Class: Aws::ACMPCA::Types::CertificateAuthority

Inherits:

Struct

• Object
• Struct
• Aws::ACMPCA::Types::CertificateAuthority

Includes:

Structure

Defined in:

lib/aws-sdk-acmpca/types.rb

Overview

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the **Subject Public Key Info** field. Call the

CreateCertificateAuthority][1

action to create your private CA. You

must then call the [GetCertificateAuthorityCertificate] action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the

ImportCertificateAuthorityCertificate][3

action to import the signed

certificate into Certificate Manager (ACM).

[1]: docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html [2]: docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html [3]: docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #arn ⇒ String

  Amazon Resource Name (ARN) for your private certificate authority (CA).

• #certificate_authority_configuration ⇒ Types::CertificateAuthorityConfiguration

  Your private CA configuration.

• #created_at ⇒ Time

  Date and time at which your private CA was created.

• #failure_reason ⇒ String

  Reason the request to create your private CA failed.

• #key_storage_security_standard ⇒ String

  Defines a cryptographic key management compliance standard used for handling CA keys.

• #last_state_change_at ⇒ Time

  Date and time at which your private CA was last updated.

• #not_after ⇒ Time

  Date and time after which your private CA certificate is not valid.

• #not_before ⇒ Time

  Date and time before which your private CA certificate is not valid.

• #owner_account ⇒ String

  The Amazon Web Services account ID that owns the certificate authority.

• #restorable_until ⇒ Time

  The period during which a deleted CA can be restored.

• #revocation_configuration ⇒ Types::RevocationConfiguration

  Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.

• #serial ⇒ String

  Serial number of your private CA.

• #status ⇒ String

  Status of your private CA.

• #type ⇒ String

  Type of your private CA.

• #usage_mode ⇒ String

  Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

Instance Attribute Details

#arn ⇒ String

Amazon Resource Name (ARN) for your private certificate authority (CA). The format is ‘ 12345678-1234-1234-1234-123456789012 `.

Returns:

• (String)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#certificate_authority_configuration ⇒ Types::CertificateAuthorityConfiguration

Your private CA configuration.

Returns:

• (Types::CertificateAuthorityConfiguration)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#created_at ⇒ Time

Date and time at which your private CA was created.

Returns:

• (Time)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#failure_reason ⇒ String

Reason the request to create your private CA failed.

Returns:

• (String)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#key_storage_security_standard ⇒ String

Defines a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value) results in an ‘InvalidArgsException` with the message “A certificate authority cannot be created in this region with the specified security standard.”

Returns:

• (String)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#last_state_change_at ⇒ Time

Date and time at which your private CA was last updated.

Returns:

• (Time)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#not_after ⇒ Time

Date and time after which your private CA certificate is not valid.

Returns:

• (Time)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#not_before ⇒ Time

Date and time before which your private CA certificate is not valid.

Returns:

• (Time)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#owner_account ⇒ String

The Amazon Web Services account ID that owns the certificate authority.

Returns:

• (String)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#restorable_until ⇒ Time

The period during which a deleted CA can be restored. For more information, see the ‘PermanentDeletionTimeInDays` parameter of the

DeleteCertificateAuthorityRequest][1

action.

[1]: docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html

Returns:

• (Time)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#revocation_configuration ⇒ Types::RevocationConfiguration

Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.

Returns:

• (Types::RevocationConfiguration)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#serial ⇒ String

Serial number of your private CA.

Returns:

• (String)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#status ⇒ String

Status of your private CA.

Returns:

• (String)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#type ⇒ String

Type of your private CA.

Returns:

• (String)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end

#usage_mode ⇒ String

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.

The default value is GENERAL_PURPOSE.

Returns:

• (String)

# File 'lib/aws-sdk-acmpca/types.rb', line 323

class CertificateAuthority < Struct.new(
  :arn,
  :owner_account,
  :created_at,
  :last_state_change_at,
  :type,
  :serial,
  :status,
  :not_before,
  :not_after,
  :failure_reason,
  :certificate_authority_configuration,
  :revocation_configuration,
  :restorable_until,
  :key_storage_security_standard,
  :usage_mode)
  SENSITIVE = []
  include Aws::Structure
end