Interface CfnCertificateAuthority.RevocationConfigurationProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnCertificateAuthority.RevocationConfigurationProperty.Jsii$Proxy
- Enclosing class:
CfnCertificateAuthority
@Stability(Stable)
public static interface CfnCertificateAuthority.RevocationConfigurationProperty
extends software.amazon.jsii.JsiiSerializable
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide .
The following requirements and constraints apply to revocation configurations.
- A configuration disabling CRLs or OCSP must contain only the
Enabled=Falseparameter, and will fail if other parameters such asCustomCnameorExpirationInDaysare included. - In a CRL configuration, the
S3BucketNameparameter must conform to the Amazon S3 bucket naming rules . - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
- In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
- To revoke a certificate, delete the resource from your template, and call the AWS Private CA RevokeCertificate API and specify the resource's certificate authority ARN.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.acmpca.*;
RevocationConfigurationProperty revocationConfigurationProperty = RevocationConfigurationProperty.builder()
.crlConfiguration(CrlConfigurationProperty.builder()
.enabled(false)
// the properties below are optional
.crlDistributionPointExtensionConfiguration(CrlDistributionPointExtensionConfigurationProperty.builder()
.omitExtension(false)
.build())
.crlType("crlType")
.customCname("customCname")
.customPath("customPath")
.expirationInDays(123)
.s3BucketName("s3BucketName")
.s3ObjectAcl("s3ObjectAcl")
.build())
.ocspConfiguration(OcspConfigurationProperty.builder()
.enabled(false)
// the properties below are optional
.ocspCustomCname("ocspCustomCname")
.build())
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnCertificateAuthority.RevocationConfigurationPropertystatic final classAn implementation forCfnCertificateAuthority.RevocationConfigurationProperty -
Method Summary
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getCrlConfiguration
Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.Returns union: either
IResolvableorCfnCertificateAuthority.CrlConfigurationProperty- See Also:
-
getOcspConfiguration
Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.Returns union: either
IResolvableorCfnCertificateAuthority.OcspConfigurationProperty- See Also:
-
builder
-