AWS Private CA 模板品种

AWS 私有 CA 支持四种模板。

基础模板

不允许使用传递参数的预定义模板。
CSRPassthrough 模板

通过允许 CSR 传递来扩展其相应基础模板版本的模板。用于颁发证书的 CSR 中的扩展将复制到颁发的证书中。如果 CSR 包含与模板定义冲突的扩展值，则模板定义将始终具有更高的优先级。有关优先级的详细信息，请参阅 AWS Private CA 模板操作顺序。
APIPassthrough 模板

通过允许 API 传递来扩展其相应基础模板版本的模板。管理员或其他中间系统已知的动态值可能对请求证书的实体未知，可能无法在模板中定义，也可能在 CSR 中不可用。但是，CA 管理员可以从其他数据来源（例如 Active Directory）检索其他信息来完成请求。例如，如果一台计算机不知道自己属于哪个组织单位，则管理员可以在 Active Directory 中查找信息，然后通过在 JSON 结构中包含该信息来将其添加到证书请求中。

IssueCertificate 操作的 ApiPassthrough 参数中的值将复制到颁发的证书中。如果 ApiPassthrough 参数包含与模板定义冲突的信息，则模板定义将始终具有更高的优先级。有关优先级的详细信息，请参阅 AWS Private CA 模板操作顺序。
APICSRPassthrough 模板

通过允许 API 和 CSR 传递来扩展其相应基础模板版本的模板。用于颁发证书的 CSR 中的扩展将复制到颁发的证书中，且 IssueCertificate 操作的 ApiPassthrough 参数中的值也将复制过来。如果模板定义、API 传递值和 CSR 传递扩展存在冲突，则模板定义的优先级最高，其次是 API 传递值，最后是 CSR 传递扩展。有关优先级的详细信息，请参阅 AWS Private CA 模板操作顺序。

下表列出了支持的所有模板类型，并 AWS 私有 CA 附有指向其定义的链接。

注意

有关 GovCloud 区域模板 ARNs 的信息，请参阅AWS GovCloud (US) 用户指南AWS Private Certificate Authority中的。

基础模板
模板名称	模板 ARN	证书类型
CodeSigningCertificate/V1	`arn:aws:acm-pca:::template/CodeSigningCertificate/V1`	代码签名
EndEntityCertificate/V1	`arn:aws:acm-pca:::template/EndEntityCertificate/V1`	终端实体
EndEntityClientAuthCertificate/V1	`arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1`	终端实体
EndEntityServerAuthCertificate/V1	`arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1`	终端实体
OCSPSigning证书/V1	`arn:aws:acm-pca:::template/OCSPSigningCertificate/V1`	OCSP 签名
root CACertificate /V1	`arn:aws:acm-pca:::template/RootCACertificate/V1`	CA
下属 CACertificate _ PathLen 0/V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0/V1`	CA
下属 CACertificate _ PathLen 1/V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1`	CA
下属 CACertificate _ PathLen 2/V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1`	CA
下属 CACertificate _ PathLen 3/V1	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1`	CA

CSRPassthrough 模板
模板名称	模板 ARN	证书类型
BlankEndEntityCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_CSRPassthrough/V1`	终端实体
BlankEndEntityCertificate_ CriticalBasicConstraints _ CSRPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_CSRPassthrough/V1`	终端实体
BlankSubordinateCACertificate_PathLen0_CSRPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_CSRPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen1_CSRPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_CSRPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen2_CSRPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_CSRPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen3_CSRPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_CSRPassthrough/V1`	CA
CodeSigningCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/CodeSigningCertificate_CSRPassthrough/V1`	代码签名
EndEntityCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityCertificate_CSRPassthrough/V1`	终端实体
EndEntityClientAuthCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_CSRPassthrough/V1`	终端实体
EndEntityServerAuthCertificate_ CSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_CSRPassthrough/V1`	终端实体
OCSPSigning证书_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/OCSPSigningCertificate_CSRPassthrough/V1`	OCSP 签名
下属 CACertificate _ PathLen 0_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_CSRPassthrough/V1`	CA
下属 CACertificate _ PathLen 1_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_CSRPassthrough/V1`	CA
下属 CACertificate _ PathLen 2_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_CSRPassthrough/V1`	CA
下属 CACertificate _ PathLen 3_ /V1 CSRPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_CSRPassthrough/V1`	CA

