Package software.amazon.awscdk.services.acmpca

Class CfnCertificate

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.acmpca.CfnCertificate

All Implemented Interfaces:

IInspectable, ICertificateRef, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.116.0 (build 0eddcff)",
           date="2025-10-24T13:34:29.972Z")
@Stability(Stable)
public class CfnCertificate
extends CfnResource
implements IInspectable, ICertificateRef

The AWS::ACMPCA::Certificate resource is used to issue a certificate using your private certificate authority.

For more information, see the IssueCertificate action.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.acmpca.*;
 CfnCertificate cfnCertificate = CfnCertificate.Builder.create(this, "MyCfnCertificate")
         .certificateAuthorityArn("certificateAuthorityArn")
         .certificateSigningRequest("certificateSigningRequest")
         .signingAlgorithm("signingAlgorithm")
         .validity(ValidityProperty.builder()
                 .type("type")
                 .value(123)
                 .build())
         // the properties below are optional
         .apiPassthrough(ApiPassthroughProperty.builder()
                 .extensions(ExtensionsProperty.builder()
                         .certificatePolicies(List.of(PolicyInformationProperty.builder()
                                 .certPolicyId("certPolicyId")
                                 // the properties below are optional
                                 .policyQualifiers(List.of(PolicyQualifierInfoProperty.builder()
                                         .policyQualifierId("policyQualifierId")
                                         .qualifier(QualifierProperty.builder()
                                                 .cpsUri("cpsUri")
                                                 .build())
                                         .build()))
                                 .build()))
                         .customExtensions(List.of(CustomExtensionProperty.builder()
                                 .objectIdentifier("objectIdentifier")
                                 .value("value")
                                 // the properties below are optional
                                 .critical(false)
                                 .build()))
                         .extendedKeyUsage(List.of(ExtendedKeyUsageProperty.builder()
                                 .extendedKeyUsageObjectIdentifier("extendedKeyUsageObjectIdentifier")
                                 .extendedKeyUsageType("extendedKeyUsageType")
                                 .build()))
                         .keyUsage(KeyUsageProperty.builder()
                                 .crlSign(false)
                                 .dataEncipherment(false)
                                 .decipherOnly(false)
                                 .digitalSignature(false)
                                 .encipherOnly(false)
                                 .keyAgreement(false)
                                 .keyCertSign(false)
                                 .keyEncipherment(false)
                                 .nonRepudiation(false)
                                 .build())
                         .subjectAlternativeNames(List.of(GeneralNameProperty.builder()
                                 .directoryName(SubjectProperty.builder()
                                         .commonName("commonName")
                                         .country("country")
                                         .customAttributes(List.of(CustomAttributeProperty.builder()
                                                 .objectIdentifier("objectIdentifier")
                                                 .value("value")
                                                 .build()))
                                         .distinguishedNameQualifier("distinguishedNameQualifier")
                                         .generationQualifier("generationQualifier")
                                         .givenName("givenName")
                                         .initials("initials")
                                         .locality("locality")
                                         .organization("organization")
                                         .organizationalUnit("organizationalUnit")
                                         .pseudonym("pseudonym")
                                         .serialNumber("serialNumber")
                                         .state("state")
                                         .surname("surname")
                                         .title("title")
                                         .build())
                                 .dnsName("dnsName")
                                 .ediPartyName(EdiPartyNameProperty.builder()
                                         .nameAssigner("nameAssigner")
                                         .partyName("partyName")
                                         .build())
                                 .ipAddress("ipAddress")
                                 .otherName(OtherNameProperty.builder()
                                         .typeId("typeId")
                                         .value("value")
                                         .build())
                                 .registeredId("registeredId")
                                 .rfc822Name("rfc822Name")
                                 .uniformResourceIdentifier("uniformResourceIdentifier")
                                 .build()))
                         .build())
                 .subject(SubjectProperty.builder()
                         .commonName("commonName")
                         .country("country")
                         .customAttributes(List.of(CustomAttributeProperty.builder()
                                 .objectIdentifier("objectIdentifier")
                                 .value("value")
                                 .build()))
                         .distinguishedNameQualifier("distinguishedNameQualifier")
                         .generationQualifier("generationQualifier")
                         .givenName("givenName")
                         .initials("initials")
                         .locality("locality")
                         .organization("organization")
                         .organizationalUnit("organizationalUnit")
                         .pseudonym("pseudonym")
                         .serialNumber("serialNumber")
                         .state("state")
                         .surname("surname")
                         .title("title")
                         .build())
                 .build())
         .templateArn("templateArn")
         .validityNotBefore(ValidityProperty.builder()
                 .type("type")
                 .value(123)
                 .build())
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	CfnCertificate.ApiPassthroughProperty	Contains X.509 certificate information to be placed in an issued certificate.
static final class	CfnCertificate.Builder	A fluent builder for CfnCertificate.
static interface	CfnCertificate.CustomAttributeProperty	Defines the X.500 relative distinguished name (RDN).
static interface	CfnCertificate.CustomExtensionProperty	Specifies the X.509 extension information for a certificate.
static interface	CfnCertificate.EdiPartyNameProperty	Describes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Name in RFC 5280.
static interface	CfnCertificate.ExtendedKeyUsageProperty	Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
static interface	CfnCertificate.ExtensionsProperty	Contains X.509 extension information for a certificate.
static interface	CfnCertificate.GeneralNameProperty	Describes an ASN.1 X.400 GeneralName as defined in RFC 5280 .
static interface	CfnCertificate.KeyUsageProperty	Defines one or more purposes for which the key contained in the certificate can be used.
static interface	CfnCertificate.OtherNameProperty	Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) and value.
static interface	CfnCertificate.PolicyInformationProperty	Defines the X.509 CertificatePolicies extension.
static interface	CfnCertificate.PolicyQualifierInfoProperty	Modifies the CertPolicyId of a PolicyInformation object with a qualifier.
static interface	CfnCertificate.QualifierProperty	Defines a PolicyInformation qualifier.
static interface	CfnCertificate.SubjectProperty	Contains information about the certificate subject.
static interface	CfnCertificate.ValidityProperty	Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.acmpca.ICertificateRef

