aws-sdk-acmpca 1.46.0 → 1.49.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-acmpca/client.rb +143 -79
- data/lib/aws-sdk-acmpca/client_api.rb +21 -0
- data/lib/aws-sdk-acmpca/types.rb +268 -52
- data/lib/aws-sdk-acmpca.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a68035efe70685c51e54df7849d02337ab1ed8055de98c659b0537a81271b709
|
4
|
+
data.tar.gz: cd8092280a1c134272eaab5bbb70de6ad8d908cc1636575cd6af72ca01d38a4e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0bd3680eff0c321ebc29d32e3c1b872131fb29d49f621deb2c7dba50d069fd8fd51fb5ca588ddf7183aecf8411638d80f407e5b826faf4923bcf5ddc397413d0
|
7
|
+
data.tar.gz: 95e81fd32a6da57c832b1a1ee66010f361cf73214108dcb0e2b0e624a6375e66838b124611ae76e49ff353f70fb1d4c7defc1c3554379aaf694e3c95886c8cdd
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,21 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.49.0 (2022-07-20)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - AWS Certificate Manager (ACM) Private Certificate Authority (PCA) documentation updates
|
8
|
+
|
9
|
+
1.48.0 (2022-03-28)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Updating service name entities
|
13
|
+
|
14
|
+
1.47.0 (2022-03-16)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports customizable certificate subject names and extensions.
|
18
|
+
|
4
19
|
1.46.0 (2022-02-24)
|
5
20
|
------------------
|
6
21
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.49.0
|
@@ -382,14 +382,14 @@ module Aws::ACMPCA
|
|
382
382
|
# <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
|
383
383
|
# bucket that you specify. If the IAM principal making the call does not
|
384
384
|
# have permission to write to the bucket, then an exception is thrown.
|
385
|
-
# For more information, see [
|
385
|
+
# For more information, see [Access policies for CRLs in Amazon S3][2].
|
386
386
|
#
|
387
387
|
# </note>
|
388
388
|
#
|
389
389
|
#
|
390
390
|
#
|
391
391
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
|
392
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
392
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
|
393
393
|
#
|
394
394
|
# @option params [required, Types::CertificateAuthorityConfiguration] :certificate_authority_configuration
|
395
395
|
# Name and bit size of the private key algorithm, the name of the
|
@@ -426,9 +426,15 @@ module Aws::ACMPCA
|
|
426
426
|
#
|
427
427
|
# Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
|
428
428
|
#
|
429
|
-
# Note
|
430
|
-
#
|
431
|
-
#
|
429
|
+
# *Note:* `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in the
|
430
|
+
# following Regions:
|
431
|
+
#
|
432
|
+
# * ap-northeast-3
|
433
|
+
#
|
434
|
+
# * ap-southeast-3
|
435
|
+
#
|
436
|
+
# When creating a CA in these Regions, you must provide
|
437
|
+
# `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for
|
432
438
|
# `KeyStorageSecurityStandard`. Failure to do this results in an
|
433
439
|
# `InvalidArgsException` with the message, "A certificate authority
|
434
440
|
# cannot be created in this region with the specified security
|
@@ -469,6 +475,12 @@ module Aws::ACMPCA
|
|
469
475
|
# initials: "String5",
|
470
476
|
# pseudonym: "String128",
|
471
477
|
# generation_qualifier: "String3",
|
478
|
+
# custom_attributes: [
|
479
|
+
# {
|
480
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
481
|
+
# value: "String1To256", # required
|
482
|
+
# },
|
483
|
+
# ],
|
472
484
|
# },
|
473
485
|
# csr_extensions: {
|
474
486
|
# key_usage: {
|
@@ -510,6 +522,12 @@ module Aws::ACMPCA
|
|
510
522
|
# initials: "String5",
|
511
523
|
# pseudonym: "String128",
|
512
524
|
# generation_qualifier: "String3",
|
525
|
+
# custom_attributes: [
|
526
|
+
# {
|
527
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
528
|
+
# value: "String1To256", # required
|
529
|
+
# },
|
530
|
+
# ],
|
513
531
|
# },
|
514
532
|
# edi_party_name: {
|
515
533
|
# party_name: "String256", # required
|
@@ -568,7 +586,7 @@ module Aws::ACMPCA
|
|
568
586
|
# <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
|
569
587
|
# bucket that you specify. If the IAM principal making the call does not
|
570
588
|
# have permission to write to the bucket, then an exception is thrown.
|
571
|
-
# For more information, see [
|
589
|
+
# For more information, see [Access policies for CRLs in Amazon S3][3].
|
572
590
|
#
|
573
591
|
# </note>
|
574
592
|
#
|
@@ -576,11 +594,15 @@ module Aws::ACMPCA
|
|
576
594
|
# with encryption. For more information, see [Encrypting Your Audit
|
577
595
|
# Reports][4].
|
578
596
|
#
|
597
|
+
# <note markdown="1"> You can generate a maximum of one report every 30 minutes.
|
598
|
+
#
|
599
|
+
# </note>
|
600
|
+
#
|
579
601
|
#
|
580
602
|
#
|
581
603
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
|
582
604
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
|
583
|
-
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
605
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
|
584
606
|
# [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption
|
585
607
|
#
|
586
608
|
# @option params [required, String] :certificate_authority_arn
|
@@ -624,10 +646,10 @@ module Aws::ACMPCA
|
|
624
646
|
req.send_request(options)
|
625
647
|
end
|
626
648
|
|
627
|
-
# Grants one or more permissions on a private CA to the
|
649
|
+
# Grants one or more permissions on a private CA to the Certificate
|
628
650
|
# Manager (ACM) service principal (`acm.amazonaws.com`). These
|
629
651
|
# permissions allow ACM to issue and renew ACM certificates that reside
|
630
|
-
# in the same
|
652
|
+
# in the same Amazon Web Services account as the CA.
|
631
653
|
#
|
632
654
|
# You can list current permissions with the [ListPermissions][1] action
|
633
655
|
# and revoke them with the [DeletePermission][2] action.
|
@@ -668,15 +690,17 @@ module Aws::ACMPCA
|
|
668
690
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
669
691
|
#
|
670
692
|
# @option params [required, String] :principal
|
671
|
-
# The
|
672
|
-
# time, the only valid principal is
|
693
|
+
# The Amazon Web Services service or identity that receives the
|
694
|
+
# permission. At this time, the only valid principal is
|
695
|
+
# `acm.amazonaws.com`.
|
673
696
|
#
|
674
697
|
# @option params [String] :source_account
|
675
698
|
# The ID of the calling account.
|
676
699
|
#
|
677
700
|
# @option params [required, Array<String>] :actions
|
678
|
-
# The actions that the specified
|
679
|
-
# include `IssueCertificate`, `GetCertificate`, and
|
701
|
+
# The actions that the specified Amazon Web Services service principal
|
702
|
+
# can use. These include `IssueCertificate`, `GetCertificate`, and
|
703
|
+
# `ListPermissions`.
|
680
704
|
#
|
681
705
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
682
706
|
#
|
@@ -770,13 +794,13 @@ module Aws::ACMPCA
|
|
770
794
|
req.send_request(options)
