Interface CfnDomainConfigurationPropsMixin.IServerCertificateConfigProperty
The server certificate configuration.
Namespace: Amazon.CDK.CfnPropertyMixins.AWS.IoT
Assembly: Amazon.CDK.CfnPropertyMixins.dll
Syntax (csharp)
public interface CfnDomainConfigurationPropsMixin.IServerCertificateConfigPropertySyntax (vb)
Public Interface CfnDomainConfigurationPropsMixin.IServerCertificateConfigPropertyRemarks
For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.IoT;
var serverCertificateConfigProperty = new ServerCertificateConfigProperty {
EnableOcspCheck = false,
OcspAuthorizedResponderArn = "ocspAuthorizedResponderArn",
OcspLambdaArn = "ocspLambdaArn"
};Synopsis
Properties
| EnableOcspCheck | A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not. |
| OcspAuthorizedResponderArn | The Amazon Resource Name (ARN) for an X.509 certificate stored in ACM. If provided, AWS IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same account and region as the domain configuration. |
| OcspLambdaArn | The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses. |
Properties
EnableOcspCheck
A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.
object? EnableOcspCheck { get; }Property Value
Remarks
For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.
Type union: either bool or IResolvable
OcspAuthorizedResponderArn
The Amazon Resource Name (ARN) for an X.509 certificate stored in ACM. If provided, AWS IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same account and region as the domain configuration.
string? OcspAuthorizedResponderArn { get; }Property Value
Remarks
OcspLambdaArn
The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses.
string? OcspLambdaArn { get; }Property Value
Remarks
The Lambda function accepts a base64-encoding of the OCSP request in the Distinguished Encoding Rules (DER) format. The Lambda function's response is also a base64-encoded OCSP response in the DER format. The response size must not exceed 4 kilobytes (KiB). The Lambda function must be in the same account and region as the domain configuration.