ICertificateRef.Jsii$Default, ICertificateRef.Jsii$Proxy

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CFN_RESOURCE_TYPE_NAME	The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	CfnCertificate(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnCertificate(software.amazon.jsii.JsiiObjectRef objRef)
	CfnCertificate(software.constructs.Construct scope, String id, CfnCertificateProps props)

Method Summary

Modifier and Type	Method	Description
Object	getApiPassthrough()	Specifies X.509 certificate information to be included in the issued certificate.
String	getAttrArn()	The Amazon Resource Name (ARN) of the issued certificate.
String	getAttrCertificate()	The issued Base64 PEM-encoded certificate.
String	getCertificateAuthorityArn()	The Amazon Resource Name (ARN) for the private CA issues the certificate.
CertificateReference	getCertificateRef()	A reference to a Certificate resource.
String	getCertificateSigningRequest()	The certificate signing request (CSR) for the certificate.
protected Map<String,Object>	getCfnProperties()
String	getSigningAlgorithm()	The name of the algorithm that will be used to sign the certificate to be issued.
String	getTemplateArn()	Specifies a custom configuration template to use when issuing a certificate.
Object	getValidity()	The period of time during which the certificate will be valid.
Object	getValidityNotBefore()	Information describing the start of the validity period of the certificate.
void	inspect(TreeInspector inspector)	Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setApiPassthrough(IResolvable value)	Specifies X.509 certificate information to be included in the issued certificate.
void	setApiPassthrough(CfnCertificate.ApiPassthroughProperty value)	Specifies X.509 certificate information to be included in the issued certificate.
void	setCertificateAuthorityArn(String value)	The Amazon Resource Name (ARN) for the private CA issues the certificate.
void	setCertificateSigningRequest(String value)	The certificate signing request (CSR) for the certificate.
void	setSigningAlgorithm(String value)	The name of the algorithm that will be used to sign the certificate to be issued.
void	setTemplateArn(String value)	Specifies a custom configuration template to use when issuing a certificate.
void	setValidity(IResolvable value)	The period of time during which the certificate will be valid.
void	setValidity(CfnCertificate.ValidityProperty value)	The period of time during which the certificate will be valid.
void	setValidityNotBefore(IResolvable value)	Information describing the start of the validity period of the certificate.
void	setValidityNotBefore(CfnCertificate.ValidityProperty value)	Information describing the start of the validity period of the certificate.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