|
771
795
|
end
|
772
796
|
|
773
|
-
# Revokes permissions on a private CA granted to the
|
774
|
-
#
|
797
|
+
# Revokes permissions on a private CA granted to the Certificate Manager
|
798
|
+
# (ACM) service principal (acm.amazonaws.com).
|
775
799
|
#
|
776
800
|
# These permissions allow ACM to issue and renew ACM certificates that
|
777
|
-
# reside in the same
|
778
|
-
# permissions, ACM will no longer renew the affected
|
779
|
-
# automatically.
|
801
|
+
# reside in the same Amazon Web Services account as the CA. If you
|
802
|
+
# revoke these permissions, ACM will no longer renew the affected
|
803
|
+
# certificates automatically.
|
780
804
|
#
|
781
805
|
# Permissions can be granted with the [CreatePermission][1] action and
|
782
806
|
# listed with the [ListPermissions][2] action.
|
@@ -818,11 +842,12 @@ module Aws::ACMPCA
|
|
818
842
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
819
843
|
#
|
820
844
|
# @option params [required, String] :principal
|
821
|
-
# The
|
822
|
-
# At this time, the only valid service principal is
|
845
|
+
# The Amazon Web Services service or identity that will have its CA
|
846
|
+
# permissions revoked. At this time, the only valid service principal is
|
847
|
+
# `acm.amazonaws.com`
|
823
848
|
#
|
824
849
|
# @option params [String] :source_account
|
825
|
-
# The
|
850
|
+
# The Amazon Web Services account that calls this action.
|
826
851
|
#
|
827
852
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
828
853
|
#
|
@@ -847,25 +872,26 @@ module Aws::ACMPCA
|
|
847
872
|
# will remove any access that the policy has granted. If there is no
|
848
873
|
# policy attached to the private CA, this action will return successful.
|
849
874
|
#
|
850
|
-
# If you delete a policy that was applied through
|
851
|
-
# Manager (RAM), the CA will be removed from all shares
|
852
|
-
# included.
|
875
|
+
# If you delete a policy that was applied through Amazon Web Services
|
876
|
+
# Resource Access Manager (RAM), the CA will be removed from all shares
|
877
|
+
# in which it was included.
|
853
878
|
#
|
854
|
-
# The
|
855
|
-
#
|
879
|
+
# The Certificate Manager Service Linked Role that the policy supports
|
880
|
+
# is not affected when you delete the policy.
|
856
881
|
#
|
857
882
|
# The current policy can be shown with [GetPolicy][1] and updated with
|
858
883
|
# [PutPolicy][2].
|
859
884
|
#
|
860
885
|
# **About Policies**
|
861
886
|
#
|
862
|
-
# * A policy grants access on a private CA to an
|
863
|
-
# to
|
864
|
-
#
|
865
|
-
#
|
887
|
+
# * A policy grants access on a private CA to an Amazon Web Services
|
888
|
+
# customer account, to Amazon Web Services Organizations, or to an
|
889
|
+
# Amazon Web Services Organizations unit. Policies are under the
|
890
|
+
# control of a CA administrator. For more information, see [Using a
|
891
|
+
# Resource Based Policy with ACM Private CA][3].
|
866
892
|
#
|
867
|
-
# * A policy permits a user of
|
868
|
-
#
|
893
|
+
# * A policy permits a user of Certificate Manager (ACM) to issue ACM
|
894
|
+
# certificates signed by a CA in another account.
|
869
895
|
#
|
870
896
|
# * For ACM to manage automatic renewal of these certificates, the ACM
|
871
897
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
@@ -873,9 +899,9 @@ module Aws::ACMPCA
|
|
873
899
|
# confirmation against the ACM Private CA policy. For more
|
874
900
|
# information, see [Using a Service Linked Role with ACM][4].
|
875
901
|
#
|
876
|
-
# * Updates made in
|
877
|
-
# policies. For more information, see [Attach a Policy
|
878
|
-
# Cross-Account Access][5].
|
902
|
+
# * Updates made in Amazon Web Services Resource Manager (RAM) are
|
903
|
+
# reflected in policies. For more information, see [Attach a Policy
|
904
|
+
# for Cross-Account Access][5].
|
879
905
|
#
|
880
906
|
#
|
881
907
|
#
|
@@ -932,9 +958,9 @@ module Aws::ACMPCA
|
|
932
958
|
# * `EXPIRED` - Your private CA certificate has expired.
|
933
959
|
#
|
934
960
|
# * `FAILED` - Your private CA has failed. Your CA can fail because of
|
935
|
-
# problems such a network outage or back-end
|
936
|
-
# errors. A failed CA can never return to the pending
|
937
|
-
# create a new CA.
|
961
|
+
# problems such a network outage or back-end Amazon Web Services
|
962
|
+
# failure or other errors. A failed CA can never return to the pending
|
963
|
+
# state. You must create a new CA.
|
938
964
|
#
|
939
965
|
# * `DELETED` - Your private CA is within the restoration period, after
|
940
966
|
# which it is permanently deleted. The length of time remaining in the
|
@@ -989,6 +1015,9 @@ module Aws::ACMPCA
|
|
989
1015
|
# resp.certificate_authority.certificate_authority_configuration.subject.initials #=> String
|
990
1016
|
# resp.certificate_authority.certificate_authority_configuration.subject.pseudonym #=> String
|
991
1017
|
# resp.certificate_authority.certificate_authority_configuration.subject.generation_qualifier #=> String
|
1018
|
+
# resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes #=> Array
|
1019
|
+
# resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes[0].object_identifier #=> String
|
1020
|
+
# resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes[0].value #=> String
|
992
1021
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
|
993
1022
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
|
994
1023
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
|
@@ -1019,6 +1048,9 @@ module Aws::ACMPCA
|
|
1019
1048
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
|
1020
1049
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
|
1021
1050
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
|
1051
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes #=> Array
|
1052
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].object_identifier #=> String
