Package software.amazon.awscdk.services.certificatemanager

Interface PrivateCertificateProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

PrivateCertificateProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)",
           date="2025-11-13T16:10:00.208Z")
@Stability(Stable)
public interface PrivateCertificateProps
extends software.amazon.jsii.JsiiSerializable

Properties for your private certificate.

Example:

 import software.amazon.awscdk.services.acmpca.*;
 PrivateCertificate.Builder.create(this, "PrivateCertificate")
         .domainName("test.example.com")
         .subjectAlternativeNames(List.of("cool.example.com", "test.example.net")) // optional
         .certificateAuthority(CertificateAuthority.fromCertificateAuthorityArn(this, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77"))
         .keyAlgorithm(KeyAlgorithm.RSA_2048)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	PrivateCertificateProps.Builder	A builder for PrivateCertificateProps
static final class	PrivateCertificateProps.Jsii$Proxy	An implementation for PrivateCertificateProps

Method Summary

Modifier and Type	Method	Description
static PrivateCertificateProps.Builder	builder()
default Boolean	getAllowExport()	Enable or disable export of this certificate.
ICertificateAuthority	getCertificateAuthority()	Private certificate authority (CA) that will be used to issue the certificate.
String	getDomainName()	Fully-qualified domain name to request a private certificate for.
default KeyAlgorithm	getKeyAlgorithm()	Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
default List<String>	getSubjectAlternativeNames()	Alternative domain names on your private certificate.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getCertificateAuthority

@Stability(Stable)
@NotNull
ICertificateAuthority getCertificateAuthority()

Private certificate authority (CA) that will be used to issue the certificate.

getDomainName

@Stability(Stable)
@NotNull
String getDomainName()

Fully-qualified domain name to request a private certificate for.

May contain wildcards, such as *.domain.com.

getAllowExport

@Stability(Stable)
@Nullable
default Boolean getAllowExport()

Enable or disable export of this certificate.

If you issue an exportable public certificate, there is a charge at certificate issuance and again when the certificate renews. Ref: https://aws.amazon.com/certificate-manager/pricing

Default: false

getKeyAlgorithm

@Stability(Stable)
@Nullable
default KeyAlgorithm getKeyAlgorithm()

Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.

When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.

Default: KeyAlgorithm.RSA_2048

See Also:

• https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title

getSubjectAlternativeNames

@Stability(Stable)
@Nullable
default List<String> getSubjectAlternativeNames()

Alternative domain names on your private certificate.

Use this to register alternative domain names that represent the same site.

Default: - No additional FQDNs will be included as alternative domain names.

builder

@Stability(Stable)
static PrivateCertificateProps.Builder builder()

Returns:

a PrivateCertificateProps.Builder of PrivateCertificateProps