本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # AWS 私有 CA 範本變體 AWS 私有 CA 支援四種類型的範本。 + **基本範本** 不允許傳遞參數的預先定義範本。 + **CSRPassthrough 範本** 允許 CSR 傳遞來擴展其對應基礎範本版本的範本。CSR 中用於發行憑證的延伸模組會複製到發行的憑證。如果 CSR 包含與範本定義衝突的延伸值,則範本定義一律具有較高的優先順序。如需優先順序的詳細資訊,請參閱 [AWS 私有 CA 範本操作順序範本操作順序](template-order-of-operations.md)。 + **APIPassthrough 範本** 允許 API 傳遞來擴展其對應基礎範本版本的範本。請求憑證的實體可能無法得知管理員或其他中繼系統已知的動態值,可能無法在範本中定義,也可能無法在 CSR 中使用。不過,CA 管理員可以從其他資料來源擷取其他資訊,例如 Active Directory,以完成請求。例如,如果機器不知道屬於哪個組織單位,管理員可以在 Active Directory 中查詢資訊,並在 JSON 結構中包含資訊,將其新增至憑證請求。 `IssueCertificate` 動作 `ApiPassthrough` 參數中的值``會複製到發行的憑證。如果 `ApiPassthrough` 參數包含與範本定義衝突的資訊,則範本定義一律具有較高的優先順序。如需優先順序的詳細資訊,請參閱 [AWS 私有 CA 範本操作順序範本操作順序](template-order-of-operations.md)。 + **APICSRPassthrough 範本** 透過允許 API 和 CSR 傳遞來擴展其對應基礎範本版本的範本。用於發行憑證的 CSR 中的延伸項目會複製到發行的憑證,而 `IssueCertificate`動作 `ApiPassthrough` 參數中的值也會透過 複製。如果範本定義、API 傳遞值和 CSR 傳遞延伸出現衝突,則範本定義具有最高優先順序,後面接著 API 傳遞值,後面接著 CSR 傳遞延伸。如需優先順序的詳細資訊,請參閱 [AWS 私有 CA 範本操作順序範本操作順序](template-order-of-operations.md)。 下表列出 支援的所有範本類型 AWS 私有 CA ,其中包含其定義的連結。 **注意** 如需 GovCloud 區域中範本 ARNs 的相關資訊,請參閱*AWS GovCloud (US) 《 使用者指南*[AWS 私有憑證授權單位](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-arns.html#using-govcloud-arn-syntax-acmpca)》中的 。 **基本範本** | 範本名稱 | 範本 ARN | 憑證類型 | | --- | --- | --- | | [CodeSigningCertificate/V1](template-definitions.md#CodeSigningCertificate-V1) | `arn:aws:acm-pca:::template/CodeSigningCertificate/V1` | 程式碼簽署 | | [EndEntityCertificate/V1](template-definitions.md#EndEntityCertificate-V1) | `arn:aws:acm-pca:::template/EndEntityCertificate/V1` | 終端實體 | | [EndEntityClientAuthCertificate/V1](template-definitions.md#EndEntityClientAuthCertificate-V1) | `arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1` | 終端實體 | | [EndEntityServerAuthCertificate/V1](template-definitions.md#EndEntityServerAuthCertificate-V1) | `arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1` | 終端實體 | | [OCSPSigningCertificate/V1](template-definitions.md#OCSPSigningCertificate-V1) | `arn:aws:acm-pca:::template/OCSPSigningCertificate/V1` | OCSP 簽署 | | [RootCACertificate/V1](template-definitions.md#RootCACertificate-V1) | `arn:aws:acm-pca:::template/RootCACertificate/V1` | CA | | [SubordinateCACertificate\_PathLen0/V1](template-definitions.md#SubordinateCACertificate_PathLen0-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0/V1` | CA | | [SubordinateCACertificate\_PathLen1/V1](template-definitions.md#SubordinateCACertificate_PathLen1-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1` | CA | | [SubordinateCACertificate\_PathLen2/V1](template-definitions.md#SubordinateCACertificate_PathLen2-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1` | CA | | [SubordinateCACertificate\_PathLen3/V1](template-definitions.md#SubordinateCACertificate_PathLen3-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1` | CA | **CSRPassthrough 範本** | 範本名稱 | 範本 ARN | 憑證類型 | | --- | --- | --- | | [BlankEndEntityCertificate\_CSRPassthrough/V1](template-definitions.md#BlankEndEntityCertificate_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_CSRPassthrough/V1` | 終端實體 | | [BlankEndEntityCertificate\_CriticalBasicConstraints\_CSRPassthrough/V1](template-definitions.md#BlankEndEntityCertificate_CriticalBasicConstraints_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_CSRPassthrough/V1` | 終端實體 | | [BlankSubordinateCACertificate\_PathLen0\_CSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen0_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_CSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen1\_CSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen1_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_CSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen2\_CSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen2_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_CSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen3\_CSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen3_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_CSRPassthrough/V1` | CA | | [CodeSigningCertificate\_CSRPassthrough/V1](template-definitions.md#CodeSigningCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/CodeSigningCertificate_CSRPassthrough/V1` | 程式碼簽署 | | [EndEntityCertificate\_CSRPassthrough/V1](template-definitions.md#EndEntityCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/EndEntityCertificate_CSRPassthrough/V1` | 終端實體 | | [EndEntityClientAuthCertificate\_CSRPassthrough/V1](template-definitions.md#EndEntityClientAuthCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_CSRPassthrough/V1` | 終端實體 | | [EndEntityServerAuthCertificate\_CSRPassthrough/V1](template-definitions.md#EndEntityServerAuthCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_CSRPassthrough/V1` | 終端實體 | | [OCSPSigningCertificate\_CSRPassthrough/V1](template-definitions.md#OCSPSigningCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/OCSPSigningCertificate_CSRPassthrough/V1` | OCSP 簽署 | | [SubordinateCACertificate\_PathLen0\_CSRPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen0_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_CSRPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen1\_CSRPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen1_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_CSRPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen2\_CSRPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen2_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_CSRPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen3\_CSRPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen3_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_CSRPassthrough/V1` | CA | **APIPassthrough 範本** | 範本名稱 | 範本 ARN | 憑證類型 | | --- | --- | --- | | [BlankEndEntityCertificate\_APIPassthrough/V1](template-definitions.md#BlankEndEntityCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_APIPassthrough/V1` | 終端實體 | | [BlankEndEntityCertificate\_CriticalBasicConstraints\_APIPassthrough/V1](template-definitions.md#BlankEndEntityCertificate_CriticalBasicConstraints_APIPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_APIPassthrough/V1` | 終端實體 | | [CodeSigningCertificate\_APIPassthrough/V1](template-definitions.md#CodeSigningCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/CodeSigningCertificate_APIPassthrough/V1` | 