exception {
// Retrieve your credentials from the C:\Users\name\.aws\credentials file
// in Windows or the .aws/credentials file in Linux.
AWSCredentials credentials = null;
try {
credentials = new ProfileCredentialsProvider("default").getCredentials();
} catch (Exception e) {
throw new AmazonClientException(
"Cannot load the credentials from the credential profiles file. " +
"Please make sure that your credentials file is at the correct " +
"location (C:\\Users\\joneps\\.aws\\credentials), and is in valid format.",
e);
}
// Define the endpoint for your sample.
String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2"
String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/";
EndpointConfiguration endpoint =
new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion);
// Create a client that you can use to make requests.
AWSACMPCA client = AWSACMPCAClientBuilder.standard()
.withEndpointConfiguration(endpoint)
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.build();
// Define a CA subject.
ASN1Subject subject = new ASN1Subject();
subject.setOrganization("Example Organization");
subject.setOrganizationalUnit("Example");
subject.setCountry("US");
subject.setState("Virginia");
subject.setLocality("Arlington");
subject.setCommonName("www.example.com");
// Define the CA configuration.
CertificateAuthorityConfiguration configCA = new CertificateAuthorityConfiguration();
configCA.withKeyAlgorithm(KeyAlgorithm.RSA_2048);
configCA.withSigningAlgorithm(SigningAlgorithm.SHA256WITHRSA);
configCA.withSubject(subject);
// Define a certificate revocation list configuration.
CrlConfiguration crlConfigure = new CrlConfiguration();
crlConfigure.withEnabled(true);
crlConfigure.withExpirationInDays(365);
crlConfigure.withCustomCname(null);
crlConfigure.withS3BucketName("your-bucket-name");
RevocationConfiguration revokeConfig = new RevocationConfiguration();
revokeConfig.setCrlConfiguration(crlConfigure);
// Define a certificate authority type: ROOT or SUBORDINATE
CertificateAuthorityType CAtype = CertificateAuthorityType.<>;
// Create a tag - method 1
Tag tag1 = new Tag();
tag1.withKey("PrivateCA");
tag1.withValue("Sample");
// Create a tag - method 2
Tag tag2 = new Tag()
.withKey("Purpose")
.withValue("WebServices");
// Add the tags to a collection.
ArrayList tags = new ArrayList();
tags.add(tag1);
tags.add(tag2);
// Create the request object.
CreateCertificateAuthorityRequest req = new CreateCertificateAuthorityRequest();
req.withCertificateAuthorityConfiguration(configCA);
req.withRevocationConfiguration(revokeConfig);
req.withIdempotencyToken("123987");
req.withCertificateAuthorityType(CAtype);
req.withTags(tags);
// Create the private CA.
CreateCertificateAuthorityResult result = null;
try {
result = client.createCertificateAuthority(req);
} catch (InvalidArgsException ex) {
throw ex;
} catch (InvalidPolicyException ex) {
throw ex;
} catch (LimitExceededException ex) {
throw ex;
}
// Retrieve the ARN of the private CA.
String arn = result.getCertificateAuthorityArn();
System.out.println(arn);
}
}
```
다음과 유사하게 출력되어야 합니다.
```
arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566
```