acm-pca-2017-08-22
library
Classes
-
AccessDescription
-
Provides access information used by the
authorityInfoAccess and
subjectInfoAccess extensions described in RFC 5280.
-
AccessMethod
-
Describes the type and format of extension access. Only one of
CustomObjectIdentifier or AccessMethodType may be
provided. Providing both results in InvalidArgsException.
-
ACMPCA
-
This is the ACM Private CA API Reference. It provides descriptions,
syntax, and usage examples for each of the actions and data types involved
in creating and managing private certificate authorities (CA) for your
organization.
-
ASN1Subject
-
Contains information about the certificate subject. The certificate can be
one issued by your private certificate authority (CA) or it can be your
private CA certificate. The Subject field in the certificate
identifies the entity that owns or controls the public key in the
certificate. The entity can be a user, computer, device, or service. The
Subject must contain an X.500 distinguished name (DN). A DN is a
sequence of relative distinguished names (RDNs). The RDNs are separated by
commas in the certificate. The DN must be unique for each entity, but your
private CA can issue more than one certificate with the same DN to the same
entity.
-
AwsClientCredentials
-
AWS credentials.
-
CertificateAuthority
-
Contains information about your private certificate authority (CA). Your
private CA can issue and revoke X.509 digital certificates. Digital
certificates verify that the entity named in the certificate Subject
field owns or controls the public key contained in the Subject Public Key
Info field. Call the CreateCertificateAuthority
action to create your private CA. You must then call the GetCertificateAuthorityCertificate
action to retrieve a private CA certificate signing request (CSR). Sign the
CSR with your ACM Private CA-hosted or on-premises root or subordinate CA
certificate. Call the ImportCertificateAuthorityCertificate
action to import the signed certificate into AWS Certificate Manager (ACM).
-
CertificateAuthorityConfiguration
-
Contains configuration information for your private certificate authority
(CA). This includes information about the class of public key algorithm and
the key pair that your private CA creates when it issues a certificate. It
also includes the signature algorithm that it uses when issuing
certificates, and its X.500 distinguished name. You must specify this
information when you call the CreateCertificateAuthority
action.
-
CreateCertificateAuthorityAuditReportResponse
-
-
CreateCertificateAuthorityResponse
-
-
CrlConfiguration
-
Contains configuration information for a certificate revocation list (CRL).
Your private certificate authority (CA) creates base CRLs. Delta CRLs are
not supported. You can enable CRLs for your new or an existing private CA by
setting the Enabled parameter to
true. Your private CA
writes CRLs to an S3 bucket that you specify in the S3BucketName
parameter. You can hide the name of your bucket by specifying a value for
the CustomCname parameter. Your private CA copies the CNAME or the S3
bucket name to the CRL Distribution Points extension of each
certificate it issues. Your S3 bucket policy must give write permission to
ACM Private CA.
-
CsrExtensions
-
Describes the certificate extensions to be added to the certificate signing
request (CSR).
-
DescribeCertificateAuthorityAuditReportResponse
-
-
DescribeCertificateAuthorityResponse
-
-
EdiPartyName
-
Describes an Electronic Data Interchange (EDI) entity as described in as
defined in Subject Alternative
Name in RFC 5280.
-
GeneralName
-
Describes an ASN.1 X.400
GeneralName as defined in RFC 5280. Only one of the
following naming options should be providied. Providing more than one option
results in an InvalidArgsException error.
-
GetCertificateAuthorityCertificateResponse
-
-
GetCertificateAuthorityCsrResponse
-
-
GetCertificateResponse
-
-
GetPolicyResponse
-
-
IssueCertificateResponse
-
-
KeyUsage
-
Defines one or more purposes for which the key contained in the certificate
can be used. Default value for each option is false.
-
ListCertificateAuthoritiesResponse
-
-
ListPermissionsResponse
-
-
ListTagsResponse
-
-
OtherName
-
Defines a custom ASN.1 X.400
GeneralName using an object
identifier (OID) and value. The OID must satisfy the regular expression
shown below. For more information, see NIST's definition of Object
Identifier (OID).
-
Permission
-
Permissions designate which private CA actions can be performed by an AWS
service or entity. In order for ACM to automatically renew private
certificates, you must give the ACM service principal all available
permissions (
IssueCertificate, GetCertificate, and
ListPermissions). Permissions can be assigned with the CreatePermission
action, removed with the DeletePermission
action, and listed with the ListPermissions
action.
-
RevocationConfiguration
-
Certificate revocation information used by the CreateCertificateAuthority
and UpdateCertificateAuthority
actions. Your private certificate authority (CA) can create and maintain a
certificate revocation list (CRL). A CRL contains information about
certificates revoked by your CA. For more information, see RevokeCertificate.
-
Tag
-
Tags are labels that you can use to identify and organize your private CAs.
Each tag consists of a key and an optional value. You can associate up to 50
tags with a private CA. To add one or more tags to a private CA, call the TagCertificateAuthority
action. To remove a tag, call the UntagCertificateAuthority
action.
-
Validity
-
Validity specifies the period of time during which a certificate is valid.
Validity can be expressed as an explicit date and time when the certificate
expires, or as a span of time after issuance, stated in days, months, or
years. For more information, see Validity in
RFC 5280.