|
1053
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].value #=> String
|
1022
1054
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
|
1023
1055
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
|
1024
1056
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
|
@@ -1268,13 +1300,14 @@ module Aws::ACMPCA
|
|
1268
1300
|
#
|
1269
1301
|
# **About Policies**
|
1270
1302
|
#
|
1271
|
-
# * A policy grants access on a private CA to an
|
1272
|
-
# to
|
1273
|
-
#
|
1274
|
-
#
|
1303
|
+
# * A policy grants access on a private CA to an Amazon Web Services
|
1304
|
+
# customer account, to Amazon Web Services Organizations, or to an
|
1305
|
+
# Amazon Web Services Organizations unit. Policies are under the
|
1306
|
+
# control of a CA administrator. For more information, see [Using a
|
1307
|
+
# Resource Based Policy with ACM Private CA][3].
|
1275
1308
|
#
|
1276
|
-
# * A policy permits a user of
|
1277
|
-
#
|
1309
|
+
# * A policy permits a user of Certificate Manager (ACM) to issue ACM
|
1310
|
+
# certificates signed by a CA in another account.
|
1278
1311
|
#
|
1279
1312
|
# * For ACM to manage automatic renewal of these certificates, the ACM
|
1280
1313
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
@@ -1282,9 +1315,9 @@ module Aws::ACMPCA
|
|
1282
1315
|
# confirmation against the ACM Private CA policy. For more
|
1283
1316
|
# information, see [Using a Service Linked Role with ACM][4].
|
1284
1317
|
#
|
1285
|
-
# * Updates made in
|
1286
|
-
# policies. For more information, see [Attach a Policy
|
1287
|
-
# Cross-Account Access][5].
|
1318
|
+
# * Updates made in Amazon Web Services Resource Manager (RAM) are
|
1319
|
+
# reflected in policies. For more information, see [Attach a Policy
|
1320
|
+
# for Cross-Account Access][5].
|
1288
1321
|
#
|
1289
1322
|
#
|
1290
1323
|
#
|
@@ -1521,7 +1554,7 @@ module Aws::ACMPCA
|
|
1521
1554
|
# contains your X509 version 3 extensions.
|
1522
1555
|
#
|
1523
1556
|
# `openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey
|
1524
|
-
# rsa:2048 -days
|
1557
|
+
# rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out
|
1525
1558
|
# csr/test_cert_.csr`
|
1526
1559
|
#
|
1527
1560
|
# Note: A CSR must provide either a *subject name* or a *subject
|
@@ -1535,6 +1568,11 @@ module Aws::ACMPCA
|
|
1535
1568
|
# parameter used to sign a CSR in the `CreateCertificateAuthority`
|
1536
1569
|
# action.
|
1537
1570
|
#
|
1571
|
+
# <note markdown="1"> The specified signing algorithm family (RSA or ECDSA) much match the
|
1572
|
+
# algorithm family of the CA's secret key.
|
1573
|
+
#
|
1574
|
+
# </note>
|
1575
|
+
#
|
1538
1576
|
# @option params [String] :template_arn
|
1539
1577
|
# Specifies a custom configuration template to use when issuing a
|
1540
1578
|
# certificate. If this parameter is not provided, ACM Private CA
|
@@ -1575,7 +1613,7 @@ module Aws::ACMPCA
|
|
1575
1613
|
#
|
1576
1614
|
#
|
1577
1615
|
#
|
1578
|
-
# [1]: https://
|
1616
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
|
1579
1617
|
#
|
1580
1618
|
# @option params [Types::Validity] :validity_not_before
|
1581
1619
|
# Information describing the start of the validity period of the
|
@@ -1599,7 +1637,7 @@ module Aws::ACMPCA
|
|
1599
1637
|
#
|
1600
1638
|
#
|
1601
1639
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
|
1602
|
-
# [2]: https://
|
1640
|
+
# [2]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
|
1603
1641
|
#
|
1604
1642
|
# @option params [String] :idempotency_token
|
1605
1643
|
# Alphanumeric string that can be used to distinguish between calls to
|
@@ -1673,6 +1711,12 @@ module Aws::ACMPCA
|
|
1673
1711
|
# initials: "String5",
|
1674
1712
|
# pseudonym: "String128",
|
1675
1713
|
# generation_qualifier: "String3",
|
1714
|
+
# custom_attributes: [
|
1715
|
+
# {
|
1716
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1717
|
+
# value: "String1To256", # required
|
1718
|
+
# },
|
1719
|
+
# ],
|
1676
1720
|
# },
|
1677
1721
|
# edi_party_name: {
|
1678
1722
|
# party_name: "String256", # required
|
@@ -1683,6 +1727,13 @@ module Aws::ACMPCA
|
|
1683
1727
|
# registered_id: "CustomObjectIdentifier",
|
1684
1728
|
# },
|
1685
1729
|
# ],
|
1730
|
+
# custom_extensions: [
|
1731
|
+
# {
|
1732
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1733
|
+
# value: "Base64String1To4096", # required
|
1734
|
+
# critical: false,
|
1735
|
+
# },
|
1736
|
+
# ],
|
1686
1737
|
# },
|
1687
1738
|
# subject: {
|
1688
1739
|
# country: "CountryCodeString",
|
@@ -1699,6 +1750,12 @@ module Aws::ACMPCA
|
|
1699
1750
|
# initials: "String5",
|
1700
1751
|
# pseudonym: "String128",
|
1701
1752
|
# generation_qualifier: "String3",
|
1753
|
+
# custom_attributes: [
|
1754
|
+
# {
|
1755
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1756
|
+
# value: "String1To256", # required
|
1757
|
+
# },
|
1758
|
+
# ],
|
1702
1759
|
# },
|
1703
1760
|
# },
|
1704
1761
|
# certificate_authority_arn: "Arn", # required
|
@@ -1797,6 +1854,9 @@ module Aws::ACMPCA
|
|
1797
1854
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.initials #=> String
|
1798
1855
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.pseudonym #=> String
|
1799
1856
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.generation_qualifier #=> String
|
1857
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes #=> Array
|
1858
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes[0].object_identifier #=> String
|
1859
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes[0].value #=> String
|
1800
1860
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
|
1801
1861
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
|
1802
1862
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
|
@@ -1827,6 +1887,9 @@ module Aws::ACMPCA
|
|
1827
1887
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
|
1828
1888
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
|
1829
1889
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
|
1890
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes #=> Array
|
1891
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].object_identifier #=> String
|
1892
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].value #=> String
|
1830
1893
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
|
1831
1894
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
|
1832
1895
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
|
@@ -1852,11 +1915,11 @@ module Aws::ACMPCA
|
|
1852
1915
|
req.send_request(options)