APIPassthrough 模板
模板名称	模板 ARN	证书类型
BlankEndEntityCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_APIPassthrough/V1`	终端实体
BlankEndEntityCertificate_ CriticalBasicConstraints _ APIPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_APIPassthrough/V1`	终端实体
CodeSigningCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/CodeSigningCertificate_APIPassthrough/V1`	代码签名
EndEntityCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityCertificate_APIPassthrough/V1`	终端实体
EndEntityClientAuthCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_APIPassthrough/V1`	终端实体
EndEntityServerAuthCertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_APIPassthrough/V1`	终端实体
OCSPSigning证书_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/OCSPSigningCertificate_APIPassthrough/V1`	OCSP 签名
root CACertificate _ APIPassthrough /V1	`arn:aws:acm-pca:::template/RootCACertificate_APIPassthrough/V1`	CA
BlankRootCACertificate_ APIPassthrough /V1	`arn:aws:acm-pca:::template/BlankRootCACertificate_APIPassthrough/V1`	CA
BlankRootCACertificate_ PathLen 0_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen0_APIPassthrough/V1`	CA
BlankRootCACertificate_ PathLen 1_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen1_APIPassthrough/V1`	CA
BlankRootCACertificate_ PathLen 2_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen2_APIPassthrough/V1`	CA
BlankRootCACertificate_ PathLen 3_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen3_APIPassthrough/V1`	CA
下属 CACertificate _ PathLen 0_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_APIPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen0_APIPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_APIPassthrough/V1`	CA
下属 CACertificate _ PathLen 1_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_APIPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen1_APIPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_APIPassthrough/V1`	CA
下属 CACertificate _ PathLen 2_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_APIPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen2_APIPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_APIPassthrough/V1`	CA
下属 CACertificate _ PathLen 3_ /V1 APIPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_APIPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen3_APIPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_APIPassthrough/V1`	CA

APICSRPassthrough 模板
模板名称	模板 ARN	证书类型
BlankEndEntityCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_APICSRPassthrough/V1`	终端实体

BlankEndEntityCertificate_ CriticalBasicConstraints _ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_APICSRPassthrough/V1`	终端实体
CodeSigningCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/CodeSigningCertificate_APICSRPassthrough/V1`	代码签名
EndEntityCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityCertificate_APICSRPassthrough/V1`	终端实体
EndEntityClientAuthCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_APICSRPassthrough/V1`	终端实体
EndEntityServerAuthCertificate_ APICSRPassthrough /V1	`arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_APICSRPassthrough/V1`	终端实体
OCSPSigning证书_ /V1 APICSRPassthrough	`arn:aws:acm-pca:::template/OCSPSigningCertificate_APICSRPassthrough/V1`	OCSP 签名
下属 CACertificate _ PathLen 0_ /V1 APICSRPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_APICSRPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen0_APICSRPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_APICSRPassthrough/V1`	CA
下属 CACertificate _ PathLen 1_ /V1 APICSRPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_APICSRPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen1_APICSRPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_APICSRPassthrough/V1`	CA
下属 CACertificate _ PathLen 2_APICSRPassthrough/PathLen3_ V1 APIPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_APICSRPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen2_APICSRPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_APICSRPassthrough/V1`	CA
下属 CACertificate _ PathLen 3_ /V1 APICSRPassthrough	`arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_APICSRPassthrough/V1`	CA
BlankSubordinateCACertificate_PathLen3_APICSRPassthrough/V1	`arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_APICSRPassthrough/V1`	CA

Javascript 在您的浏览器中被禁用或不可用。

要使用 Amazon Web Services 文档，必须启用 Javascript。请参阅浏览器的帮助页面以了解相关说明。

文档惯例

证书模板

模板操作顺序