Class: Aws::NetworkFirewall::Types::ServerCertificateConfiguration

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-networkfirewall/types.rb

Overview

Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration. You can configure ‘ServerCertificates` for inbound SSL/TLS inspection, a `CertificateAuthorityArn` for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see [ Using SSL/TLS server certficiates with TLS inspection configurations] in the *Network Firewall Developer Guide*.

<note markdown=“1”> If a server certificate that’s associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.

</note>

[1]: docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#certificate_authority_arnString

The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

The following limitations apply:

  • You can use CA certificates that you imported into ACM, but you can’t generate CA certificates with ACM.

  • You can’t use certificates issued by Private Certificate Authority.

For more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with certificates with TLS inspection configurations] in the *Network Firewall Developer Guide*.

For information about working with certificates in ACM, see

Importing certificates][2

in the *Certificate Manager User Guide*.

[1]: docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html [2]: docs.aws.amazon.com/acm/latest/userguide/import-certificate.html

Returns:

  • (String) 


3574
3575
3576
3577
3578
3579
3580
3581
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 3574

class ServerCertificateConfiguration < Struct.new(
  :server_certificates,
  :scopes,
  :certificate_authority_arn,
  :check_certificate_revocation_status)
  SENSITIVE = []
  include Aws::Structure
end

#check_certificate_revocation_statusTypes::CheckCertificateRevocationStatusActions

When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a ‘CertificateAuthorityArn` in ServerCertificateConfiguration.

Returns:



3574
3575
3576
3577
3578
3579
3580
3581
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 3574

class ServerCertificateConfiguration < Struct.new(
  :server_certificates,
  :scopes,
  :certificate_authority_arn,
  :check_certificate_revocation_status)
  SENSITIVE = []
  include Aws::Structure
end

#scopesArray<Types::ServerCertificateScope>

A list of scopes.

Returns:



3574
3575
3576
3577
3578
3579
3580
3581
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 3574

class ServerCertificateConfiguration < Struct.new(
  :server_certificates,
  :scopes,
  :certificate_authority_arn,
  :check_certificate_revocation_status)
  SENSITIVE = []
  include Aws::Structure
end

#server_certificatesArray<Types::ServerCertificate>

The list of server certificates to use for inbound SSL/TLS inspection.

Returns:



3574
3575
3576
3577
3578
3579
3580
3581
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 3574

class ServerCertificateConfiguration < Struct.new(
  :server_certificates,
  :scopes,
  :certificate_authority_arn,
  :check_certificate_revocation_status)
  SENSITIVE = []
  include Aws::Structure
end