|
1853
1916
|
end
|
1854
1917
|
|
1855
|
-
# List all permissions on a private CA, if any, granted to the
|
1918
|
+
# List all permissions on a private CA, if any, granted to the
|
1856
1919
|
# Certificate Manager (ACM) service principal (acm.amazonaws.com).
|
1857
1920
|
#
|
1858
1921
|
# These permissions allow ACM to issue and renew ACM certificates that
|
1859
|
-
# reside in the same
|
1922
|
+
# reside in the same Amazon Web Services account as the CA.
|
1860
1923
|
#
|
1861
1924
|
# Permissions can be granted with the [CreatePermission][1] action and
|
1862
1925
|
# revoked with the [DeletePermission][2] action.
|
@@ -2012,22 +2075,23 @@ module Aws::ACMPCA
|
|
2012
2075
|
|
2013
2076
|
# Attaches a resource-based policy to a private CA.
|
2014
2077
|
#
|
2015
|
-
# A policy can also be applied by sharing a private CA through
|
2016
|
-
# Resource Access Manager (RAM). For more information, see
|
2017
|
-
# Policy for Cross-Account Access][1].
|
2078
|
+
# A policy can also be applied by sharing a private CA through Amazon
|
2079
|
+
# Web Services Resource Access Manager (RAM). For more information, see
|
2080
|
+
# [Attach a Policy for Cross-Account Access][1].
|
2018
2081
|
#
|
2019
2082
|
# The policy can be displayed with [GetPolicy][2] and removed with
|
2020
2083
|
# [DeletePolicy][3].
|
2021
2084
|
#
|
2022
2085
|
# **About Policies**
|
2023
2086
|
#
|
2024
|
-
# * A policy grants access on a private CA to an
|
2025
|
-
# to
|
2026
|
-
#
|
2027
|
-
#
|
2087
|
+
# * A policy grants access on a private CA to an Amazon Web Services
|
2088
|
+
# customer account, to Amazon Web Services Organizations, or to an
|
2089
|
+
# Amazon Web Services Organizations unit. Policies are under the
|
2090
|
+
# control of a CA administrator. For more information, see [Using a
|
2091
|
+
# Resource Based Policy with ACM Private CA][4].
|
2028
2092
|
#
|
2029
|
-
# * A policy permits a user of
|
2030
|
-
#
|
2093
|
+
# * A policy permits a user of Certificate Manager (ACM) to issue ACM
|
2094
|
+
# certificates signed by a CA in another account.
|
2031
2095
|
#
|
2032
2096
|
# * For ACM to manage automatic renewal of these certificates, the ACM
|
2033
2097
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
@@ -2035,9 +2099,9 @@ module Aws::ACMPCA
|
|
2035
2099
|
# confirmation against the ACM Private CA policy. For more
|
2036
2100
|
# information, see [Using a Service Linked Role with ACM][5].
|
2037
2101
|
#
|
2038
|
-
# * Updates made in
|
2039
|
-
# policies. For more information, see [Attach a Policy
|
2040
|
-
# Cross-Account Access][1].
|
2102
|
+
# * Updates made in Amazon Web Services Resource Manager (RAM) are
|
2103
|
+
# reflected in policies. For more information, see [Attach a Policy
|
2104
|
+
# for Cross-Account Access][1].
|
2041
2105
|
#
|
2042
2106
|
#
|
2043
2107
|
#
|
@@ -2156,7 +2220,7 @@ module Aws::ACMPCA
|
|
2156
2220
|
# <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
|
2157
2221
|
# bucket that you specify. If the IAM principal making the call does not
|
2158
2222
|
# have permission to write to the bucket, then an exception is thrown.
|
2159
|
-
# For more information, see [
|
2223
|
+
# For more information, see [Access policies for CRLs in Amazon S3][2].
|
2160
2224
|
#
|
2161
2225
|
# </note>
|
2162
2226
|
#
|
@@ -2170,7 +2234,7 @@ module Aws::ACMPCA
|
|
2170
2234
|
#
|
2171
2235
|
#
|
2172
2236
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html
|
2173
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
2237
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
|
2174
2238
|
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
|
2175
2239
|
#
|
2176
2240
|
# @option params [required, String] :certificate_authority_arn
|
@@ -2192,7 +2256,7 @@ module Aws::ACMPCA
|
|
2192
2256
|
# `openssl x509 -in file_path -text -noout`
|
2193
2257
|
#
|
2194
2258
|
# You can also copy the serial number from the console or use the
|
2195
|
-
# [DescribeCertificate][2] action in the *
|
2259
|
+
# [DescribeCertificate][2] action in the *Certificate Manager API
|
2196
2260
|
# Reference*.
|
2197
2261
|
#
|
2198
2262
|
#
|
@@ -2223,15 +2287,15 @@ module Aws::ACMPCA
|
|
2223
2287
|
end
|
2224
2288
|
|
2225
2289
|
# Adds one or more tags to your private CA. Tags are labels that you can
|
2226
|
-
# use to identify and organize your
|
2227
|
-
# a key and an optional value. You specify the private
|
2228
|
-
# its Amazon Resource Name (ARN). You specify the tag by
|
2229
|
-
# key-value pair. You can apply a tag to just one private CA if
|
2230
|
-
# to identify a specific characteristic of that CA, or you can
|
2231
|
-
# same tag to multiple private CAs if you want to filter for a
|
2232
|
-
# relationship among those CAs. To remove one or more tags, use
|
2233
|
-
# [UntagCertificateAuthority][1] action. Call the [ListTags][2]
|
2234
|
-
# to see what tags are associated with your CA.
|
2290
|
+
# use to identify and organize your Amazon Web Services resources. Each
|
2291
|
+
# tag consists of a key and an optional value. You specify the private
|
2292
|
+
# CA on input by its Amazon Resource Name (ARN). You specify the tag by
|
2293
|
+
# using a key-value pair. You can apply a tag to just one private CA if
|
2294
|
+
# you want to identify a specific characteristic of that CA, or you can
|
2295
|
+
# apply the same tag to multiple private CAs if you want to filter for a
|
2296
|
+
# common relationship among those CAs. To remove one or more tags, use
|
2297
|
+
# the [UntagCertificateAuthority][1] action. Call the [ListTags][2]
|
2298
|
+
# action to see what tags are associated with your CA.
|
2235
2299
|
#
|
2236
2300
|
#
|
2237
2301
|
#
|
@@ -2334,13 +2398,13 @@ module Aws::ACMPCA
|
|
2334
2398
|
# <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
|
2335
2399
|
# bucket that you specify. If the IAM principal making the call does not
|
2336
2400
|
# have permission to write to the bucket, then an exception is thrown.
|
2337
|
-
# For more information, see [
|
2401
|
+
# For more information, see [Access policies for CRLs in Amazon S3][1].
|
2338
2402
|
#
|
2339
2403
|
# </note>
|
2340
2404
|
#
|
2341
2405
|
#
|
2342
2406
|
#
|
2343
|
-
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
2407
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
|
2344
2408
|
#
|
2345
2409
|
# @option params [required, String] :certificate_authority_arn
|
2346
2410
|
# Amazon Resource Name (ARN) of the private CA that issued the
|
@@ -2408,7 +2472,7 @@ module Aws::ACMPCA
|
|
2408
2472
|
params: params,
|
2409
2473
|
config: config)
|
2410
2474
|
context[:gem_name] = 'aws-sdk-acmpca'
|
2411
|
-
context[:gem_version] = '1.
|
2475
|
+
context[:gem_version] = '1.49.0'
|
2412
2476
|
Seahorse::Client::Request.new(handlers, context)
|
2413
2477
|
end
|
2414
2478
|
|
@@ -28,6 +28,7 @@ module Aws::ACMPCA
|
|
28
28
|
AuditReportId = Shapes::StringShape.new(name: 'AuditReportId')
|
29
29
|
AuditReportResponseFormat = Shapes::StringShape.new(name: 'AuditReportResponseFormat')
|
30
30
|
AuditReportStatus = Shapes::StringShape.new(name: 'AuditReportStatus')
|
31
|
+
Base64String1To4096 = Shapes::StringShape.new(name: 'Base64String1To4096')
|
31
32
|
Boolean = Shapes::BooleanShape.new(name: 'Boolean')
|
32
33
|
CertificateAuthorities = Shapes::ListShape.new(name: 'CertificateAuthorities')
|
33
34
|
CertificateAuthority = Shapes::StructureShape.new(name: 'CertificateAuthority')
|
@@ -51,6 +52,10 @@ module Aws::ACMPCA
|
|
51
52
|
CsrBlob = Shapes::BlobShape.new(name: 'CsrBlob')
|
52
53
|
CsrBody = Shapes::StringShape.new(name: 'CsrBody')
|
53
54
|
CsrExtensions = Shapes::StructureShape.new(name: 'CsrExtensions')
|
55
|
+
CustomAttribute = Shapes::StructureShape.new(name: 'CustomAttribute')
|
56
|
+
CustomAttributeList = Shapes::ListShape.new(name: 'CustomAttributeList')
|
57
|
+
CustomExtension = Shapes::StructureShape.new(name: 'CustomExtension')
|
58
|
+
CustomExtensionList = Shapes::ListShape.new(name: 'CustomExtensionList')
|
54
59
|
CustomObjectIdentifier = Shapes::StringShape.new(name: 'CustomObjectIdentifier')
|
55
60
|
DeleteCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DeleteCertificateAuthorityRequest')
|
56
61
|
DeletePermissionRequest = Shapes::StructureShape.new(name: 'DeletePermissionRequest')
|
@@ -132,6 +137,7 @@ module Aws::ACMPCA
|
|
132
137
|
String = Shapes::StringShape.new(name: 'String')
|
133
138
|
String128 = Shapes::StringShape.new(name: 'String128')
|
134
139
|
String16 = Shapes::StringShape.new(name: 'String16')
|
140
|
+
String1To256 = Shapes::StringShape.new(name: 'String1To256')
|
135
141
|
String253 = Shapes::StringShape.new(name: 'String253')
|
136
142
|
String256 = Shapes::StringShape.new(name: 'String256')
|
137
143
|
String3 = Shapes::StringShape.new(name: 'String3')
|
@@ -166,6 +172,7 @@ module Aws::ACMPCA
|
|
166
172
|
ASN1Subject.add_member(:initials, Shapes::ShapeRef.new(shape: String5, location_name: "Initials"))
|
167
173
|
ASN1Subject.add_member(:pseudonym, Shapes::ShapeRef.new(shape: String128, location_name: "Pseudonym"))
|
168
174
|
ASN1Subject.add_member(:generation_qualifier, Shapes::ShapeRef.new(shape: String3, location_name: "GenerationQualifier"))
|
175
|
+
ASN1Subject.add_member(:custom_attributes, Shapes::ShapeRef.new(shape: CustomAttributeList, location_name: "CustomAttributes"))
|
169
176
|
ASN1Subject.struct_class = Types::ASN1Subject
|
170
177
|
|
171
178
|
AccessDescription.add_member(:access_method, Shapes::ShapeRef.new(shape: AccessMethod, required: true, location_name: "AccessMethod"))
|
@@ -253,6 +260,19 @@ module Aws::ACMPCA
|
|
253
260
|
CsrExtensions.add_member(:subject_information_access, Shapes::ShapeRef.new(shape: AccessDescriptionList, location_name: "SubjectInformationAccess"))
|
254
261
|
CsrExtensions.struct_class = Types::CsrExtensions
|
255
262
|
|
263
|
+
CustomAttribute.add_member(:object_identifier, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "ObjectIdentifier"))
|
264
|
+
CustomAttribute.add_member(:value, Shapes::ShapeRef.new(shape: String1To256, required: true, location_name: "Value"))
|
265
|
+
CustomAttribute.struct_class = Types::CustomAttribute
|
266
|
+
|
267
|
+
CustomAttributeList.member = Shapes::ShapeRef.new(shape: CustomAttribute)
|
268
|
+
|
269
|
+
CustomExtension.add_member(:object_identifier, Shapes::ShapeRef.new(shape: CustomObjectIdentifier, required: true, location_name: "ObjectIdentifier"))
|
270
|
+
CustomExtension.add_member(:value, Shapes::ShapeRef.new(shape: Base64String1To4096, required: true, location_name: "Value"))
|
271
|
+
CustomExtension.add_member(:critical, Shapes::ShapeRef.new(shape: Boolean, location_name: "Critical", metadata: {"box"=>true}))
|
272
|
+
CustomExtension.struct_class = Types::CustomExtension
|
273
|
+
|
274
|
+
CustomExtensionList.member = Shapes::ShapeRef.new(shape: CustomExtension)
|
275
|
+
|
256
276
|
DeleteCertificateAuthorityRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
|
257
277
|
DeleteCertificateAuthorityRequest.add_member(:permanent_deletion_time_in_days, Shapes::ShapeRef.new(shape: PermanentDeletionTimeInDays, location_name: "PermanentDeletionTimeInDays"))
|
258
278
|
DeleteCertificateAuthorityRequest.struct_class = Types::DeleteCertificateAuthorityRequest
|
@@ -295,6 +315,7 @@ module Aws::ACMPCA
|
|
295
315
|
Extensions.add_member(:extended_key_usage, Shapes::ShapeRef.new(shape: ExtendedKeyUsageList, location_name: "ExtendedKeyUsage"))
|
296
316
|
Extensions.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsage, location_name: "KeyUsage"))
|
297
317
|
Extensions.add_member(:subject_alternative_names, Shapes::ShapeRef.new(shape: GeneralNameList, location_name: "SubjectAlternativeNames"))
|
318
|
+
Extensions.add_member(:custom_extensions, Shapes::ShapeRef.new(shape: CustomExtensionList, location_name: "CustomExtensions"))
|
298
319
|
Extensions.struct_class = Types::Extensions
|
299
320
|
|
300
321
|
GeneralName.add_member(:other_name, Shapes::ShapeRef.new(shape: OtherName, location_name: "OtherName"))