CFN_RESOURCE_TYPE_NAME

@Stability(Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Details

CfnCertificate

protected CfnCertificate(software.amazon.jsii.JsiiObjectRef objRef)

CfnCertificate

protected CfnCertificate(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnCertificate

@Stability(Stable)
public CfnCertificate(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 CfnCertificateProps props)

Parameters:

scope - Scope in which this resource is defined. This parameter is required.

id - Construct identifier for this resource (unique in its scope). This parameter is required.

props - Resource properties. This parameter is required.

Method Details

inspect

@Stability(Stable)
public void inspect(@NotNull
 TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> renderProperties(@NotNull
 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrArn

@Stability(Stable)
@NotNull
public String getAttrArn()

The Amazon Resource Name (ARN) of the issued certificate.

getAttrCertificate

@Stability(Stable)
@NotNull
public String getAttrCertificate()

The issued Base64 PEM-encoded certificate.

getCertificateRef

@Stability(Stable)
@NotNull
public CertificateReference getCertificateRef()

A reference to a Certificate resource.

Specified by:

getCertificateRef in interface ICertificateRef

getCfnProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getCertificateAuthorityArn

@Stability(Stable)
@NotNull
public String getCertificateAuthorityArn()

The Amazon Resource Name (ARN) for the private CA issues the certificate.

setCertificateAuthorityArn

@Stability(Stable)
public void setCertificateAuthorityArn(@NotNull
 String value)

The Amazon Resource Name (ARN) for the private CA issues the certificate.

getCertificateSigningRequest

@Stability(Stable)
@NotNull
public String getCertificateSigningRequest()

The certificate signing request (CSR) for the certificate.

setCertificateSigningRequest

@Stability(Stable)
public void setCertificateSigningRequest(@NotNull
 String value)

The certificate signing request (CSR) for the certificate.

getSigningAlgorithm

@Stability(Stable)
@NotNull
public String getSigningAlgorithm()

The name of the algorithm that will be used to sign the certificate to be issued.

setSigningAlgorithm

@Stability(Stable)
public void setSigningAlgorithm(@NotNull
 String value)

The name of the algorithm that will be used to sign the certificate to be issued.

getValidity

@Stability(Stable)
@NotNull
public Object getValidity()

The period of time during which the certificate will be valid.

Returns union: either IResolvable or CfnCertificate.ValidityProperty

setValidity

@Stability(Stable)
public void setValidity(@NotNull
 IResolvable value)

The period of time during which the certificate will be valid.

setValidity

@Stability(Stable)
public void setValidity(@NotNull
 CfnCertificate.ValidityProperty value)

The period of time during which the certificate will be valid.

getApiPassthrough

@Stability(Stable)
@Nullable
public Object getApiPassthrough()

Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.

Returns union: either IResolvable or CfnCertificate.ApiPassthroughProperty

setApiPassthrough

@Stability(Stable)
public void setApiPassthrough(@Nullable
 IResolvable value)

Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.

setApiPassthrough

@Stability(Stable)
public void setApiPassthrough(@Nullable
 CfnCertificate.ApiPassthroughProperty value)

Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.

getTemplateArn

@Stability(Stable)
@Nullable
public String getTemplateArn()

Specifies a custom configuration template to use when issuing a certificate.

setTemplateArn

@Stability(Stable)
public void setTemplateArn(@Nullable
 String value)

Specifies a custom configuration template to use when issuing a certificate.

getValidityNotBefore

@Stability(Stable)
@Nullable
public Object getValidityNotBefore()

Information describing the start of the validity period of the certificate.

Returns union: either IResolvable or CfnCertificate.ValidityProperty

setValidityNotBefore

@Stability(Stable)
public void setValidityNotBefore(@Nullable
 IResolvable value)

Information describing the start of the validity period of the certificate.

setValidityNotBefore

@Stability(Stable)
public void setValidityNotBefore(@Nullable
 CfnCertificate.ValidityProperty value)

Information describing the start of the validity period of the certificate.