程式碼簽署 | | [EndEntityCertificate\_APIPassthrough/V1](template-definitions.md#EndEntityCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/EndEntityCertificate_APIPassthrough/V1` | 終端實體 | | [EndEntityClientAuthCertificate\_APIPassthrough/V1](template-definitions.md#EndEntityClientAuthCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_APIPassthrough/V1` | 終端實體 | | [EndEntityServerAuthCertificate\_APIPassthrough/V1](template-definitions.md#EndEntityServerAuthCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_APIPassthrough/V1` | 終端實體 | | [OCSPSigningCertificate\_APIPassthrough/V1](template-definitions.md#OCSPSigningCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/OCSPSigningCertificate_APIPassthrough/V1` | OCSP 簽署 | | [RootCACertificate\_APIPassthrough/V1](template-definitions.md#RootCACertificate_APIPassthrough) | `arn:aws:acm-pca:::template/RootCACertificate_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_APIPassthrough/V1](template-definitions.md#BlankRootCACertificate_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_PathLen0\_APIPassthrough/V1](template-definitions.md#BlankRootCACertificate_PathLen0_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen0_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_PathLen1\_APIPassthrough/V1](template-definitions.md#BlankRootCACertificate_PathLen1_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen1_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_PathLen2\_APIPassthrough/V1](template-definitions.md#BlankRootCACertificate_PathLen2_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen2_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_PathLen3\_APIPassthrough/V1](template-definitions.md#BlankRootCACertificate_PathLen3_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen3_APIPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen0\_APIPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen0_APIPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_APIPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen0\_APIPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen0_APIPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_APIPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen1\_APIPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen1_APIPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_APIPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen1\_APIPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen1_APIPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_APIPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen2\_APIPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen2_APIPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_APIPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen2\_APIPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen2_APIPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_APIPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen3\_APIPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen3_APIPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_APIPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen3\_APIPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen3_APIPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_APIPassthrough/V1` | CA | **APICSRPassthrough 範本** | 範本名稱 | 範本 ARN | 憑證類型 | | --- | --- | --- | | [BlankEndEntityCertificate\_APICSRPassthrough/V1](template-definitions.md#BlankEndEntityCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_APICSRPassthrough/V1` | 終端實體 | | | | | | [BlankEndEntityCertificate\_CriticalBasicConstraints\_APICSRPassthrough/V1](template-definitions.md#BlankEndEntityCertificate_CriticalBasicConstraints_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_APICSRPassthrough/V1` | 終端實體 | | [CodeSigningCertificate\_APICSRPassthrough/V1](template-definitions.md#CodeSigningCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/CodeSigningCertificate_APICSRPassthrough/V1` | 程式碼簽署 | | [EndEntityCertificate\_APICSRPassthrough/V1](template-definitions.md#EndEntityCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/EndEntityCertificate_APICSRPassthrough/V1` | 終端實體 | | [EndEntityClientAuthCertificate\_APICSRPassthrough/V1](template-definitions.md#EndEntityClientAuthCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_APICSRPassthrough/V1` | 終端實體 | | [EndEntityServerAuthCertificate\_APICSRPassthrough/V1](template-definitions.md#EndEntityServerAuthCertificate_APICSRPassthrough) | arn:aws:acm-pca:::template/EndEntityServerAuthCertificate\_APICSRPassthrough/V1 | 終端實體 | | [OCSPSigningCertificate\_APICSRPassthrough/V1](template-definitions.md#OCSPSigningCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/OCSPSigningCertificate_APICSRPassthrough/V1` | OCSP 簽署 | | [SubordinateCACertificate\_PathLen0\_APICSRPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen0_APICSRPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_APICSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen0\_APICSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen0_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_APICSRPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen1\_APICSRPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen1_APICSRPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_APICSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen1\_APICSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen1_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_APICSRPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen2\_APICSRPassthrough/PathLen3\_APIPassthroughV1](template-definitions.md#SubordinateCACertificate_PathLen2_APICSRPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_APICSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen2\_APICSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen2_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_APICSRPassthrough/V1` | CA | | [SubordinateCACertificate\_PathLen3\_APICSRPassthrough/V1](template-definitions.md#SubordinateCACertificate_PathLen3_APICSRPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_APICSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen3\_APICSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen3_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_APICSRPassthrough/V1` | CA |