|
data/lib/aws-sdk-acmpca/types.rb
CHANGED
@@ -35,6 +35,12 @@ module Aws::ACMPCA
|
|
35
35
|
# initials: "String5",
|
36
36
|
# pseudonym: "String128",
|
37
37
|
# generation_qualifier: "String3",
|
38
|
+
# custom_attributes: [
|
39
|
+
# {
|
40
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
41
|
+
# value: "String1To256", # required
|
42
|
+
# },
|
43
|
+
# ],
|
38
44
|
# }
|
39
45
|
#
|
40
46
|
# @!attribute [rw] country
|
@@ -110,6 +116,22 @@ module Aws::ACMPCA
|
|
110
116
|
# Examples include Jr. for junior, Sr. for senior, and III for third.
|
111
117
|
# @return [String]
|
112
118
|
#
|
119
|
+
# @!attribute [rw] custom_attributes
|
120
|
+
# Contains a sequence of one or more X.500 relative distinguished
|
121
|
+
# names (RDNs), each of which consists of an object identifier (OID)
|
122
|
+
# and a value. For more information, see NIST’s definition of [Object
|
123
|
+
# Identifier (OID)][1].
|
124
|
+
#
|
125
|
+
# <note markdown="1"> Custom attributes cannot be used in combination with standard
|
126
|
+
# attributes.
|
127
|
+
#
|
128
|
+
# </note>
|
129
|
+
#
|
130
|
+
#
|
131
|
+
#
|
132
|
+
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
133
|
+
# @return [Array<Types::CustomAttribute>]
|
134
|
+
#
|
113
135
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ASN1Subject AWS API Documentation
|
114
136
|
#
|
115
137
|
class ASN1Subject < Struct.new(
|
@@ -126,7 +148,8 @@ module Aws::ACMPCA
|
|
126
148
|
:given_name,
|
127
149
|
:initials,
|
128
150
|
:pseudonym,
|
129
|
-
:generation_qualifier
|
151
|
+
:generation_qualifier,
|
152
|
+
:custom_attributes)
|
130
153
|
SENSITIVE = []
|
131
154
|
include Aws::Structure
|
132
155
|
end
|
@@ -136,7 +159,7 @@ module Aws::ACMPCA
|
|
136
159
|
#
|
137
160
|
#
|
138
161
|
#
|
139
|
-
# [1]: https://
|
162
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280
|
140
163
|
#
|
141
164
|
# @note When making an API call, you may pass AccessDescription
|
142
165
|
# data as a hash:
|
@@ -168,6 +191,12 @@ module Aws::ACMPCA
|
|
168
191
|
# initials: "String5",
|
169
192
|
# pseudonym: "String128",
|
170
193
|
# generation_qualifier: "String3",
|
194
|
+
# custom_attributes: [
|
195
|
+
# {
|
196
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
197
|
+
# value: "String1To256", # required
|
198
|
+
# },
|
199
|
+
# ],
|
171
200
|
# },
|
172
201
|
# edi_party_name: {
|
173
202
|
# party_name: "String256", # required
|
@@ -301,6 +330,12 @@ module Aws::ACMPCA
|
|
301
330
|
# initials: "String5",
|
302
331
|
# pseudonym: "String128",
|
303
332
|
# generation_qualifier: "String3",
|
333
|
+
# custom_attributes: [
|
334
|
+
# {
|
335
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
336
|
+
# value: "String1To256", # required
|
337
|
+
# },
|
338
|
+
# ],
|
304
339
|
# },
|
305
340
|
# edi_party_name: {
|
306
341
|
# party_name: "String256", # required
|
@@ -311,6 +346,13 @@ module Aws::ACMPCA
|
|
311
346
|
# registered_id: "CustomObjectIdentifier",
|
312
347
|
# },
|
313
348
|
# ],
|
349
|
+
# custom_extensions: [
|
350
|
+
# {
|
351
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
352
|
+
# value: "Base64String1To4096", # required
|
353
|
+
# critical: false,
|
354
|
+
# },
|
355
|
+
# ],
|
314
356
|
# },
|
315
357
|
# subject: {
|
316
358
|
# country: "CountryCodeString",
|
@@ -327,6 +369,12 @@ module Aws::ACMPCA
|
|
327
369
|
# initials: "String5",
|
328
370
|
# pseudonym: "String128",
|
329
371
|
# generation_qualifier: "String3",
|
372
|
+
# custom_attributes: [
|
373
|
+
# {
|
374
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
375
|
+
# value: "String1To256", # required
|
376
|
+
# },
|
377
|
+
# ],
|
330
378
|
# },
|
331
379
|
# }
|
332
380
|
#
|
@@ -363,7 +411,7 @@ module Aws::ACMPCA
|
|
363
411
|
# retrieve a private CA certificate signing request (CSR). Sign the CSR
|
364
412
|
# with your ACM Private CA-hosted or on-premises root or subordinate CA
|
365
413
|
# certificate. Call the [ImportCertificateAuthorityCertificate][3]
|
366
|
-
# action to import the signed certificate into
|
414
|
+
# action to import the signed certificate into Certificate Manager
|
367
415
|
# (ACM).
|
368
416
|
#
|
369
417
|
#
|
@@ -378,7 +426,8 @@ module Aws::ACMPCA
|
|
378
426
|
# @return [String]
|
379
427
|
#
|
380
428
|
# @!attribute [rw] owner_account
|
381
|
-
# The
|
429
|
+
# The Amazon Web Services account ID that owns the certificate
|
430
|
+
# authority.
|
382
431
|
# @return [String]
|
383
432
|
#
|
384
433
|
# @!attribute [rw] created_at
|
@@ -439,7 +488,7 @@ module Aws::ACMPCA
|
|
439
488
|
#
|
440
489
|
# Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
|
441
490
|
#
|
442
|
-
# Note:
|
491
|
+
# Note: Amazon Web Services Region ap-northeast-3 supports only
|
443
492
|
# FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
|
444
493
|
# parameter and value when creating a CA in that Region. Specifying a
|
445
494
|
# different value (or no value) results in an `InvalidArgsException`
|
@@ -501,6 +550,12 @@ module Aws::ACMPCA
|
|
501
550
|
# initials: "String5",
|
502
551
|
# pseudonym: "String128",
|
503
552
|
# generation_qualifier: "String3",
|
553
|
+
# custom_attributes: [
|
554
|
+
# {
|
555
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
556
|
+
# value: "String1To256", # required
|
557
|
+
# },
|
558
|
+
# ],
|
504
559
|
# },
|
505
560
|
# csr_extensions: {
|
506
561
|
# key_usage: {
|
@@ -542,6 +597,12 @@ module Aws::ACMPCA
|
|
542
597
|
# initials: "String5",
|
543
598
|
# pseudonym: "String128",
|
544
599
|
# generation_qualifier: "String3",
|
600
|
+
# custom_attributes: [
|
601
|
+
# {
|
602
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
603
|
+
# value: "String1To256", # required
|
604
|
+
# },
|
605
|
+
# ],
|
545
606
|
# },
|
546
607
|
# edi_party_name: {
|
547
608
|
# party_name: "String256", # required
|
@@ -695,6 +756,12 @@ module Aws::ACMPCA
|
|
695
756
|
# initials: "String5",
|
696
757
|
# pseudonym: "String128",
|
697
758
|
# generation_qualifier: "String3",
|
759
|
+
# custom_attributes: [
|
760
|
+
# {
|
761
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
762
|
+
# value: "String1To256", # required
|
763
|
+
# },
|
764
|
+
# ],
|
698
765
|
# },
|
699
766
|
# csr_extensions: {
|
700
767
|
# key_usage: {
|
@@ -736,6 +803,12 @@ module Aws::ACMPCA
|
|
736
803
|
# initials: "String5",
|
737
804
|
# pseudonym: "String128",
|
738
805
|
# generation_qualifier: "String3",
|
806
|
+
# custom_attributes: [
|
807
|
+
# {
|
808
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
809
|
+
# value: "String1To256", # required
|
810
|
+
# },
|
811
|
+
# ],
|
739
812
|
# },
|
740
813
|
# edi_party_name: {
|
741
814
|
# party_name: "String256", # required
|
@@ -814,9 +887,15 @@ module Aws::ACMPCA
|
|
814
887
|
#
|
815
888
|
# Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
|
816
889
|
#
|
817
|
-
# Note
|
818
|
-
#
|
819
|
-
#
|
890
|
+
# *Note:* `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in the
|
891
|
+
# following Regions:
|
892
|
+
#
|
893
|
+
# * ap-northeast-3
|
894
|
+
#
|
895
|
+
# * ap-southeast-3
|
896
|
+
#
|
897
|
+
# When creating a CA in these Regions, you must provide
|
898
|
+
# `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for
|
820
899
|
# `KeyStorageSecurityStandard`. Failure to do this results in an
|
821
900
|
# `InvalidArgsException` with the message, "A certificate authority
|
822
901
|
# cannot be created in this region with the specified security
|
@@ -888,8 +967,9 @@ module Aws::ACMPCA
|
|
888
967
|
# @return [String]
|
889
968
|
#
|
890
969
|
# @!attribute [rw] principal
|
891
|
-
# The
|
892
|
-
# time, the only valid principal is
|
970
|
+
# The Amazon Web Services service or identity that receives the
|
971
|
+
# permission. At this time, the only valid principal is
|
972
|
+
# `acm.amazonaws.com`.
|
893
973
|
# @return [String]
|
894
974
|
#
|
895
975
|
# @!attribute [rw] source_account
|
@@ -897,8 +977,9 @@ module Aws::ACMPCA
|
|
897
977
|
# @return [String]
|
898
978
|
#
|
899
979
|
# @!attribute [rw] actions
|
900
|
-
# The actions that the specified
|
901
|
-
# include `IssueCertificate`, `GetCertificate`, and
|
980
|
+
# The actions that the specified Amazon Web Services service principal
|
981
|
+
# can use. These include `IssueCertificate`, `GetCertificate`, and
|
982
|
+
# `ListPermissions`.
|
902
983
|
# @return [Array<String>]
|
903
984
|
#
|
904
985
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermissionRequest AWS API Documentation
|
@@ -928,10 +1009,10 @@ module Aws::ACMPCA
|
|
928
1009
|
#
|
929
1010
|
# Your private CA uses the value in the **ExpirationInDays** parameter
|
930
1011
|
# to calculate the **nextUpdate** field in the CRL. The CRL is refreshed
|
931
|
-
#
|
932
|
-
# certificate is revoked, it
|
933
|
-
#
|
934
|
-
#
|
1012
|
+
# prior to a certificate's expiration date or when a certificate is
|
1013
|
+
# revoked. When a certificate is revoked, it appears in the CRL until
|
1014
|
+
# the certificate expires, and then in one additional CRL after
|
1015
|
+
# expiration, and it always appears in the audit report.
|
935
1016
|
#
|
936
1017
|
# A CRL is typically updated approximately 30 minutes after a
|
937
1018
|
# certificate is revoked. If for any reason a CRL update fails, ACM
|
@@ -985,8 +1066,8 @@ module Aws::ACMPCA
|
|
985
1066
|
# `openssl crl -inform DER -text -in crl_path -noout`
|
986
1067
|
#
|
987
1068
|
# For more information, see [Planning a certificate revocation list
|
988
|
-
# (CRL)][2] in the *
|
989
|
-
#
|
1069
|
+
# (CRL)][2] in the *Certificate Manager Private Certificate Authority
|
1070
|
+
# (PCA) User Guide*
|
990
1071
|
#
|
991
1072
|
#
|
992
1073
|
#
|
@@ -1127,6 +1208,12 @@ module Aws::ACMPCA
|
|
1127
1208
|
# initials: "String5",
|
1128
1209
|
# pseudonym: "String128",
|
1129
1210
|
# generation_qualifier: "String3",
|
1211
|
+
# custom_attributes: [
|
1212
|
+
# {
|
1213
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1214
|
+
# value: "String1To256", # required
|
1215
|
+
# },
|
1216
|
+
# ],
|
1130
1217
|
# },
|
1131
1218
|
# edi_party_name: {
|
1132
1219
|
# party_name: "String256", # required
|
@@ -1152,7 +1239,7 @@ module Aws::ACMPCA
|
|
1152
1239
|
#
|
1153
1240
|
#
|
1154
1241
|
#
|
1155
|
-
# [1]: https://
|
1242
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2
|
1156
1243
|
# @return [Array<Types::AccessDescription>]
|
1157
1244
|
#
|
1158
1245
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CsrExtensions AWS API Documentation
|
@@ -1164,6 +1251,79 @@ module Aws::ACMPCA
|
|
1164
1251
|
include Aws::Structure
|
1165
1252
|
end
|
1166
1253
|
|
1254
|
+
# Defines the X.500 relative distinguished name (RDN).
|
1255
|
+
#
|
1256
|
+
# @note When making an API call, you may pass CustomAttribute
|
1257
|
+
# data as a hash:
|
1258
|
+
#
|
1259
|
+
# {
|
1260
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1261
|
+
# value: "String1To256", # required
|
1262
|
+
# }
|
1263
|
+
#
|
1264
|
+
# @!attribute [rw] object_identifier
|
1265
|
+
# Specifies the object identifier (OID) of the attribute type of the
|
1266
|
+
# relative distinguished name (RDN).
|
1267
|
+
# @return [String]
|
1268
|
+
#
|
1269
|
+
# @!attribute [rw] value
|
1270
|
+
# Specifies the attribute value of relative distinguished name (RDN).
|
1271
|
+
# @return [String]
|
1272
|
+
#
|
1273
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CustomAttribute AWS API Documentation
|
1274
|
+
#
|
1275
|
+
class CustomAttribute < Struct.new(
|
1276
|
+
:object_identifier,
|
1277
|
+
:value)
|
1278
|
+
SENSITIVE = []
|
1279
|
+
include Aws::Structure
|
1280
|
+
end
|
1281
|
+
|
1282
|
+
# Specifies the X.509 extension information for a certificate.
|
1283
|
+
#
|
1284
|
+
# Extensions present in `CustomExtensions` follow the `ApiPassthrough`
|
1285
|
+
# [template rules][1].
|
1286
|
+
#
|
1287
|
+
#
|
1288
|
+
#
|
1289
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
|
1290
|
+
#
|
1291
|
+
# @note When making an API call, you may pass CustomExtension
|
1292
|
+
# data as a hash:
|
1293
|
+
#
|
1294
|
+
# {
|
1295
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1296
|
+
# value: "Base64String1To4096", # required
|
1297
|
+
# critical: false,
|
1298
|
+
# }
|
1299
|
+
#
|
1300
|
+
# @!attribute [rw] object_identifier
|
1301
|
+
# Specifies the object identifier (OID) of the X.509 extension. For
|
1302
|
+
# more information, see the [Global OID reference database.][1]
|
1303
|
+
#
|
1304
|
+
#
|
1305
|
+
#
|
1306
|
+
# [1]: https://oidref.com/2.5.29
|
1307
|
+
# @return [String]
|
1308
|
+
#
|
1309
|
+
# @!attribute [rw] value
|
1310
|
+
# Specifies the base64-encoded value of the X.509 extension.
|
1311
|
+
# @return [String]
|
1312
|
+
#
|
1313
|
+
# @!attribute [rw] critical
|
1314
|
+
# Specifies the critical flag of the X.509 extension.
|
1315
|
+
# @return [Boolean]
|
1316
|
+
#
|
1317
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CustomExtension AWS API Documentation
|
1318
|
+
#
|
1319
|
+
class CustomExtension < Struct.new(
|
1320
|
+
:object_identifier,
|
1321
|
+
:value,
|
1322
|
+
:critical)
|
1323
|
+
SENSITIVE = []
|
1324
|
+
include Aws::Structure
|
1325
|
+
end
|
1326
|
+
|
1167
1327
|
# @note When making an API call, you may pass DeleteCertificateAuthorityRequest
|
1168
1328
|
# data as a hash:
|
1169
1329
|
#
|
@@ -1223,13 +1383,13 @@ module Aws::ACMPCA
|
|
1223
1383
|
# @return [String]
|
1224
1384
|
#
|
1225
1385
|
# @!attribute [rw] principal
|
1226
|
-
# The
|
1227
|
-
# revoked. At this time, the only valid service principal
|
1228
|
-
# `acm.amazonaws.com`
|
1386
|
+
# The Amazon Web Services service or identity that will have its CA
|
1387
|
+
# permissions revoked. At this time, the only valid service principal
|
1388
|
+
# is `acm.amazonaws.com`
|
1229
1389
|
# @return [String]
|
1230
1390
|
#
|
1231
1391
|
# @!attribute [rw] source_account
|
1232
|
-
# The
|
1392
|
+
# The Amazon Web Services account that calls this action.
|
1233
1393
|
# @return [String]
|
1234
1394
|
#
|
1235
1395
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermissionRequest AWS API Documentation
|
@@ -1381,7 +1541,7 @@ module Aws::ACMPCA
|
|
1381
1541
|
#
|
1382
1542
|
#
|
1383
1543
|
#
|
1384
|
-
# [1]: https://
|
1544
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280
|
1385
1545
|
#
|
1386
1546
|
# @note When making an API call, you may pass EdiPartyName
|
1387
1547
|
# data as a hash:
|
@@ -1426,7 +1586,7 @@ module Aws::ACMPCA
|
|
1426
1586
|
#
|
1427
1587
|
#
|
1428
1588
|
#
|
1429
|
-
# [1]: https://
|
1589
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12
|
1430
1590
|
# @return [String]
|
1431
1591
|
#
|
1432
1592
|
# @!attribute [rw] extended_key_usage_object_identifier
|
@@ -1502,6 +1662,12 @@ module Aws::ACMPCA
|
|
1502
1662
|
# initials: "String5",
|
1503
1663
|
# pseudonym: "String128",
|
1504
1664
|
# generation_qualifier: "String3",
|
1665
|
+
# custom_attributes: [
|
1666
|
+
# {
|
1667
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1668
|
+
# value: "String1To256", # required
|
1669
|
+
# },
|
1670
|
+
# ],
|
1505
1671
|
# },
|
1506
1672
|
# edi_party_name: {
|
1507
1673
|
# party_name: "String256", # required
|
@@ -1512,6 +1678,13 @@ module Aws::ACMPCA
|
|
1512
1678
|
# registered_id: "CustomObjectIdentifier",
|
1513
1679
|
# },
|
1514
1680
|
# ],
|
1681
|
+
# custom_extensions: [
|
1682
|
+
# {
|
1683
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1684
|
+
# value: "Base64String1To4096", # required
|
1685
|
+
# critical: false,
|
1686
|
+
# },
|
1687
|
+
# ],
|
1515
1688
|
# }
|
1516
1689
|
#
|
1517
1690
|
# @!attribute [rw] certificate_policies
|
@@ -1548,13 +1721,25 @@ module Aws::ACMPCA
|
|
1548
1721
|
# the certificate.
|
1549
1722
|
# @return [Array<Types::GeneralName>]
|
1550
1723
|
#
|
1724
|
+
# @!attribute [rw] custom_extensions
|
1725
|
+
# Contains a sequence of one or more X.509 extensions, each of which
|
1726
|
+
# consists of an object identifier (OID), a base64-encoded value, and
|
1727
|
+
# the critical flag. For more information, see the [Global OID
|
1728
|
+
# reference database.][1]
|
1729
|
+
#
|
1730
|
+
#
|
1731
|
+
#
|
1732
|
+
# [1]: https://oidref.com/2.5.29
|
1733
|
+
# @return [Array<Types::CustomExtension>]
|
1734
|
+
#
|
1551
1735
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Extensions AWS API Documentation
|
1552
1736
|
#
|
1553
1737
|
class Extensions < Struct.new(
|
1554
1738
|
:certificate_policies,
|
1555
1739
|
:extended_key_usage,
|
1556
1740
|
:key_usage,
|
1557
|
-
:subject_alternative_names
|
1741
|
+
:subject_alternative_names,
|
1742
|
+
:custom_extensions)
|
1558
1743
|
SENSITIVE = []
|
1559
1744
|
include Aws::Structure
|
1560
1745
|
end
|
@@ -1565,7 +1750,7 @@ module Aws::ACMPCA
|
|
1565
1750
|
#
|
1566
1751
|
#
|
1567
1752
|
#
|
1568
|
-
# [1]: https://
|
1753
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280
|
1569
1754
|
#
|
1570
1755
|
# @note When making an API call, you may pass GeneralName
|
1571
1756
|
# data as a hash:
|
@@ -1592,6 +1777,12 @@ module Aws::ACMPCA
|
|
1592
1777
|
# initials: "String5",
|
1593
1778
|
# pseudonym: "String128",
|
1594
1779
|
# generation_qualifier: "String3",
|
1780
|
+
# custom_attributes: [
|
1781
|
+
# {
|
1782
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1783
|
+
# value: "String1To256", # required
|
1784
|
+
# },
|
1785
|
+
# ],
|
1595
1786
|
# },
|
1596
1787
|
# edi_party_name: {
|
1597
1788
|
# party_name: "String256", # required
|
@@ -1611,7 +1802,7 @@ module Aws::ACMPCA
|
|
1611
1802
|
#
|
1612
1803
|
#
|
1613
1804
|
#
|
1614
|
-
# [1]: https://
|
1805
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc822
|
1615
1806
|
# @return [String]
|
1616
1807
|
#
|
1617
1808
|
# @!attribute [rw] dns_name
|
@@ -2043,6 +2234,12 @@ module Aws::ACMPCA
|
|
2043
2234
|
# initials: "String5",
|
2044
2235
|
# pseudonym: "String128",
|
2045
2236
|
# generation_qualifier: "String3",
|
2237
|
+
# custom_attributes: [
|
2238
|
+
# {
|
2239
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
2240
|
+
# value: "String1To256", # required
|
2241
|
+
# },
|
2242
|
+
# ],
|
2046
2243
|
# },
|
2047
2244
|
# edi_party_name: {
|
2048
2245
|
# party_name: "String256", # required
|
@@ -2053,6 +2250,13 @@ module Aws::ACMPCA
|
|
2053
2250
|
# registered_id: "CustomObjectIdentifier",
|
2054
2251
|
# },
|
2055
2252
|
# ],
|
2253
|
+
# custom_extensions: [
|
2254
|
+
# {
|
2255
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
2256
|
+
# value: "Base64String1To4096", # required
|
2257
|
+
# critical: false,
|
2258
|
+
# },
|
2259
|
+
# ],
|
2056
2260
|
# },
|
2057
2261
|
# subject: {
|
2058
2262
|
# country: "CountryCodeString",
|
@@ -2069,6 +2273,12 @@ module Aws::ACMPCA
|
|
2069
2273
|
# initials: "String5",
|
2070
2274
|
# pseudonym: "String128",
|
2071
2275
|
# generation_qualifier: "String3",
|
2276
|
+
# custom_attributes: [
|
2277
|
+
# {
|
2278
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
2279
|
+
# value: "String1To256", # required
|
2280
|
+
# },
|
2281
|
+
# ],
|
2072
2282
|
# },
|
2073
2283
|
# },
|
2074
2284
|
# certificate_authority_arn: "Arn", # required
|
@@ -2128,7 +2338,7 @@ module Aws::ACMPCA
|
|
2128
2338
|
# contains your X509 version 3 extensions.
|
2129
2339
|
#
|
2130
2340
|
# `openssl req -new -config openssl_rsa.cnf -extensions usr_cert
|
2131
|
-
# -newkey rsa:2048 -days
|
2341
|
+
# -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem
|
2132
2342
|
# -out csr/test_cert_.csr`
|
2133
2343
|
#
|
2134
2344
|
# Note: A CSR must provide either a *subject name* or a *subject
|
@@ -2142,6 +2352,11 @@ module Aws::ACMPCA
|
|
2142
2352
|
# This parameter should not be confused with the `SigningAlgorithm`
|
2143
2353
|
# parameter used to sign a CSR in the `CreateCertificateAuthority`
|
2144
2354
|
# action.
|
2355
|
+
#
|
2356
|
+
# <note markdown="1"> The specified signing algorithm family (RSA or ECDSA) much match the
|
2357
|
+
# algorithm family of the CA's secret key.
|
2358
|
+
#
|
2359
|
+
# </note>
|
2145
2360
|
# @return [String]
|
2146
2361
|
#
|
2147
2362
|
# @!attribute [rw] template_arn
|
@@ -2185,7 +2400,7 @@ module Aws::ACMPCA
|
|
2185
2400
|
#
|
2186
2401
|
#
|
2187
2402
|
#
|
2188
|
-
# [1]: https://
|
2403
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
|
2189
2404
|
# @return [Types::Validity]
|
2190
2405
|
#
|
2191
2406
|
# @!attribute [rw] validity_not_before
|
@@ -2210,7 +2425,7 @@ module Aws::ACMPCA
|
|
2210
2425
|
#
|
2211
2426
|
#
|
2212
2427
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
|
2213
|
-
# [2]: https://
|
2428
|
+
# [2]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
|
2214
2429
|
# @return [Types::Validity]
|
2215
2430
|
#
|
2216
2431
|
# @!attribute [rw] idempotency_token
|
@@ -2588,17 +2803,17 @@ module Aws::ACMPCA
|
|
2588
2803
|
# @return [Boolean]
|
2589
2804
|
#
|
2590
2805
|
# @!attribute [rw] ocsp_custom_cname
|
2591
|
-
# By default, ACM Private CA injects an
|
2592
|
-
# being validated by the Online Certificate Status
|
2593
|
-
# customer can alternatively use this object to
|
2594
|
-
# specifying a customized OCSP domain.
|
2806
|
+
# By default, ACM Private CA injects an Amazon Web Services domain
|
2807
|
+
# into certificates being validated by the Online Certificate Status
|
2808
|
+
# Protocol (OCSP). A customer can alternatively use this object to
|
2809
|
+
# define a CNAME specifying a customized OCSP domain.
|
2595
2810
|
#
|
2596
2811
|
# Note: The value of the CNAME must not include a protocol prefix such
|
2597
2812
|
# as "http://" or "https://".
|
2598
2813
|
#
|
2599
2814
|
# For more information, see [Customizing Online Certificate Status
|
2600
|
-
# Protocol (OCSP) ][1] in the *
|
2601
|
-
#
|
2815
|
+
# Protocol (OCSP) ][1] in the *Certificate Manager Private Certificate
|
2816
|
+
# Authority (PCA) User Guide*.
|
2602
2817
|
#
|
2603
2818
|
#
|
2604
2819
|
#
|
@@ -2649,12 +2864,13 @@ module Aws::ACMPCA
|
|
2649
2864
|
end
|
2650
2865
|
|
2651
2866
|
# Permissions designate which private CA actions can be performed by an
|
2652
|
-
#
|
2653
|
-
# certificates, you must give the ACM
|
2654
|
-
# permissions (`IssueCertificate`,
|
2655
|
-
# `ListPermissions`). Permissions can be assigned
|
2656
|
-
# [CreatePermission][1] action, removed with the
|
2657
|
-
# action, and listed with the [ListPermissions][3]
|
2867
|
+
# Amazon Web Services service or entity. In order for ACM to
|
2868
|
+
# automatically renew private certificates, you must give the ACM
|
2869
|
+
# service principal all available permissions (`IssueCertificate`,
|
2870
|
+
# `GetCertificate`, and `ListPermissions`). Permissions can be assigned
|
2871
|
+
# with the [CreatePermission][1] action, removed with the
|
2872
|
+
# [DeletePermission][2] action, and listed with the [ListPermissions][3]
|
2873
|
+
# action.
|
2658
2874
|
#
|
2659
2875
|
#
|
2660
2876
|
#
|
@@ -2672,8 +2888,8 @@ module Aws::ACMPCA
|
|
2672
2888
|
# @return [Time]
|
2673
2889
|
#
|
2674
2890
|
# @!attribute [rw] principal
|
2675
|
-
# The
|
2676
|
-
# the only valid principal is `acm.amazonaws.com`.
|
2891
|
+
# The Amazon Web Services service or entity that holds the permission.
|
2892
|
+
# At this time, the only valid principal is `acm.amazonaws.com`.
|
2677
2893
|
# @return [String]
|
2678
2894
|
#
|
2679
2895
|
# @!attribute [rw] source_account
|
@@ -2681,8 +2897,8 @@ module Aws::ACMPCA
|
|
2681
2897
|
# @return [String]
|
2682
2898
|
#
|
2683
2899
|
# @!attribute [rw] actions
|
2684
|
-
# The private CA actions that can be performed by the designated
|
2685
|
-
# service.
|
2900
|
+
# The private CA actions that can be performed by the designated
|
2901
|
+
# Amazon Web Services service.
|
2686
2902
|
# @return [Array<String>]
|
2687
2903
|
#
|
2688
2904
|
# @!attribute [rw] policy
|
@@ -2836,7 +3052,7 @@ module Aws::ACMPCA
|
|
2836
3052
|
#
|
2837
3053
|
#
|
2838
3054
|
#
|
2839
|
-
# [1]: https://
|
3055
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
|
2840
3056
|
#
|
2841
3057
|
# @note When making an API call, you may pass Qualifier
|
2842
3058
|
# data as a hash:
|
@@ -2946,8 +3162,8 @@ module Aws::ACMPCA
|
|
2946
3162
|
# about certificates as requested by clients, and a CRL contains an
|
2947
3163
|
# updated list of certificates revoked by your CA. For more information,
|
2948
3164
|
# see [RevokeCertificate][3] and [Setting up a certificate revocation
|
2949
|
-
# method][4] in the *
|
2950
|
-
#
|
3165
|
+
# method][4] in the *Certificate Manager Private Certificate Authority
|
3166
|
+
# (PCA) User Guide*.
|
2951
3167
|
#
|
2952
3168
|
#
|
2953
3169
|
#
|
@@ -3026,7 +3242,7 @@ module Aws::ACMPCA
|
|
3026
3242
|
# `openssl x509 -in file_path -text -noout`
|
3027
3243
|
#
|
3028
3244
|
# You can also copy the serial number from the console or use the
|
3029
|
-
# [DescribeCertificate][2] action in the *
|
3245
|
+
# [DescribeCertificate][2] action in the *Certificate Manager API
|
3030
3246
|
# Reference*.
|
3031
3247
|
#
|
3032
3248
|
#
|
@@ -3247,7 +3463,7 @@ module Aws::ACMPCA
|
|
3247
3463
|
#
|
3248
3464
|
#
|
3249
3465
|
#
|
3250
|
-
# [1]: https://
|
3466
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
|
3251
3467
|
#
|
3252
3468
|
# @note When making an API call, you may pass Validity
|
3253
3469
|
# data as a hash:
|
data/lib/aws-sdk-acmpca.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-acmpca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.49.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-07-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|