CertificateAuthority
Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority action to create your private CA. You must then call the GetCertificateAuthorityCertificate action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your AWS Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate action to import the signed certificate into AWS Certificate Manager (ACM).
Contents
- Arn
- 
               Amazon Resource Name (ARN) for your private certificate authority (CA). The format is 12345678-1234-1234-1234-123456789012.Type: String Length Constraints: Minimum length of 5. Maximum length of 200. Pattern: arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*Required: No 
- CertificateAuthorityConfiguration
- 
               Your private CA configuration. Type: CertificateAuthorityConfiguration object Required: No 
- CreatedAt
- 
               Date and time at which your private CA was created. Type: Timestamp Required: No 
- FailureReason
- 
               Reason the request to create your private CA failed. Type: String Valid Values: REQUEST_TIMED_OUT | UNSUPPORTED_ALGORITHM | OTHERRequired: No 
- KeyStorageSecurityStandard
- 
               Defines a cryptographic key management compliance standard for handling and protecting CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER NoteStarting January 26, 2023, AWS Private CA protects all CA private keys in non-China regions using hardware security modules (HSMs) that comply with FIPS PUB 140-2 Level 3. For information about security standard support in different AWS Regions, see Storage and security compliance of AWS Private CA private keys. Type: String Valid Values: FIPS_140_2_LEVEL_2_OR_HIGHER | FIPS_140_2_LEVEL_3_OR_HIGHER | CCPC_LEVEL_1_OR_HIGHERRequired: No 
- LastStateChangeAt
- 
               Date and time at which your private CA was last updated. Type: Timestamp Required: No 
- NotAfter
- 
               Date and time after which your private CA certificate is not valid. Type: Timestamp Required: No 
- NotBefore
- 
               Date and time before which your private CA certificate is not valid. Type: Timestamp Required: No 
- OwnerAccount
- 
               The AWS account ID that owns the certificate authority. Type: String Length Constraints: Fixed length of 12. Pattern: [0-9]+Required: No 
- RestorableUntil
- 
               The period during which a deleted CA can be restored. For more information, see the PermanentDeletionTimeInDaysparameter of the DeleteCertificateAuthorityRequest action.Type: Timestamp Required: No 
- RevocationConfiguration
- 
               Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA. Type: RevocationConfiguration object Required: No 
- Serial
- 
               Serial number of your private CA. Type: String Required: No 
- Status
- 
               Status of your private CA. Type: String Valid Values: CREATING | PENDING_CERTIFICATE | ACTIVE | DELETED | DISABLED | EXPIRED | FAILEDRequired: No 
- Type
- 
               Type of your private CA. Type: String Valid Values: ROOT | SUBORDINATERequired: No 
- UsageMode
- 
               Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. The default value is GENERAL_PURPOSE. Type: String Valid Values: GENERAL_PURPOSE | SHORT_LIVED_CERTIFICATERequired: No 
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: