aws-sdk-acmpca 1.51.0 → 1.53.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/VERSION +1 -1
- data/lib/aws-sdk-acmpca/client.rb +252 -190
- data/lib/aws-sdk-acmpca/client_api.rb +5 -4
- data/lib/aws-sdk-acmpca/endpoint_parameters.rb +3 -0
- data/lib/aws-sdk-acmpca/endpoint_provider.rb +38 -101
- data/lib/aws-sdk-acmpca/types.rb +202 -1159
- data/lib/aws-sdk-acmpca.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-acmpca/types.rb
CHANGED
@@ -17,32 +17,6 @@ module Aws::ACMPCA
|
|
17
17
|
# name (DN). A DN is a sequence of relative distinguished names (RDNs).
|
18
18
|
# The RDNs are separated by commas in the certificate.
|
19
19
|
#
|
20
|
-
# @note When making an API call, you may pass ASN1Subject
|
21
|
-
# data as a hash:
|
22
|
-
#
|
23
|
-
# {
|
24
|
-
# country: "CountryCodeString",
|
25
|
-
# organization: "String64",
|
26
|
-
# organizational_unit: "String64",
|
27
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
28
|
-
# state: "String128",
|
29
|
-
# common_name: "String64",
|
30
|
-
# serial_number: "ASN1PrintableString64",
|
31
|
-
# locality: "String128",
|
32
|
-
# title: "String64",
|
33
|
-
# surname: "String40",
|
34
|
-
# given_name: "String16",
|
35
|
-
# initials: "String5",
|
36
|
-
# pseudonym: "String128",
|
37
|
-
# generation_qualifier: "String3",
|
38
|
-
# custom_attributes: [
|
39
|
-
# {
|
40
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
41
|
-
# value: "String1To256", # required
|
42
|
-
# },
|
43
|
-
# ],
|
44
|
-
# }
|
45
|
-
#
|
46
20
|
# @!attribute [rw] country
|
47
21
|
# Two-digit code that specifies the country in which the certificate
|
48
22
|
# subject located.
|
@@ -161,53 +135,6 @@ module Aws::ACMPCA
|
|
161
135
|
#
|
162
136
|
# [1]: https://datatracker.ietf.org/doc/html/rfc5280
|
163
137
|
#
|
164
|
-
# @note When making an API call, you may pass AccessDescription
|
165
|
-
# data as a hash:
|
166
|
-
#
|
167
|
-
# {
|
168
|
-
# access_method: { # required
|
169
|
-
# custom_object_identifier: "CustomObjectIdentifier",
|
170
|
-
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
171
|
-
# },
|
172
|
-
# access_location: { # required
|
173
|
-
# other_name: {
|
174
|
-
# type_id: "CustomObjectIdentifier", # required
|
175
|
-
# value: "String256", # required
|
176
|
-
# },
|
177
|
-
# rfc_822_name: "String256",
|
178
|
-
# dns_name: "String253",
|
179
|
-
# directory_name: {
|
180
|
-
# country: "CountryCodeString",
|
181
|
-
# organization: "String64",
|
182
|
-
# organizational_unit: "String64",
|
183
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
184
|
-
# state: "String128",
|
185
|
-
# common_name: "String64",
|
186
|
-
# serial_number: "ASN1PrintableString64",
|
187
|
-
# locality: "String128",
|
188
|
-
# title: "String64",
|
189
|
-
# surname: "String40",
|
190
|
-
# given_name: "String16",
|
191
|
-
# initials: "String5",
|
192
|
-
# pseudonym: "String128",
|
193
|
-
# generation_qualifier: "String3",
|
194
|
-
# custom_attributes: [
|
195
|
-
# {
|
196
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
197
|
-
# value: "String1To256", # required
|
198
|
-
# },
|
199
|
-
# ],
|
200
|
-
# },
|
201
|
-
# edi_party_name: {
|
202
|
-
# party_name: "String256", # required
|
203
|
-
# name_assigner: "String256",
|
204
|
-
# },
|
205
|
-
# uniform_resource_identifier: "String253",
|
206
|
-
# ip_address: "String39",
|
207
|
-
# registered_id: "CustomObjectIdentifier",
|
208
|
-
# },
|
209
|
-
# }
|
210
|
-
#
|
211
138
|
# @!attribute [rw] access_method
|
212
139
|
# The type and format of `AccessDescription` information.
|
213
140
|
# @return [Types::AccessMethod]
|
@@ -229,14 +156,6 @@ module Aws::ACMPCA
|
|
229
156
|
# `CustomObjectIdentifier` or `AccessMethodType` may be provided.
|
230
157
|
# Providing both results in `InvalidArgsException`.
|
231
158
|
#
|
232
|
-
# @note When making an API call, you may pass AccessMethod
|
233
|
-
# data as a hash:
|
234
|
-
#
|
235
|
-
# {
|
236
|
-
# custom_object_identifier: "CustomObjectIdentifier",
|
237
|
-
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
238
|
-
# }
|
239
|
-
#
|
240
159
|
# @!attribute [rw] custom_object_identifier
|
241
160
|
# An object identifier (OID) specifying the `AccessMethod`. The OID
|
242
161
|
# must satisfy the regular expression shown below. For more
|
@@ -265,118 +184,12 @@ module Aws::ACMPCA
|
|
265
184
|
# variant must be selected, or else this parameter is ignored.
|
266
185
|
#
|
267
186
|
# If conflicting or duplicate certificate information is supplied from
|
268
|
-
# other sources,
|
269
|
-
# determine what information is used.
|
270
|
-
#
|
271
|
-
#
|
272
|
-
#
|
273
|
-
# [1]: https://docs.aws.amazon.com/
|
274
|
-
#
|
275
|
-
# @note When making an API call, you may pass ApiPassthrough
|
276
|
-
# data as a hash:
|
277
|
-
#
|
278
|
-
# {
|
279
|
-
# extensions: {
|
280
|
-
# certificate_policies: [
|
281
|
-
# {
|
282
|
-
# cert_policy_id: "CustomObjectIdentifier", # required
|
283
|
-
# policy_qualifiers: [
|
284
|
-
# {
|
285
|
-
# policy_qualifier_id: "CPS", # required, accepts CPS
|
286
|
-
# qualifier: { # required
|
287
|
-
# cps_uri: "String256", # required
|
288
|
-
# },
|
289
|
-
# },
|
290
|
-
# ],
|
291
|
-
# },
|
292
|
-
# ],
|
293
|
-
# extended_key_usage: [
|
294
|
-
# {
|
295
|
-
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
296
|
-
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
297
|
-
# },
|
298
|
-
# ],
|
299
|
-
# key_usage: {
|
300
|
-
# digital_signature: false,
|
301
|
-
# non_repudiation: false,
|
302
|
-
# key_encipherment: false,
|
303
|
-
# data_encipherment: false,
|
304
|
-
# key_agreement: false,
|
305
|
-
# key_cert_sign: false,
|
306
|
-
# crl_sign: false,
|
307
|
-
# encipher_only: false,
|
308
|
-
# decipher_only: false,
|
309
|
-
# },
|
310
|
-
# subject_alternative_names: [
|
311
|
-
# {
|
312
|
-
# other_name: {
|
313
|
-
# type_id: "CustomObjectIdentifier", # required
|
314
|
-
# value: "String256", # required
|
315
|
-
# },
|
316
|
-
# rfc_822_name: "String256",
|
317
|
-
# dns_name: "String253",
|
318
|
-
# directory_name: {
|
319
|
-
# country: "CountryCodeString",
|
320
|
-
# organization: "String64",
|
321
|
-
# organizational_unit: "String64",
|
322
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
323
|
-
# state: "String128",
|
324
|
-
# common_name: "String64",
|
325
|
-
# serial_number: "ASN1PrintableString64",
|
326
|
-
# locality: "String128",
|
327
|
-
# title: "String64",
|
328
|
-
# surname: "String40",
|
329
|
-
# given_name: "String16",
|
330
|
-
# initials: "String5",
|
331
|
-
# pseudonym: "String128",
|
332
|
-
# generation_qualifier: "String3",
|
333
|
-
# custom_attributes: [
|
334
|
-
# {
|
335
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
336
|
-
# value: "String1To256", # required
|
337
|
-
# },
|
338
|
-
# ],
|
339
|
-
# },
|
340
|
-
# edi_party_name: {
|
341
|
-
# party_name: "String256", # required
|
342
|
-
# name_assigner: "String256",
|
343
|
-
# },
|
344
|
-
# uniform_resource_identifier: "String253",
|
345
|
-
# ip_address: "String39",
|
346
|
-
# registered_id: "CustomObjectIdentifier",
|
347
|
-
# },
|
348
|
-
# ],
|
349
|
-
# custom_extensions: [
|
350
|
-
# {
|
351
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
352
|
-
# value: "Base64String1To4096", # required
|
353
|
-
# critical: false,
|
354
|
-
# },
|
355
|
-
# ],
|
356
|
-
# },
|
357
|
-
# subject: {
|
358
|
-
# country: "CountryCodeString",
|
359
|
-
# organization: "String64",
|
360
|
-
# organizational_unit: "String64",
|
361
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
362
|
-
# state: "String128",
|
363
|
-
# common_name: "String64",
|
364
|
-
# serial_number: "ASN1PrintableString64",
|
365
|
-
# locality: "String128",
|
366
|
-
# title: "String64",
|
367
|
-
# surname: "String40",
|
368
|
-
# given_name: "String16",
|
369
|
-
# initials: "String5",
|
370
|
-
# pseudonym: "String128",
|
371
|
-
# generation_qualifier: "String3",
|
372
|
-
# custom_attributes: [
|
373
|
-
# {
|
374
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
375
|
-
# value: "String1To256", # required
|
376
|
-
# },
|
377
|
-
# ],
|
378
|
-
# },
|
379
|
-
# }
|
187
|
+
# other sources, Amazon Web Services Private CA applies [order of
|
188
|
+
# operation rules][1] to determine what information is used.
|
189
|
+
#
|
190
|
+
#
|
191
|
+
#
|
192
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
|
380
193
|
#
|
381
194
|
# @!attribute [rw] extensions
|
382
195
|
# Specifies X.509 extension information for a certificate.
|
@@ -409,16 +222,16 @@ module Aws::ACMPCA
|
|
409
222
|
# [CreateCertificateAuthority][1] action to create your private CA. You
|
410
223
|
# must then call the [GetCertificateAuthorityCertificate][2] action to
|
411
224
|
# retrieve a private CA certificate signing request (CSR). Sign the CSR
|
412
|
-
# with your
|
413
|
-
# certificate. Call the
|
414
|
-
# action to import the signed
|
415
|
-
# (ACM).
|
225
|
+
# with your Amazon Web Services Private CA-hosted or on-premises root or
|
226
|
+
# subordinate CA certificate. Call the
|
227
|
+
# [ImportCertificateAuthorityCertificate][3] action to import the signed
|
228
|
+
# certificate into Certificate Manager (ACM).
|
416
229
|
#
|
417
230
|
#
|
418
231
|
#
|
419
|
-
# [1]: https://docs.aws.amazon.com/
|
420
|
-
# [2]: https://docs.aws.amazon.com/
|
421
|
-
# [3]: https://docs.aws.amazon.com/
|
232
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
233
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html
|
234
|
+
# [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
|
422
235
|
#
|
423
236
|
# @!attribute [rw] arn
|
424
237
|
# Amazon Resource Name (ARN) for your private certificate authority
|
@@ -479,7 +292,7 @@ module Aws::ACMPCA
|
|
479
292
|
#
|
480
293
|
#
|
481
294
|
#
|
482
|
-
# [1]: https://docs.aws.amazon.com/
|
295
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
|
483
296
|
# @return [Time]
|
484
297
|
#
|
485
298
|
# @!attribute [rw] key_storage_security_standard
|
@@ -537,95 +350,7 @@ module Aws::ACMPCA
|
|
537
350
|
#
|
538
351
|
#
|
539
352
|
#
|
540
|
-
# [1]: https://docs.aws.amazon.com/
|
541
|
-
#
|
542
|
-
# @note When making an API call, you may pass CertificateAuthorityConfiguration
|
543
|
-
# data as a hash:
|
544
|
-
#
|
545
|
-
# {
|
546
|
-
# key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
|
547
|
-
# signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
|
548
|
-
# subject: { # required
|
549
|
-
# country: "CountryCodeString",
|
550
|
-
# organization: "String64",
|
551
|
-
# organizational_unit: "String64",
|
552
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
553
|
-
# state: "String128",
|
554
|
-
# common_name: "String64",
|
555
|
-
# serial_number: "ASN1PrintableString64",
|
556
|
-
# locality: "String128",
|
557
|
-
# title: "String64",
|
558
|
-
# surname: "String40",
|
559
|
-
# given_name: "String16",
|
560
|
-
# initials: "String5",
|
561
|
-
# pseudonym: "String128",
|
562
|
-
# generation_qualifier: "String3",
|
563
|
-
# custom_attributes: [
|
564
|
-
# {
|
565
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
566
|
-
# value: "String1To256", # required
|
567
|
-
# },
|
568
|
-
# ],
|
569
|
-
# },
|
570
|
-
# csr_extensions: {
|
571
|
-
# key_usage: {
|
572
|
-
# digital_signature: false,
|
573
|
-
# non_repudiation: false,
|
574
|
-
# key_encipherment: false,
|
575
|
-
# data_encipherment: false,
|
576
|
-
# key_agreement: false,
|
577
|
-
# key_cert_sign: false,
|
578
|
-
# crl_sign: false,
|
579
|
-
# encipher_only: false,
|
580
|
-
# decipher_only: false,
|
581
|
-
# },
|
582
|
-
# subject_information_access: [
|
583
|
-
# {
|
584
|
-
# access_method: { # required
|
585
|
-
# custom_object_identifier: "CustomObjectIdentifier",
|
586
|
-
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
587
|
-
# },
|
588
|
-
# access_location: { # required
|
589
|
-
# other_name: {
|
590
|
-
# type_id: "CustomObjectIdentifier", # required
|
591
|
-
# value: "String256", # required
|
592
|
-
# },
|
593
|
-
# rfc_822_name: "String256",
|
594
|
-
# dns_name: "String253",
|
595
|
-
# directory_name: {
|
596
|
-
# country: "CountryCodeString",
|
597
|
-
# organization: "String64",
|
598
|
-
# organizational_unit: "String64",
|
599
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
600
|
-
# state: "String128",
|
601
|
-
# common_name: "String64",
|
602
|
-
# serial_number: "ASN1PrintableString64",
|
603
|
-
# locality: "String128",
|
604
|
-
# title: "String64",
|
605
|
-
# surname: "String40",
|
606
|
-
# given_name: "String16",
|
607
|
-
# initials: "String5",
|
608
|
-
# pseudonym: "String128",
|
609
|
-
# generation_qualifier: "String3",
|
610
|
-
# custom_attributes: [
|
611
|
-
# {
|
612
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
613
|
-
# value: "String1To256", # required
|
614
|
-
# },
|
615
|
-
# ],
|
616
|
-
# },
|
617
|
-
# edi_party_name: {
|
618
|
-
# party_name: "String256", # required
|
619
|
-
# name_assigner: "String256",
|
620
|
-
# },
|
621
|
-
# uniform_resource_identifier: "String253",
|
622
|
-
# ip_address: "String39",
|
623
|
-
# registered_id: "CustomObjectIdentifier",
|
624
|
-
# },
|
625
|
-
# },
|
626
|
-
# ],
|
627
|
-
# },
|
628
|
-
# }
|
353
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
629
354
|
#
|
630
355
|
# @!attribute [rw] key_algorithm
|
631
356
|
# Type of the public key algorithm and size, in bits, of the key pair
|
@@ -690,15 +415,6 @@ module Aws::ACMPCA
|
|
690
415
|
include Aws::Structure
|
691
416
|
end
|
692
417
|
|
693
|
-
# @note When making an API call, you may pass CreateCertificateAuthorityAuditReportRequest
|
694
|
-
# data as a hash:
|
695
|
-
#
|
696
|
-
# {
|
697
|
-
# certificate_authority_arn: "Arn", # required
|
698
|
-
# s3_bucket_name: "S3BucketName", # required
|
699
|
-
# audit_report_response_format: "JSON", # required, accepts JSON, CSV
|
700
|
-
# }
|
701
|
-
#
|
702
418
|
# @!attribute [rw] certificate_authority_arn
|
703
419
|
# The Amazon Resource Name (ARN) of the CA to be audited. This is of
|
704
420
|
# the form:
|
@@ -744,119 +460,6 @@ module Aws::ACMPCA
|
|
744
460
|
include Aws::Structure
|
745
461
|
end
|
746
462
|
|
747
|
-
# @note When making an API call, you may pass CreateCertificateAuthorityRequest
|
748
|
-
# data as a hash:
|
749
|
-
#
|
750
|
-
# {
|
751
|
-
# certificate_authority_configuration: { # required
|
752
|
-
# key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
|
753
|
-
# signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
|
754
|
-
# subject: { # required
|
755
|
-
# country: "CountryCodeString",
|
756
|
-
# organization: "String64",
|
757
|
-
# organizational_unit: "String64",
|
758
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
759
|
-
# state: "String128",
|
760
|
-
# common_name: "String64",
|
761
|
-
# serial_number: "ASN1PrintableString64",
|
762
|
-
# locality: "String128",
|
763
|
-
# title: "String64",
|
764
|
-
# surname: "String40",
|
765
|
-
# given_name: "String16",
|
766
|
-
# initials: "String5",
|
767
|
-
# pseudonym: "String128",
|
768
|
-
# generation_qualifier: "String3",
|
769
|
-
# custom_attributes: [
|
770
|
-
# {
|
771
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
772
|
-
# value: "String1To256", # required
|
773
|
-
# },
|
774
|
-
# ],
|
775
|
-
# },
|
776
|
-
# csr_extensions: {
|
777
|
-
# key_usage: {
|
778
|
-
# digital_signature: false,
|
779
|
-
# non_repudiation: false,
|
780
|
-
# key_encipherment: false,
|
781
|
-
# data_encipherment: false,
|
782
|
-
# key_agreement: false,
|
783
|
-
# key_cert_sign: false,
|
784
|
-
# crl_sign: false,
|
785
|
-
# encipher_only: false,
|
786
|
-
# decipher_only: false,
|
787
|
-
# },
|
788
|
-
# subject_information_access: [
|
789
|
-
# {
|
790
|
-
# access_method: { # required
|
791
|
-
# custom_object_identifier: "CustomObjectIdentifier",
|
792
|
-
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
793
|
-
# },
|
794
|
-
# access_location: { # required
|
795
|
-
# other_name: {
|
796
|
-
# type_id: "CustomObjectIdentifier", # required
|
797
|
-
# value: "String256", # required
|
798
|
-
# },
|
799
|
-
# rfc_822_name: "String256",
|
800
|
-
# dns_name: "String253",
|
801
|
-
# directory_name: {
|
802
|
-
# country: "CountryCodeString",
|
803
|
-
# organization: "String64",
|
804
|
-
# organizational_unit: "String64",
|
805
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
806
|
-
# state: "String128",
|
807
|
-
# common_name: "String64",
|
808
|
-
# serial_number: "ASN1PrintableString64",
|
809
|
-
# locality: "String128",
|
810
|
-
# title: "String64",
|
811
|
-
# surname: "String40",
|
812
|
-
# given_name: "String16",
|
813
|
-
# initials: "String5",
|
814
|
-
# pseudonym: "String128",
|
815
|
-
# generation_qualifier: "String3",
|
816
|
-
# custom_attributes: [
|
817
|
-
# {
|
818
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
819
|
-
# value: "String1To256", # required
|
820
|
-
# },
|
821
|
-
# ],
|
822
|
-
# },
|
823
|
-
# edi_party_name: {
|
824
|
-
# party_name: "String256", # required
|
825
|
-
# name_assigner: "String256",
|
826
|
-
# },
|
827
|
-
# uniform_resource_identifier: "String253",
|
828
|
-
# ip_address: "String39",
|
829
|
-
# registered_id: "CustomObjectIdentifier",
|
830
|
-
# },
|
831
|
-
# },
|
832
|
-
# ],
|
833
|
-
# },
|
834
|
-
# },
|
835
|
-
# revocation_configuration: {
|
836
|
-
# crl_configuration: {
|
837
|
-
# enabled: false, # required
|
838
|
-
# expiration_in_days: 1,
|
839
|
-
# custom_cname: "String253",
|
840
|
-
# s3_bucket_name: "String3To255",
|
841
|
-
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
842
|
-
# },
|
843
|
-
# ocsp_configuration: {
|
844
|
-
# enabled: false, # required
|
845
|
-
# ocsp_custom_cname: "String253",
|
846
|
-
# },
|
847
|
-
# },
|
848
|
-
# certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
|
849
|
-
# idempotency_token: "IdempotencyToken",
|
850
|
-
# key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER
|
851
|
-
# tags: [
|
852
|
-
# {
|
853
|
-
# key: "TagKey", # required
|
854
|
-
# value: "TagValue",
|
855
|
-
# },
|
856
|
-
# ],
|
857
|
-
# usage_mode: "GENERAL_PURPOSE", # accepts GENERAL_PURPOSE, SHORT_LIVED_CERTIFICATE
|
858
|
-
# }
|
859
|
-
#
|
860
463
|
# @!attribute [rw] certificate_authority_configuration
|
861
464
|
# Name and bit size of the private key algorithm, the name of the
|
862
465
|
# signing algorithm, and X.500 certificate subject information.
|
@@ -866,14 +469,36 @@ module Aws::ACMPCA
|
|
866
469
|
# Contains information to enable Online Certificate Status Protocol
|
867
470
|
# (OCSP) support, to enable a certificate revocation list (CRL), to
|
868
471
|
# enable both, or to enable neither. The default is for both
|
869
|
-
# certificate validation mechanisms to be disabled.
|
870
|
-
#
|
871
|
-
#
|
472
|
+
# certificate validation mechanisms to be disabled.
|
473
|
+
#
|
474
|
+
# <note markdown="1"> The following requirements apply to revocation configurations.
|
475
|
+
#
|
476
|
+
# * A configuration disabling CRLs or OCSP must contain only the
|
477
|
+
# `Enabled=False` parameter, and will fail if other parameters such
|
478
|
+
# as `CustomCname` or `ExpirationInDays` are included.
|
872
479
|
#
|
480
|
+
# * In a CRL configuration, the `S3BucketName` parameter must conform
|
481
|
+
# to [Amazon S3 bucket naming rules][1].
|
873
482
|
#
|
483
|
+
# * A configuration containing a custom Canonical Name (CNAME)
|
484
|
+
# parameter for CRLs or OCSP must conform to [RFC2396][2]
|
485
|
+
# restrictions on the use of special characters in a CNAME.
|
874
486
|
#
|
875
|
-
#
|
876
|
-
#
|
487
|
+
# * In a CRL or OCSP configuration, the value of a CNAME parameter
|
488
|
+
# must not include a protocol prefix such as "http://" or
|
489
|
+
# "https://".
|
490
|
+
#
|
491
|
+
# </note>
|
492
|
+
#
|
493
|
+
# For more information, see the [OcspConfiguration][3] and
|
494
|
+
# [CrlConfiguration][4] types.
|
495
|
+
#
|
496
|
+
#
|
497
|
+
#
|
498
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
|
499
|
+
# [2]: https://www.ietf.org/rfc/rfc2396.txt
|
500
|
+
# [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
|
501
|
+
# [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
|
877
502
|
# @return [Types::RevocationConfiguration]
|
878
503
|
#
|
879
504
|
# @!attribute [rw] certificate_authority_type
|
@@ -885,11 +510,11 @@ module Aws::ACMPCA
|
|
885
510
|
# **CreateCertificateAuthority** action. Idempotency tokens for
|
886
511
|
# **CreateCertificateAuthority** time out after five minutes.
|
887
512
|
# Therefore, if you call **CreateCertificateAuthority** multiple times
|
888
|
-
# with the same idempotency token within five minutes,
|
889
|
-
# recognizes that you are requesting only
|
890
|
-
# will issue only one. If you change the
|
891
|
-
#
|
892
|
-
# authorities.
|
513
|
+
# with the same idempotency token within five minutes, Amazon Web
|
514
|
+
# Services Private CA recognizes that you are requesting only
|
515
|
+
# certificate authority and will issue only one. If you change the
|
516
|
+
# idempotency token for each call, Amazon Web Services Private CA
|
517
|
+
# recognizes that you are requesting multiple certificate authorities.
|
893
518
|
# @return [String]
|
894
519
|
#
|
895
520
|
# @!attribute [rw] key_storage_security_standard
|
@@ -963,16 +588,6 @@ module Aws::ACMPCA
|
|
963
588
|
include Aws::Structure
|
964
589
|
end
|
965
590
|
|
966
|
-
# @note When making an API call, you may pass CreatePermissionRequest
|
967
|
-
# data as a hash:
|
968
|
-
#
|
969
|
-
# {
|
970
|
-
# certificate_authority_arn: "Arn", # required
|
971
|
-
# principal: "Principal", # required
|
972
|
-
# source_account: "AccountId",
|
973
|
-
# actions: ["IssueCertificate"], # required, accepts IssueCertificate, GetCertificate, ListPermissions
|
974
|
-
# }
|
975
|
-
#
|
976
591
|
# @!attribute [rw] certificate_authority_arn
|
977
592
|
# The Amazon Resource Name (ARN) of the CA that grants the
|
978
593
|
# permissions. You can find the ARN by calling the
|
@@ -984,7 +599,7 @@ module Aws::ACMPCA
|
|
984
599
|
#
|
985
600
|
#
|
986
601
|
#
|
987
|
-
# [1]: https://docs.aws.amazon.com/
|
602
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
|
988
603
|
# @return [String]
|
989
604
|
#
|
990
605
|
# @!attribute [rw] principal
|
@@ -1023,10 +638,11 @@ module Aws::ACMPCA
|
|
1023
638
|
# specifying a value for the **CustomCname** parameter. Your private CA
|
1024
639
|
# copies the CNAME or the S3 bucket name to the **CRL Distribution
|
1025
640
|
# Points** extension of each certificate it issues. Your S3 bucket
|
1026
|
-
# policy must give write permission to
|
641
|
+
# policy must give write permission to Amazon Web Services Private CA.
|
1027
642
|
#
|
1028
|
-
#
|
1029
|
-
# with encryption. For more information, see [Encrypting
|
643
|
+
# Amazon Web Services Private CA assets that are stored in Amazon S3 can
|
644
|
+
# be protected with encryption. For more information, see [Encrypting
|
645
|
+
# Your CRLs][1].
|
1030
646
|
#
|
1031
647
|
# Your private CA uses the value in the **ExpirationInDays** parameter
|
1032
648
|
# to calculate the **nextUpdate** field in the CRL. The CRL is refreshed
|
@@ -1036,8 +652,8 @@ module Aws::ACMPCA
|
|
1036
652
|
# expiration, and it always appears in the audit report.
|
1037
653
|
#
|
1038
654
|
# A CRL is typically updated approximately 30 minutes after a
|
1039
|
-
# certificate is revoked. If for any reason a CRL update fails,
|
1040
|
-
# Private CA makes further attempts every 15 minutes.
|
655
|
+
# certificate is revoked. If for any reason a CRL update fails, Amazon
|
656
|
+
# Web Services Private CA makes further attempts every 15 minutes.
|
1041
657
|
#
|
1042
658
|
# CRLs contain the following fields:
|
1043
659
|
#
|
@@ -1081,29 +697,20 @@ module Aws::ACMPCA
|
|
1081
697
|
#
|
1082
698
|
# * **Signature Value**\: Signature computed over the CRL.
|
1083
699
|
#
|
1084
|
-
# Certificate revocation lists created by
|
1085
|
-
# DER-encoded. You can use the following OpenSSL command to list a
|
700
|
+
# Certificate revocation lists created by Amazon Web Services Private CA
|
701
|
+
# are DER-encoded. You can use the following OpenSSL command to list a
|
702
|
+
# CRL.
|
1086
703
|
#
|
1087
704
|
# `openssl crl -inform DER -text -in crl_path -noout`
|
1088
705
|
#
|
1089
706
|
# For more information, see [Planning a certificate revocation list
|
1090
|
-
# (CRL)][2] in the *Private Certificate Authority
|
1091
|
-
#
|
1092
|
-
#
|
707
|
+
# (CRL)][2] in the *Amazon Web Services Private Certificate Authority
|
708
|
+
# User Guide*
|
1093
709
|
#
|
1094
|
-
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
|
1095
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html
|
1096
710
|
#
|
1097
|
-
# @note When making an API call, you may pass CrlConfiguration
|
1098
|
-
# data as a hash:
|
1099
711
|
#
|
1100
|
-
#
|
1101
|
-
#
|
1102
|
-
# expiration_in_days: 1,
|
1103
|
-
# custom_cname: "String253",
|
1104
|
-
# s3_bucket_name: "String3To255",
|
1105
|
-
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
1106
|
-
# }
|
712
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption
|
713
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html
|
1107
714
|
#
|
1108
715
|
# @!attribute [rw] enabled
|
1109
716
|
# Boolean value that specifies whether certificate revocation lists
|
@@ -1114,8 +721,8 @@ module Aws::ACMPCA
|
|
1114
721
|
#
|
1115
722
|
#
|
1116
723
|
#
|
1117
|
-
# [1]: https://docs.aws.amazon.com/
|
1118
|
-
# [2]: https://docs.aws.amazon.com/
|
724
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
725
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
|
1119
726
|
# @return [Boolean]
|
1120
727
|
#
|
1121
728
|
# @!attribute [rw] expiration_in_days
|
@@ -1127,6 +734,17 @@ module Aws::ACMPCA
|
|
1127
734
|
# extension that enables the use of an alias for the CRL distribution
|
1128
735
|
# point. Use this value if you don't want the name of your S3 bucket
|
1129
736
|
# to be public.
|
737
|
+
#
|
738
|
+
# <note markdown="1"> The content of a Canonical Name (CNAME) record must conform to
|
739
|
+
# [RFC2396][1] restrictions on the use of special characters in URIs.
|
740
|
+
# Additionally, the value of the CNAME must not include a protocol
|
741
|
+
# prefix such as "http://" or "https://".
|
742
|
+
#
|
743
|
+
# </note>
|
744
|
+
#
|
745
|
+
#
|
746
|
+
#
|
747
|
+
# [1]: https://www.ietf.org/rfc/rfc2396.txt
|
1130
748
|
# @return [String]
|
1131
749
|
#
|
1132
750
|
# @!attribute [rw] s3_bucket_name
|
@@ -1135,13 +753,19 @@ module Aws::ACMPCA
|
|
1135
753
|
# is placed into the **CRL Distribution Points** extension of the
|
1136
754
|
# issued certificate. You can change the name of your bucket by
|
1137
755
|
# calling the [UpdateCertificateAuthority][1] operation. You must
|
1138
|
-
# specify a [bucket policy][2] that allows
|
1139
|
-
# CRL to your bucket.
|
756
|
+
# specify a [bucket policy][2] that allows Amazon Web Services Private
|
757
|
+
# CA to write the CRL to your bucket.
|
1140
758
|
#
|
759
|
+
# <note markdown="1"> The `S3BucketName` parameter must conform to the [S3 bucket naming
|
760
|
+
# rules][3].
|
1141
761
|
#
|
762
|
+
# </note>
|
1142
763
|
#
|
1143
|
-
#
|
1144
|
-
#
|
764
|
+
#
|
765
|
+
#
|
766
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
|
767
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies
|
768
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
|
1145
769
|
# @return [String]
|
1146
770
|
#
|
1147
771
|
# @!attribute [rw] s3_object_acl
|
@@ -1167,7 +791,7 @@ module Aws::ACMPCA
|
|
1167
791
|
#
|
1168
792
|
#
|
1169
793
|
#
|
1170
|
-
# [1]: https://docs.aws.amazon.com/
|
794
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa
|
1171
795
|
# @return [String]
|
1172
796
|
#
|
1173
797
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlConfiguration AWS API Documentation
|
@@ -1185,68 +809,6 @@ module Aws::ACMPCA
|
|
1185
809
|
# Describes the certificate extensions to be added to the certificate
|
1186
810
|
# signing request (CSR).
|
1187
811
|
#
|
1188
|
-
# @note When making an API call, you may pass CsrExtensions
|
1189
|
-
# data as a hash:
|
1190
|
-
#
|
1191
|
-
# {
|
1192
|
-
# key_usage: {
|
1193
|
-
# digital_signature: false,
|
1194
|
-
# non_repudiation: false,
|
1195
|
-
# key_encipherment: false,
|
1196
|
-
# data_encipherment: false,
|
1197
|
-
# key_agreement: false,
|
1198
|
-
# key_cert_sign: false,
|
1199
|
-
# crl_sign: false,
|
1200
|
-
# encipher_only: false,
|
1201
|
-
# decipher_only: false,
|
1202
|
-
# },
|
1203
|
-
# subject_information_access: [
|
1204
|
-
# {
|
1205
|
-
# access_method: { # required
|
1206
|
-
# custom_object_identifier: "CustomObjectIdentifier",
|
1207
|
-
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
1208
|
-
# },
|
1209
|
-
# access_location: { # required
|
1210
|
-
# other_name: {
|
1211
|
-
# type_id: "CustomObjectIdentifier", # required
|
1212
|
-
# value: "String256", # required
|
1213
|
-
# },
|
1214
|
-
# rfc_822_name: "String256",
|
1215
|
-
# dns_name: "String253",
|
1216
|
-
# directory_name: {
|
1217
|
-
# country: "CountryCodeString",
|
1218
|
-
# organization: "String64",
|
1219
|
-
# organizational_unit: "String64",
|
1220
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1221
|
-
# state: "String128",
|
1222
|
-
# common_name: "String64",
|
1223
|
-
# serial_number: "ASN1PrintableString64",
|
1224
|
-
# locality: "String128",
|
1225
|
-
# title: "String64",
|
1226
|
-
# surname: "String40",
|
1227
|
-
# given_name: "String16",
|
1228
|
-
# initials: "String5",
|
1229
|
-
# pseudonym: "String128",
|
1230
|
-
# generation_qualifier: "String3",
|
1231
|
-
# custom_attributes: [
|
1232
|
-
# {
|
1233
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
1234
|
-
# value: "String1To256", # required
|
1235
|
-
# },
|
1236
|
-
# ],
|
1237
|
-
# },
|
1238
|
-
# edi_party_name: {
|
1239
|
-
# party_name: "String256", # required
|
1240
|
-
# name_assigner: "String256",
|
1241
|
-
# },
|
1242
|
-
# uniform_resource_identifier: "String253",
|
1243
|
-
# ip_address: "String39",
|
1244
|
-
# registered_id: "CustomObjectIdentifier",
|
1245
|
-
# },
|
1246
|
-
# },
|
1247
|
-
# ],
|
1248
|
-
# }
|
1249
|
-
#
|
1250
812
|
# @!attribute [rw] key_usage
|
1251
813
|
# Indicates the purpose of the certificate and of the key contained in
|
1252
814
|
# the certificate.
|
@@ -1273,14 +835,6 @@ module Aws::ACMPCA
|
|
1273
835
|
|
1274
836
|
# Defines the X.500 relative distinguished name (RDN).
|
1275
837
|
#
|
1276
|
-
# @note When making an API call, you may pass CustomAttribute
|
1277
|
-
# data as a hash:
|
1278
|
-
#
|
1279
|
-
# {
|
1280
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
1281
|
-
# value: "String1To256", # required
|
1282
|
-
# }
|
1283
|
-
#
|
1284
838
|
# @!attribute [rw] object_identifier
|
1285
839
|
# Specifies the object identifier (OID) of the attribute type of the
|
1286
840
|
# relative distinguished name (RDN).
|
@@ -1306,16 +860,7 @@ module Aws::ACMPCA
|
|
1306
860
|
#
|
1307
861
|
#
|
1308
862
|
#
|
1309
|
-
# [1]: https://docs.aws.amazon.com/
|
1310
|
-
#
|
1311
|
-
# @note When making an API call, you may pass CustomExtension
|
1312
|
-
# data as a hash:
|
1313
|
-
#
|
1314
|
-
# {
|
1315
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
1316
|
-
# value: "Base64String1To4096", # required
|
1317
|
-
# critical: false,
|
1318
|
-
# }
|
863
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
|
1319
864
|
#
|
1320
865
|
# @!attribute [rw] object_identifier
|
1321
866
|
# Specifies the object identifier (OID) of the X.509 extension. For
|
@@ -1344,14 +889,6 @@ module Aws::ACMPCA
|
|
1344
889
|
include Aws::Structure
|
1345
890
|
end
|
1346
891
|
|
1347
|
-
# @note When making an API call, you may pass DeleteCertificateAuthorityRequest
|
1348
|
-
# data as a hash:
|
1349
|
-
#
|
1350
|
-
# {
|
1351
|
-
# certificate_authority_arn: "Arn", # required
|
1352
|
-
# permanent_deletion_time_in_days: 1,
|
1353
|
-
# }
|
1354
|
-
#
|
1355
892
|
# @!attribute [rw] certificate_authority_arn
|
1356
893
|
# The Amazon Resource Name (ARN) that was returned when you called
|
1357
894
|
# [CreateCertificateAuthority][1]. This must have the following form:
|
@@ -1361,7 +898,7 @@ module Aws::ACMPCA
|
|
1361
898
|
#
|
1362
899
|
#
|
1363
900
|
#
|
1364
|
-
# [1]: https://docs.aws.amazon.com/
|
901
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
1365
902
|
# @return [String]
|
1366
903
|
#
|
1367
904
|
# @!attribute [rw] permanent_deletion_time_in_days
|
@@ -1379,15 +916,6 @@ module Aws::ACMPCA
|
|
1379
916
|
include Aws::Structure
|
1380
917
|
end
|
1381
918
|
|
1382
|
-
# @note When making an API call, you may pass DeletePermissionRequest
|
1383
|
-
# data as a hash:
|
1384
|
-
#
|
1385
|
-
# {
|
1386
|
-
# certificate_authority_arn: "Arn", # required
|
1387
|
-
# principal: "Principal", # required
|
1388
|
-
# source_account: "AccountId",
|
1389
|
-
# }
|
1390
|
-
#
|
1391
919
|
# @!attribute [rw] certificate_authority_arn
|
1392
920
|
# The Amazon Resource Number (ARN) of the private CA that issued the
|
1393
921
|
# permissions. You can find the CA's ARN by calling the
|
@@ -1399,7 +927,7 @@ module Aws::ACMPCA
|
|
1399
927
|
#
|
1400
928
|
#
|
1401
929
|
#
|
1402
|
-
# [1]: https://docs.aws.amazon.com/
|
930
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
|
1403
931
|
# @return [String]
|
1404
932
|
#
|
1405
933
|
# @!attribute [rw] principal
|
@@ -1422,13 +950,6 @@ module Aws::ACMPCA
|
|
1422
950
|
include Aws::Structure
|
1423
951
|
end
|
1424
952
|
|
1425
|
-
# @note When making an API call, you may pass DeletePolicyRequest
|
1426
|
-
# data as a hash:
|
1427
|
-
#
|
1428
|
-
# {
|
1429
|
-
# resource_arn: "Arn", # required
|
1430
|
-
# }
|
1431
|
-
#
|
1432
953
|
# @!attribute [rw] resource_arn
|
1433
954
|
# The Amazon Resource Number (ARN) of the private CA that will have
|
1434
955
|
# its policy deleted. You can find the CA's ARN by calling the
|
@@ -1438,7 +959,7 @@ module Aws::ACMPCA
|
|
1438
959
|
#
|
1439
960
|
#
|
1440
961
|
#
|
1441
|
-
# [1]: https://docs.aws.amazon.com/
|
962
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
|
1442
963
|
# @return [String]
|
1443
964
|
#
|
1444
965
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicyRequest AWS API Documentation
|
@@ -1449,14 +970,6 @@ module Aws::ACMPCA
|
|
1449
970
|
include Aws::Structure
|
1450
971
|
end
|
1451
972
|
|
1452
|
-
# @note When making an API call, you may pass DescribeCertificateAuthorityAuditReportRequest
|
1453
|
-
# data as a hash:
|
1454
|
-
#
|
1455
|
-
# {
|
1456
|
-
# certificate_authority_arn: "Arn", # required
|
1457
|
-
# audit_report_id: "AuditReportId", # required
|
1458
|
-
# }
|
1459
|
-
#
|
1460
973
|
# @!attribute [rw] certificate_authority_arn
|
1461
974
|
# The Amazon Resource Name (ARN) of the private CA. This must be of
|
1462
975
|
# the form:
|
@@ -1471,7 +984,7 @@ module Aws::ACMPCA
|
|
1471
984
|
#
|
1472
985
|
#
|
1473
986
|
#
|
1474
|
-
# [1]: https://docs.aws.amazon.com/
|
987
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
|
1475
988
|
# @return [String]
|
1476
989
|
#
|
1477
990
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReportRequest AWS API Documentation
|
@@ -1512,13 +1025,6 @@ module Aws::ACMPCA
|
|
1512
1025
|
include Aws::Structure
|
1513
1026
|
end
|
1514
1027
|
|
1515
|
-
# @note When making an API call, you may pass DescribeCertificateAuthorityRequest
|
1516
|
-
# data as a hash:
|
1517
|
-
#
|
1518
|
-
# {
|
1519
|
-
# certificate_authority_arn: "Arn", # required
|
1520
|
-
# }
|
1521
|
-
#
|
1522
1028
|
# @!attribute [rw] certificate_authority_arn
|
1523
1029
|
# The Amazon Resource Name (ARN) that was returned when you called
|
1524
1030
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
@@ -1528,7 +1034,7 @@ module Aws::ACMPCA
|
|
1528
1034
|
#
|
1529
1035
|
#
|
1530
1036
|
#
|
1531
|
-
# [1]: https://docs.aws.amazon.com/
|
1037
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
1532
1038
|
# @return [String]
|
1533
1039
|
#
|
1534
1040
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityRequest AWS API Documentation
|
@@ -1545,7 +1051,7 @@ module Aws::ACMPCA
|
|
1545
1051
|
#
|
1546
1052
|
#
|
1547
1053
|
#
|
1548
|
-
# [1]: https://docs.aws.amazon.com/
|
1054
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthority.html
|
1549
1055
|
# @return [Types::CertificateAuthority]
|
1550
1056
|
#
|
1551
1057
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityResponse AWS API Documentation
|
@@ -1563,14 +1069,6 @@ module Aws::ACMPCA
|
|
1563
1069
|
#
|
1564
1070
|
# [1]: https://datatracker.ietf.org/doc/html/rfc5280
|
1565
1071
|
#
|
1566
|
-
# @note When making an API call, you may pass EdiPartyName
|
1567
|
-
# data as a hash:
|
1568
|
-
#
|
1569
|
-
# {
|
1570
|
-
# party_name: "String256", # required
|
1571
|
-
# name_assigner: "String256",
|
1572
|
-
# }
|
1573
|
-
#
|
1574
1072
|
# @!attribute [rw] party_name
|
1575
1073
|
# Specifies the party name.
|
1576
1074
|
# @return [String]
|
@@ -1592,14 +1090,6 @@ module Aws::ACMPCA
|
|
1592
1090
|
# be used other than basic purposes indicated in the `KeyUsage`
|
1593
1091
|
# extension.
|
1594
1092
|
#
|
1595
|
-
# @note When making an API call, you may pass ExtendedKeyUsage
|
1596
|
-
# data as a hash:
|
1597
|
-
#
|
1598
|
-
# {
|
1599
|
-
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
1600
|
-
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
1601
|
-
# }
|
1602
|
-
#
|
1603
1093
|
# @!attribute [rw] extended_key_usage_type
|
1604
1094
|
# Specifies a standard `ExtendedKeyUsage` as defined as in [RFC
|
1605
1095
|
# 5280][1].
|
@@ -1625,88 +1115,6 @@ module Aws::ACMPCA
|
|
1625
1115
|
|
1626
1116
|
# Contains X.509 extension information for a certificate.
|
1627
1117
|
#
|
1628
|
-
# @note When making an API call, you may pass Extensions
|
1629
|
-
# data as a hash:
|
1630
|
-
#
|
1631
|
-
# {
|
1632
|
-
# certificate_policies: [
|
1633
|
-
# {
|
1634
|
-
# cert_policy_id: "CustomObjectIdentifier", # required
|
1635
|
-
# policy_qualifiers: [
|
1636
|
-
# {
|
1637
|
-
# policy_qualifier_id: "CPS", # required, accepts CPS
|
1638
|
-
# qualifier: { # required
|
1639
|
-
# cps_uri: "String256", # required
|
1640
|
-
# },
|
1641
|
-
# },
|
1642
|
-
# ],
|
1643
|
-
# },
|
1644
|
-
# ],
|
1645
|
-
# extended_key_usage: [
|
1646
|
-
# {
|
1647
|
-
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
1648
|
-
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
1649
|
-
# },
|
1650
|
-
# ],
|
1651
|
-
# key_usage: {
|
1652
|
-
# digital_signature: false,
|
1653
|
-
# non_repudiation: false,
|
1654
|
-
# key_encipherment: false,
|
1655
|
-
# data_encipherment: false,
|
1656
|
-
# key_agreement: false,
|
1657
|
-
# key_cert_sign: false,
|
1658
|
-
# crl_sign: false,
|
1659
|
-
# encipher_only: false,
|
1660
|
-
# decipher_only: false,
|
1661
|
-
# },
|
1662
|
-
# subject_alternative_names: [
|
1663
|
-
# {
|
1664
|
-
# other_name: {
|
1665
|
-
# type_id: "CustomObjectIdentifier", # required
|
1666
|
-
# value: "String256", # required
|
1667
|
-
# },
|
1668
|
-
# rfc_822_name: "String256",
|
1669
|
-
# dns_name: "String253",
|
1670
|
-
# directory_name: {
|
1671
|
-
# country: "CountryCodeString",
|
1672
|
-
# organization: "String64",
|
1673
|
-
# organizational_unit: "String64",
|
1674
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1675
|
-
# state: "String128",
|
1676
|
-
# common_name: "String64",
|
1677
|
-
# serial_number: "ASN1PrintableString64",
|
1678
|
-
# locality: "String128",
|
1679
|
-
# title: "String64",
|
1680
|
-
# surname: "String40",
|
1681
|
-
# given_name: "String16",
|
1682
|
-
# initials: "String5",
|
1683
|
-
# pseudonym: "String128",
|
1684
|
-
# generation_qualifier: "String3",
|
1685
|
-
# custom_attributes: [
|
1686
|
-
# {
|
1687
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
1688
|
-
# value: "String1To256", # required
|
1689
|
-
# },
|
1690
|
-
# ],
|
1691
|
-
# },
|
1692
|
-
# edi_party_name: {
|
1693
|
-
# party_name: "String256", # required
|
1694
|
-
# name_assigner: "String256",
|
1695
|
-
# },
|
1696
|
-
# uniform_resource_identifier: "String253",
|
1697
|
-
# ip_address: "String39",
|
1698
|
-
# registered_id: "CustomObjectIdentifier",
|
1699
|
-
# },
|
1700
|
-
# ],
|
1701
|
-
# custom_extensions: [
|
1702
|
-
# {
|
1703
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
1704
|
-
# value: "Base64String1To4096", # required
|
1705
|
-
# critical: false,
|
1706
|
-
# },
|
1707
|
-
# ],
|
1708
|
-
# }
|
1709
|
-
#
|
1710
1118
|
# @!attribute [rw] certificate_policies
|
1711
1119
|
# Contains a sequence of one or more policy information terms, each of
|
1712
1120
|
# which consists of an object identifier (OID) and optional
|
@@ -1772,47 +1180,6 @@ module Aws::ACMPCA
|
|
1772
1180
|
#
|
1773
1181
|
# [1]: https://datatracker.ietf.org/doc/html/rfc5280
|
1774
1182
|
#
|
1775
|
-
# @note When making an API call, you may pass GeneralName
|
1776
|
-
# data as a hash:
|
1777
|
-
#
|
1778
|
-
# {
|
1779
|
-
# other_name: {
|
1780
|
-
# type_id: "CustomObjectIdentifier", # required
|
1781
|
-
# value: "String256", # required
|
1782
|
-
# },
|
1783
|
-
# rfc_822_name: "String256",
|
1784
|
-
# dns_name: "String253",
|
1785
|
-
# directory_name: {
|
1786
|
-
# country: "CountryCodeString",
|
1787
|
-
# organization: "String64",
|
1788
|
-
# organizational_unit: "String64",
|
1789
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
1790
|
-
# state: "String128",
|
1791
|
-
# common_name: "String64",
|
1792
|
-
# serial_number: "ASN1PrintableString64",
|
1793
|
-
# locality: "String128",
|
1794
|
-
# title: "String64",
|
1795
|
-
# surname: "String40",
|
1796
|
-
# given_name: "String16",
|
1797
|
-
# initials: "String5",
|
1798
|
-
# pseudonym: "String128",
|
1799
|
-
# generation_qualifier: "String3",
|
1800
|
-
# custom_attributes: [
|
1801
|
-
# {
|
1802
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
1803
|
-
# value: "String1To256", # required
|
1804
|
-
# },
|
1805
|
-
# ],
|
1806
|
-
# },
|
1807
|
-
# edi_party_name: {
|
1808
|
-
# party_name: "String256", # required
|
1809
|
-
# name_assigner: "String256",
|
1810
|
-
# },
|
1811
|
-
# uniform_resource_identifier: "String253",
|
1812
|
-
# ip_address: "String39",
|
1813
|
-
# registered_id: "CustomObjectIdentifier",
|
1814
|
-
# }
|
1815
|
-
#
|
1816
1183
|
# @!attribute [rw] other_name
|
1817
1184
|
# Represents `GeneralName` using an `OtherName` object.
|
1818
1185
|
# @return [Types::OtherName]
|
@@ -1870,13 +1237,6 @@ module Aws::ACMPCA
|
|
1870
1237
|
include Aws::Structure
|
1871
1238
|
end
|
1872
1239
|
|
1873
|
-
# @note When making an API call, you may pass GetCertificateAuthorityCertificateRequest
|
1874
|
-
# data as a hash:
|
1875
|
-
#
|
1876
|
-
# {
|
1877
|
-
# certificate_authority_arn: "Arn", # required
|
1878
|
-
# }
|
1879
|
-
#
|
1880
1240
|
# @!attribute [rw] certificate_authority_arn
|
1881
1241
|
# The Amazon Resource Name (ARN) of your private CA. This is of the
|
1882
1242
|
# form:
|
@@ -1913,13 +1273,6 @@ module Aws::ACMPCA
|
|
1913
1273
|
include Aws::Structure
|
1914
1274
|
end
|
1915
1275
|
|
1916
|
-
# @note When making an API call, you may pass GetCertificateAuthorityCsrRequest
|
1917
|
-
# data as a hash:
|
1918
|
-
#
|
1919
|
-
# {
|
1920
|
-
# certificate_authority_arn: "Arn", # required
|
1921
|
-
# }
|
1922
|
-
#
|
1923
1276
|
# @!attribute [rw] certificate_authority_arn
|
1924
1277
|
# The Amazon Resource Name (ARN) that was returned when you called the
|
1925
1278
|
# [CreateCertificateAuthority][1] action. This must be of the form:
|
@@ -1929,7 +1282,7 @@ module Aws::ACMPCA
|
|
1929
1282
|
#
|
1930
1283
|
#
|
1931
1284
|
#
|
1932
|
-
# [1]: https://docs.aws.amazon.com/
|
1285
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
1933
1286
|
# @return [String]
|
1934
1287
|
#
|
1935
1288
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsrRequest AWS API Documentation
|
@@ -1953,14 +1306,6 @@ module Aws::ACMPCA
|
|
1953
1306
|
include Aws::Structure
|
1954
1307
|
end
|
1955
1308
|
|
1956
|
-
# @note When making an API call, you may pass GetCertificateRequest
|
1957
|
-
# data as a hash:
|
1958
|
-
#
|
1959
|
-
# {
|
1960
|
-
# certificate_authority_arn: "Arn", # required
|
1961
|
-
# certificate_arn: "Arn", # required
|
1962
|
-
# }
|
1963
|
-
#
|
1964
1309
|
# @!attribute [rw] certificate_authority_arn
|
1965
1310
|
# The Amazon Resource Name (ARN) that was returned when you called
|
1966
1311
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
@@ -1970,7 +1315,7 @@ module Aws::ACMPCA
|
|
1970
1315
|
#
|
1971
1316
|
#
|
1972
1317
|
#
|
1973
|
-
# [1]: https://docs.aws.amazon.com/
|
1318
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
1974
1319
|
# @return [String]
|
1975
1320
|
#
|
1976
1321
|
# @!attribute [rw] certificate_arn
|
@@ -2009,13 +1354,6 @@ module Aws::ACMPCA
|
|
2009
1354
|
include Aws::Structure
|
2010
1355
|
end
|
2011
1356
|
|
2012
|
-
# @note When making an API call, you may pass GetPolicyRequest
|
2013
|
-
# data as a hash:
|
2014
|
-
#
|
2015
|
-
# {
|
2016
|
-
# resource_arn: "Arn", # required
|
2017
|
-
# }
|
2018
|
-
#
|
2019
1357
|
# @!attribute [rw] resource_arn
|
2020
1358
|
# The Amazon Resource Number (ARN) of the private CA that will have
|
2021
1359
|
# its policy retrieved. You can find the CA's ARN by calling the
|
@@ -2042,15 +1380,6 @@ module Aws::ACMPCA
|
|
2042
1380
|
include Aws::Structure
|
2043
1381
|
end
|
2044
1382
|
|
2045
|
-
# @note When making an API call, you may pass ImportCertificateAuthorityCertificateRequest
|
2046
|
-
# data as a hash:
|
2047
|
-
#
|
2048
|
-
# {
|
2049
|
-
# certificate_authority_arn: "Arn", # required
|
2050
|
-
# certificate: "data", # required
|
2051
|
-
# certificate_chain: "data",
|
2052
|
-
# }
|
2053
|
-
#
|
2054
1383
|
# @!attribute [rw] certificate_authority_arn
|
2055
1384
|
# The Amazon Resource Name (ARN) that was returned when you called
|
2056
1385
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
@@ -2060,7 +1389,7 @@ module Aws::ACMPCA
|
|
2060
1389
|
#
|
2061
1390
|
#
|
2062
1391
|
#
|
2063
|
-
# [1]: https://docs.aws.amazon.com/
|
1392
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
2064
1393
|
# @return [String]
|
2065
1394
|
#
|
2066
1395
|
# @!attribute [rw] certificate
|
@@ -2072,9 +1401,9 @@ module Aws::ACMPCA
|
|
2072
1401
|
# @!attribute [rw] certificate_chain
|
2073
1402
|
# A PEM-encoded file that contains all of your certificates, other
|
2074
1403
|
# than the certificate you're importing, chaining up to your root CA.
|
2075
|
-
# Your
|
2076
|
-
# last in the chain, and each certificate in the
|
2077
|
-
# preceding.
|
1404
|
+
# Your Amazon Web Services Private CA-hosted or on-premises root
|
1405
|
+
# certificate is the last in the chain, and each certificate in the
|
1406
|
+
# chain signs the one preceding.
|
2078
1407
|
#
|
2079
1408
|
# This parameter must be supplied when you import a subordinate CA.
|
2080
1409
|
# When you import a root CA, there is no chain.
|
@@ -2123,7 +1452,7 @@ module Aws::ACMPCA
|
|
2123
1452
|
#
|
2124
1453
|
#
|
2125
1454
|
#
|
2126
|
-
# [1]: https://docs.aws.amazon.com/
|
1455
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
|
2127
1456
|
#
|
2128
1457
|
# @!attribute [rw] message
|
2129
1458
|
# @return [String]
|
@@ -2195,127 +1524,6 @@ module Aws::ACMPCA
|
|
2195
1524
|
include Aws::Structure
|
2196
1525
|
end
|
2197
1526
|
|
2198
|
-
# @note When making an API call, you may pass IssueCertificateRequest
|
2199
|
-
# data as a hash:
|
2200
|
-
#
|
2201
|
-
# {
|
2202
|
-
# api_passthrough: {
|
2203
|
-
# extensions: {
|
2204
|
-
# certificate_policies: [
|
2205
|
-
# {
|
2206
|
-
# cert_policy_id: "CustomObjectIdentifier", # required
|
2207
|
-
# policy_qualifiers: [
|
2208
|
-
# {
|
2209
|
-
# policy_qualifier_id: "CPS", # required, accepts CPS
|
2210
|
-
# qualifier: { # required
|
2211
|
-
# cps_uri: "String256", # required
|
2212
|
-
# },
|
2213
|
-
# },
|
2214
|
-
# ],
|
2215
|
-
# },
|
2216
|
-
# ],
|
2217
|
-
# extended_key_usage: [
|
2218
|
-
# {
|
2219
|
-
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
2220
|
-
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
2221
|
-
# },
|
2222
|
-
# ],
|
2223
|
-
# key_usage: {
|
2224
|
-
# digital_signature: false,
|
2225
|
-
# non_repudiation: false,
|
2226
|
-
# key_encipherment: false,
|
2227
|
-
# data_encipherment: false,
|
2228
|
-
# key_agreement: false,
|
2229
|
-
# key_cert_sign: false,
|
2230
|
-
# crl_sign: false,
|
2231
|
-
# encipher_only: false,
|
2232
|
-
# decipher_only: false,
|
2233
|
-
# },
|
2234
|
-
# subject_alternative_names: [
|
2235
|
-
# {
|
2236
|
-
# other_name: {
|
2237
|
-
# type_id: "CustomObjectIdentifier", # required
|
2238
|
-
# value: "String256", # required
|
2239
|
-
# },
|
2240
|
-
# rfc_822_name: "String256",
|
2241
|
-
# dns_name: "String253",
|
2242
|
-
# directory_name: {
|
2243
|
-
# country: "CountryCodeString",
|
2244
|
-
# organization: "String64",
|
2245
|
-
# organizational_unit: "String64",
|
2246
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
2247
|
-
# state: "String128",
|
2248
|
-
# common_name: "String64",
|
2249
|
-
# serial_number: "ASN1PrintableString64",
|
2250
|
-
# locality: "String128",
|
2251
|
-
# title: "String64",
|
2252
|
-
# surname: "String40",
|
2253
|
-
# given_name: "String16",
|
2254
|
-
# initials: "String5",
|
2255
|
-
# pseudonym: "String128",
|
2256
|
-
# generation_qualifier: "String3",
|
2257
|
-
# custom_attributes: [
|
2258
|
-
# {
|
2259
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
2260
|
-
# value: "String1To256", # required
|
2261
|
-
# },
|
2262
|
-
# ],
|
2263
|
-
# },
|
2264
|
-
# edi_party_name: {
|
2265
|
-
# party_name: "String256", # required
|
2266
|
-
# name_assigner: "String256",
|
2267
|
-
# },
|
2268
|
-
# uniform_resource_identifier: "String253",
|
2269
|
-
# ip_address: "String39",
|
2270
|
-
# registered_id: "CustomObjectIdentifier",
|
2271
|
-
# },
|
2272
|
-
# ],
|
2273
|
-
# custom_extensions: [
|
2274
|
-
# {
|
2275
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
2276
|
-
# value: "Base64String1To4096", # required
|
2277
|
-
# critical: false,
|
2278
|
-
# },
|
2279
|
-
# ],
|
2280
|
-
# },
|
2281
|
-
# subject: {
|
2282
|
-
# country: "CountryCodeString",
|
2283
|
-
# organization: "String64",
|
2284
|
-
# organizational_unit: "String64",
|
2285
|
-
# distinguished_name_qualifier: "ASN1PrintableString64",
|
2286
|
-
# state: "String128",
|
2287
|
-
# common_name: "String64",
|
2288
|
-
# serial_number: "ASN1PrintableString64",
|
2289
|
-
# locality: "String128",
|
2290
|
-
# title: "String64",
|
2291
|
-
# surname: "String40",
|
2292
|
-
# given_name: "String16",
|
2293
|
-
# initials: "String5",
|
2294
|
-
# pseudonym: "String128",
|
2295
|
-
# generation_qualifier: "String3",
|
2296
|
-
# custom_attributes: [
|
2297
|
-
# {
|
2298
|
-
# object_identifier: "CustomObjectIdentifier", # required
|
2299
|
-
# value: "String1To256", # required
|
2300
|
-
# },
|
2301
|
-
# ],
|
2302
|
-
# },
|
2303
|
-
# },
|
2304
|
-
# certificate_authority_arn: "Arn", # required
|
2305
|
-
# csr: "data", # required
|
2306
|
-
# signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
|
2307
|
-
# template_arn: "Arn",
|
2308
|
-
# validity: { # required
|
2309
|
-
# value: 1, # required
|
2310
|
-
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
2311
|
-
# },
|
2312
|
-
# validity_not_before: {
|
2313
|
-
# value: 1, # required
|
2314
|
-
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
2315
|
-
# },
|
2316
|
-
# idempotency_token: "IdempotencyToken",
|
2317
|
-
# }
|
2318
|
-
#
|
2319
1527
|
# @!attribute [rw] api_passthrough
|
2320
1528
|
# Specifies X.509 certificate information to be included in the issued
|
2321
1529
|
# certificate. An `APIPassthrough` or `APICSRPassthrough` template
|
@@ -2324,13 +1532,13 @@ module Aws::ACMPCA
|
|
2324
1532
|
# Certificate Templates][1].
|
2325
1533
|
#
|
2326
1534
|
# If conflicting or duplicate certificate information is supplied
|
2327
|
-
# during certificate issuance,
|
2328
|
-
# operation rules][2] to determine what information is used.
|
1535
|
+
# during certificate issuance, Amazon Web Services Private CA applies
|
1536
|
+
# [order of operation rules][2] to determine what information is used.
|
2329
1537
|
#
|
2330
1538
|
#
|
2331
1539
|
#
|
2332
|
-
# [1]: https://docs.aws.amazon.com/
|
2333
|
-
# [2]: https://docs.aws.amazon.com/
|
1540
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
|
1541
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
|
2334
1542
|
# @return [Types::ApiPassthrough]
|
2335
1543
|
#
|
2336
1544
|
# @!attribute [rw] certificate_authority_arn
|
@@ -2342,7 +1550,7 @@ module Aws::ACMPCA
|
|
2342
1550
|
#
|
2343
1551
|
#
|
2344
1552
|
#
|
2345
|
-
# [1]: https://docs.aws.amazon.com/
|
1553
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
2346
1554
|
# @return [String]
|
2347
1555
|
#
|
2348
1556
|
# @!attribute [rw] csr
|
@@ -2381,22 +1589,22 @@ module Aws::ACMPCA
|
|
2381
1589
|
#
|
2382
1590
|
# @!attribute [rw] template_arn
|
2383
1591
|
# Specifies a custom configuration template to use when issuing a
|
2384
|
-
# certificate. If this parameter is not provided,
|
2385
|
-
# defaults to the `EndEntityCertificate/V1` template. For
|
2386
|
-
# certificates, you should choose the shortest path length that
|
2387
|
-
# your needs. The path length is indicated by the PathLen*N*
|
2388
|
-
# of the ARN, where *N* is the [CA depth][1].
|
1592
|
+
# certificate. If this parameter is not provided, Amazon Web Services
|
1593
|
+
# Private CA defaults to the `EndEntityCertificate/V1` template. For
|
1594
|
+
# CA certificates, you should choose the shortest path length that
|
1595
|
+
# meets your needs. The path length is indicated by the PathLen*N*
|
1596
|
+
# portion of the ARN, where *N* is the [CA depth][1].
|
2389
1597
|
#
|
2390
1598
|
# Note: The CA depth configured on a subordinate CA certificate must
|
2391
1599
|
# not exceed the limit set by its parents in the CA hierarchy.
|
2392
1600
|
#
|
2393
|
-
# For a list of `TemplateArn` values supported by
|
2394
|
-
# [Understanding Certificate Templates][2].
|
1601
|
+
# For a list of `TemplateArn` values supported by Amazon Web Services
|
1602
|
+
# Private CA, see [Understanding Certificate Templates][2].
|
2395
1603
|
#
|
2396
1604
|
#
|
2397
1605
|
#
|
2398
|
-
# [1]: https://docs.aws.amazon.com/
|
2399
|
-
# [2]: https://docs.aws.amazon.com/
|
1606
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaTerms.html#terms-cadepth
|
1607
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
|
2400
1608
|
# @return [String]
|
2401
1609
|
#
|
2402
1610
|
# @!attribute [rw] validity
|
@@ -2428,11 +1636,11 @@ module Aws::ACMPCA
|
|
2428
1636
|
# certificate. This parameter sets the “Not Before" date for the
|
2429
1637
|
# certificate.
|
2430
1638
|
#
|
2431
|
-
# By default, when issuing a certificate,
|
2432
|
-
# "Not Before" date to the issuance time minus 60
|
2433
|
-
# compensates for clock inconsistencies across computer
|
2434
|
-
# `ValidityNotBefore` parameter can be used to customize
|
2435
|
-
# Before” value.
|
1639
|
+
# By default, when issuing a certificate, Amazon Web Services Private
|
1640
|
+
# CA sets the "Not Before" date to the issuance time minus 60
|
1641
|
+
# minutes. This compensates for clock inconsistencies across computer
|
1642
|
+
# systems. The `ValidityNotBefore` parameter can be used to customize
|
1643
|
+
# the “Not Before” value.
|
2436
1644
|
#
|
2437
1645
|
# Unlike the `Validity` parameter, the `ValidityNotBefore` parameter
|
2438
1646
|
# is optional.
|
@@ -2453,10 +1661,11 @@ module Aws::ACMPCA
|
|
2453
1661
|
# the **IssueCertificate** action. Idempotency tokens for
|
2454
1662
|
# **IssueCertificate** time out after one minute. Therefore, if you
|
2455
1663
|
# call **IssueCertificate** multiple times with the same idempotency
|
2456
|
-
# token within one minute,
|
2457
|
-
# requesting only one certificate and will issue only
|
2458
|
-
# change the idempotency token for each call,
|
2459
|
-
# are requesting multiple
|
1664
|
+
# token within one minute, Amazon Web Services Private CA recognizes
|
1665
|
+
# that you are requesting only one certificate and will issue only
|
1666
|
+
# one. If you change the idempotency token for each call, Amazon Web
|
1667
|
+
# Services Private CA recognizes that you are requesting multiple
|
1668
|
+
# certificates.
|
2460
1669
|
# @return [String]
|
2461
1670
|
#
|
2462
1671
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificateRequest AWS API Documentation
|
@@ -2493,21 +1702,6 @@ module Aws::ACMPCA
|
|
2493
1702
|
# Defines one or more purposes for which the key contained in the
|
2494
1703
|
# certificate can be used. Default value for each option is false.
|
2495
1704
|
#
|
2496
|
-
# @note When making an API call, you may pass KeyUsage
|
2497
|
-
# data as a hash:
|
2498
|
-
#
|
2499
|
-
# {
|
2500
|
-
# digital_signature: false,
|
2501
|
-
# non_repudiation: false,
|
2502
|
-
# key_encipherment: false,
|
2503
|
-
# data_encipherment: false,
|
2504
|
-
# key_agreement: false,
|
2505
|
-
# key_cert_sign: false,
|
2506
|
-
# crl_sign: false,
|
2507
|
-
# encipher_only: false,
|
2508
|
-
# decipher_only: false,
|
2509
|
-
# }
|
2510
|
-
#
|
2511
1705
|
# @!attribute [rw] digital_signature
|
2512
1706
|
# Key can be used for digital signing.
|
2513
1707
|
# @return [Boolean]
|
@@ -2560,8 +1754,8 @@ module Aws::ACMPCA
|
|
2560
1754
|
include Aws::Structure
|
2561
1755
|
end
|
2562
1756
|
|
2563
|
-
# An
|
2564
|
-
# returned to determine the quota that was exceeded.
|
1757
|
+
# An Amazon Web Services Private CA quota has been exceeded. See the
|
1758
|
+
# exception message returned to determine the quota that was exceeded.
|
2565
1759
|
#
|
2566
1760
|
# @!attribute [rw] message
|
2567
1761
|
# @return [String]
|
@@ -2574,15 +1768,6 @@ module Aws::ACMPCA
|
|
2574
1768
|
include Aws::Structure
|
2575
1769
|
end
|
2576
1770
|
|
2577
|
-
# @note When making an API call, you may pass ListCertificateAuthoritiesRequest
|
2578
|
-
# data as a hash:
|
2579
|
-
#
|
2580
|
-
# {
|
2581
|
-
# next_token: "NextToken",
|
2582
|
-
# max_results: 1,
|
2583
|
-
# resource_owner: "SELF", # accepts SELF, OTHER_ACCOUNTS
|
2584
|
-
# }
|
2585
|
-
#
|
2586
1771
|
# @!attribute [rw] next_token
|
2587
1772
|
# Use this parameter when paginating results in a subsequent request
|
2588
1773
|
# after you receive a response with truncated results. Set it to the
|
@@ -2632,15 +1817,6 @@ module Aws::ACMPCA
|
|
2632
1817
|
include Aws::Structure
|
2633
1818
|
end
|
2634
1819
|
|
2635
|
-
# @note When making an API call, you may pass ListPermissionsRequest
|
2636
|
-
# data as a hash:
|
2637
|
-
#
|
2638
|
-
# {
|
2639
|
-
# certificate_authority_arn: "Arn", # required
|
2640
|
-
# next_token: "NextToken",
|
2641
|
-
# max_results: 1,
|
2642
|
-
# }
|
2643
|
-
#
|
2644
1820
|
# @!attribute [rw] certificate_authority_arn
|
2645
1821
|
# The Amazon Resource Number (ARN) of the private CA to inspect. You
|
2646
1822
|
# can find the ARN by calling the [ListCertificateAuthorities][1]
|
@@ -2651,7 +1827,7 @@ module Aws::ACMPCA
|
|
2651
1827
|
#
|
2652
1828
|
#
|
2653
1829
|
#
|
2654
|
-
# [1]: https://docs.aws.amazon.com/
|
1830
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
|
2655
1831
|
# @return [String]
|
2656
1832
|
#
|
2657
1833
|
# @!attribute [rw] next_token
|
@@ -2698,15 +1874,6 @@ module Aws::ACMPCA
|
|
2698
1874
|
include Aws::Structure
|
2699
1875
|
end
|
2700
1876
|
|
2701
|
-
# @note When making an API call, you may pass ListTagsRequest
|
2702
|
-
# data as a hash:
|
2703
|
-
#
|
2704
|
-
# {
|
2705
|
-
# certificate_authority_arn: "Arn", # required
|
2706
|
-
# next_token: "NextToken",
|
2707
|
-
# max_results: 1,
|
2708
|
-
# }
|
2709
|
-
#
|
2710
1877
|
# @!attribute [rw] certificate_authority_arn
|
2711
1878
|
# The Amazon Resource Name (ARN) that was returned when you called the
|
2712
1879
|
# [CreateCertificateAuthority][1] action. This must be of the form:
|
@@ -2716,7 +1883,7 @@ module Aws::ACMPCA
|
|
2716
1883
|
#
|
2717
1884
|
#
|
2718
1885
|
#
|
2719
|
-
# [1]: https://docs.aws.amazon.com/
|
1886
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
2720
1887
|
# @return [String]
|
2721
1888
|
#
|
2722
1889
|
# @!attribute [rw] next_token
|
@@ -2809,35 +1976,32 @@ module Aws::ACMPCA
|
|
2809
1976
|
# When you revoke a certificate, OCSP responses may take up to 60
|
2810
1977
|
# minutes to reflect the new status.
|
2811
1978
|
#
|
2812
|
-
# @note When making an API call, you may pass OcspConfiguration
|
2813
|
-
# data as a hash:
|
2814
|
-
#
|
2815
|
-
# {
|
2816
|
-
# enabled: false, # required
|
2817
|
-
# ocsp_custom_cname: "String253",
|
2818
|
-
# }
|
2819
|
-
#
|
2820
1979
|
# @!attribute [rw] enabled
|
2821
1980
|
# Flag enabling use of the Online Certificate Status Protocol (OCSP)
|
2822
1981
|
# for validating certificate revocation status.
|
2823
1982
|
# @return [Boolean]
|
2824
1983
|
#
|
2825
1984
|
# @!attribute [rw] ocsp_custom_cname
|
2826
|
-
# By default,
|
2827
|
-
# into certificates being validated by the Online
|
2828
|
-
# Protocol (OCSP). A customer can alternatively use
|
2829
|
-
# define a CNAME specifying a customized OCSP domain.
|
1985
|
+
# By default, Amazon Web Services Private CA injects an Amazon Web
|
1986
|
+
# Services domain into certificates being validated by the Online
|
1987
|
+
# Certificate Status Protocol (OCSP). A customer can alternatively use
|
1988
|
+
# this object to define a CNAME specifying a customized OCSP domain.
|
2830
1989
|
#
|
2831
|
-
#
|
2832
|
-
#
|
1990
|
+
# <note markdown="1"> The content of a Canonical Name (CNAME) record must conform to
|
1991
|
+
# [RFC2396][1] restrictions on the use of special characters in URIs.
|
1992
|
+
# Additionally, the value of the CNAME must not include a protocol
|
1993
|
+
# prefix such as "http://" or "https://".
|
1994
|
+
#
|
1995
|
+
# </note>
|
2833
1996
|
#
|
2834
1997
|
# For more information, see [Customizing Online Certificate Status
|
2835
|
-
# Protocol (OCSP) ][
|
2836
|
-
# User Guide*.
|
1998
|
+
# Protocol (OCSP) ][2] in the *Amazon Web Services Private Certificate
|
1999
|
+
# Authority User Guide*.
|
2837
2000
|
#
|
2838
2001
|
#
|
2839
2002
|
#
|
2840
|
-
# [1]: https://
|
2003
|
+
# [1]: https://www.ietf.org/rfc/rfc2396.txt
|
2004
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/userguide/ocsp-customize.html
|
2841
2005
|
# @return [String]
|
2842
2006
|
#
|
2843
2007
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/OcspConfiguration AWS API Documentation
|
@@ -2858,14 +2022,6 @@ module Aws::ACMPCA
|
|
2858
2022
|
#
|
2859
2023
|
# [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
|
2860
2024
|
#
|
2861
|
-
# @note When making an API call, you may pass OtherName
|
2862
|
-
# data as a hash:
|
2863
|
-
#
|
2864
|
-
# {
|
2865
|
-
# type_id: "CustomObjectIdentifier", # required
|
2866
|
-
# value: "String256", # required
|
2867
|
-
# }
|
2868
|
-
#
|
2869
2025
|
# @!attribute [rw] type_id
|
2870
2026
|
# Specifies an OID.
|
2871
2027
|
# @return [String]
|
@@ -2894,9 +2050,9 @@ module Aws::ACMPCA
|
|
2894
2050
|
#
|
2895
2051
|
#
|
2896
2052
|
#
|
2897
|
-
# [1]: https://docs.aws.amazon.com/
|
2898
|
-
# [2]: https://docs.aws.amazon.com/
|
2899
|
-
# [3]: https://docs.aws.amazon.com/
|
2053
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html
|
2054
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html
|
2055
|
+
# [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html
|
2900
2056
|
#
|
2901
2057
|
# @!attribute [rw] certificate_authority_arn
|
2902
2058
|
# The Amazon Resource Number (ARN) of the private CA from which the
|
@@ -2953,21 +2109,6 @@ module Aws::ACMPCA
|
|
2953
2109
|
|
2954
2110
|
# Defines the X.509 `CertificatePolicies` extension.
|
2955
2111
|
#
|
2956
|
-
# @note When making an API call, you may pass PolicyInformation
|
2957
|
-
# data as a hash:
|
2958
|
-
#
|
2959
|
-
# {
|
2960
|
-
# cert_policy_id: "CustomObjectIdentifier", # required
|
2961
|
-
# policy_qualifiers: [
|
2962
|
-
# {
|
2963
|
-
# policy_qualifier_id: "CPS", # required, accepts CPS
|
2964
|
-
# qualifier: { # required
|
2965
|
-
# cps_uri: "String256", # required
|
2966
|
-
# },
|
2967
|
-
# },
|
2968
|
-
# ],
|
2969
|
-
# }
|
2970
|
-
#
|
2971
2112
|
# @!attribute [rw] cert_policy_id
|
2972
2113
|
# Specifies the object identifier (OID) of the certificate policy
|
2973
2114
|
# under which the certificate was issued. For more information, see
|
@@ -2979,8 +2120,9 @@ module Aws::ACMPCA
|
|
2979
2120
|
# @return [String]
|
2980
2121
|
#
|
2981
2122
|
# @!attribute [rw] policy_qualifiers
|
2982
|
-
# Modifies the given `CertPolicyId` with a qualifier.
|
2983
|
-
# supports the certification practice statement
|
2123
|
+
# Modifies the given `CertPolicyId` with a qualifier. Amazon Web
|
2124
|
+
# Services Private CA supports the certification practice statement
|
2125
|
+
# (CPS) qualifier.
|
2984
2126
|
# @return [Array<Types::PolicyQualifierInfo>]
|
2985
2127
|
#
|
2986
2128
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyInformation AWS API Documentation
|
@@ -2993,26 +2135,16 @@ module Aws::ACMPCA
|
|
2993
2135
|
end
|
2994
2136
|
|
2995
2137
|
# Modifies the `CertPolicyId` of a `PolicyInformation` object with a
|
2996
|
-
# qualifier.
|
2997
|
-
# statement (CPS) qualifier.
|
2998
|
-
#
|
2999
|
-
# @note When making an API call, you may pass PolicyQualifierInfo
|
3000
|
-
# data as a hash:
|
3001
|
-
#
|
3002
|
-
# {
|
3003
|
-
# policy_qualifier_id: "CPS", # required, accepts CPS
|
3004
|
-
# qualifier: { # required
|
3005
|
-
# cps_uri: "String256", # required
|
3006
|
-
# },
|
3007
|
-
# }
|
2138
|
+
# qualifier. Amazon Web Services Private CA supports the certification
|
2139
|
+
# practice statement (CPS) qualifier.
|
3008
2140
|
#
|
3009
2141
|
# @!attribute [rw] policy_qualifier_id
|
3010
2142
|
# Identifies the qualifier modifying a `CertPolicyId`.
|
3011
2143
|
# @return [String]
|
3012
2144
|
#
|
3013
2145
|
# @!attribute [rw] qualifier
|
3014
|
-
# Defines the qualifier type.
|
3015
|
-
# for a CPS qualifier in this field.
|
2146
|
+
# Defines the qualifier type. Amazon Web Services Private CA supports
|
2147
|
+
# the use of a URI for a CPS qualifier in this field.
|
3016
2148
|
# @return [Types::Qualifier]
|
3017
2149
|
#
|
3018
2150
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyQualifierInfo AWS API Documentation
|
@@ -3024,14 +2156,6 @@ module Aws::ACMPCA
|
|
3024
2156
|
include Aws::Structure
|
3025
2157
|
end
|
3026
2158
|
|
3027
|
-
# @note When making an API call, you may pass PutPolicyRequest
|
3028
|
-
# data as a hash:
|
3029
|
-
#
|
3030
|
-
# {
|
3031
|
-
# resource_arn: "Arn", # required
|
3032
|
-
# policy: "AWSPolicy", # required
|
3033
|
-
# }
|
3034
|
-
#
|
3035
2159
|
# @!attribute [rw] resource_arn
|
3036
2160
|
# The Amazon Resource Number (ARN) of the private CA to associate with
|
3037
2161
|
# the policy. The ARN of the CA can be found by calling the
|
@@ -3041,7 +2165,7 @@ module Aws::ACMPCA
|
|
3041
2165
|
#
|
3042
2166
|
#
|
3043
2167
|
#
|
3044
|
-
# [1]: https://docs.aws.amazon.com/
|
2168
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
|
3045
2169
|
# @return [String]
|
3046
2170
|
#
|
3047
2171
|
# @!attribute [rw] policy
|
@@ -3066,21 +2190,14 @@ module Aws::ACMPCA
|
|
3066
2190
|
include Aws::Structure
|
3067
2191
|
end
|
3068
2192
|
|
3069
|
-
# Defines a `PolicyInformation` qualifier.
|
3070
|
-
# [certification practice statement (CPS) qualifier][1]
|
3071
|
-
# 5280.
|
2193
|
+
# Defines a `PolicyInformation` qualifier. Amazon Web Services Private
|
2194
|
+
# CA supports the [certification practice statement (CPS) qualifier][1]
|
2195
|
+
# defined in RFC 5280.
|
3072
2196
|
#
|
3073
2197
|
#
|
3074
2198
|
#
|
3075
2199
|
# [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
|
3076
2200
|
#
|
3077
|
-
# @note When making an API call, you may pass Qualifier
|
3078
|
-
# data as a hash:
|
3079
|
-
#
|
3080
|
-
# {
|
3081
|
-
# cps_uri: "String256", # required
|
3082
|
-
# }
|
3083
|
-
#
|
3084
2201
|
# @!attribute [rw] cps_uri
|
3085
2202
|
# Contains a pointer to a certification practice statement (CPS)
|
3086
2203
|
# published by the CA.
|
@@ -3147,13 +2264,6 @@ module Aws::ACMPCA
|
|
3147
2264
|
include Aws::Structure
|
3148
2265
|
end
|
3149
2266
|
|
3150
|
-
# @note When making an API call, you may pass RestoreCertificateAuthorityRequest
|
3151
|
-
# data as a hash:
|
3152
|
-
#
|
3153
|
-
# {
|
3154
|
-
# certificate_authority_arn: "Arn", # required
|
3155
|
-
# }
|
3156
|
-
#
|
3157
2267
|
# @!attribute [rw] certificate_authority_arn
|
3158
2268
|
# The Amazon Resource Name (ARN) that was returned when you called the
|
3159
2269
|
# [CreateCertificateAuthority][1] action. This must be of the form:
|
@@ -3163,7 +2273,7 @@ module Aws::ACMPCA
|
|
3163
2273
|
#
|
3164
2274
|
#
|
3165
2275
|
#
|
3166
|
-
# [1]: https://docs.aws.amazon.com/
|
2276
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
3167
2277
|
# @return [String]
|
3168
2278
|
#
|
3169
2279
|
# @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthorityRequest AWS API Documentation
|
@@ -3182,38 +2292,22 @@ module Aws::ACMPCA
|
|
3182
2292
|
# about certificates as requested by clients, and a CRL contains an
|
3183
2293
|
# updated list of certificates revoked by your CA. For more information,
|
3184
2294
|
# see [RevokeCertificate][3] and [Setting up a certificate revocation
|
3185
|
-
# method][4] in the *Private Certificate Authority
|
3186
|
-
#
|
2295
|
+
# method][4] in the *Amazon Web Services Private Certificate Authority
|
2296
|
+
# User Guide*.
|
3187
2297
|
#
|
3188
2298
|
#
|
3189
|
-
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
|
3190
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
|
3191
|
-
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
|
3192
|
-
# [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/revocation-setup.html
|
3193
2299
|
#
|
3194
|
-
#
|
3195
|
-
#
|
3196
|
-
#
|
3197
|
-
#
|
3198
|
-
# crl_configuration: {
|
3199
|
-
# enabled: false, # required
|
3200
|
-
# expiration_in_days: 1,
|
3201
|
-
# custom_cname: "String253",
|
3202
|
-
# s3_bucket_name: "String3To255",
|
3203
|
-
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
3204
|
-
# },
|
3205
|
-
# ocsp_configuration: {
|
3206
|
-
# enabled: false, # required
|
3207
|
-
# ocsp_custom_cname: "String253",
|
3208
|
-
# },
|
3209
|
-
# }
|
2300
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
2301
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
|
2302
|
+
# [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
|
2303
|
+
# [4]: https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html
|
3210
2304
|
#
|
3211
2305
|
# @!attribute [rw] crl_configuration
|
3212
2306
|
# Configuration of the certificate revocation list (CRL), if any,
|
3213
2307
|
# maintained by your private CA. A CRL is typically updated
|
3214
2308
|
# approximately 30 minutes after a certificate is revoked. If for any
|
3215
|
-
# reason a CRL update fails,
|
3216
|
-
# every 15 minutes.
|
2309
|
+
# reason a CRL update fails, Amazon Web Services Private CA makes
|
2310
|
+
# further attempts every 15 minutes.
|
3217
2311
|
# @return [Types::CrlConfiguration]
|
3218
2312
|
#
|
3219
2313
|
# @!attribute [rw] ocsp_configuration
|
@@ -3232,15 +2326,6 @@ module Aws::ACMPCA
|
|
3232
2326
|
include Aws::Structure
|
3233
2327
|
end
|
3234
2328
|
|
3235
|
-
# @note When making an API call, you may pass RevokeCertificateRequest
|
3236
|
-
# data as a hash:
|
3237
|
-
#
|
3238
|
-
# {
|
3239
|
-
# certificate_authority_arn: "Arn", # required
|
3240
|
-
# certificate_serial: "String128", # required
|
3241
|
-
# revocation_reason: "UNSPECIFIED", # required, accepts UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, PRIVILEGE_WITHDRAWN, A_A_COMPROMISE
|
3242
|
-
# }
|
3243
|
-
#
|
3244
2329
|
# @!attribute [rw] certificate_authority_arn
|
3245
2330
|
# Amazon Resource Name (ARN) of the private CA that issued the
|
3246
2331
|
# certificate to be revoked. This must be of the form:
|
@@ -3266,7 +2351,7 @@ module Aws::ACMPCA
|
|
3266
2351
|
#
|
3267
2352
|
#
|
3268
2353
|
#
|
3269
|
-
# [1]: https://docs.aws.amazon.com/
|
2354
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html
|
3270
2355
|
# [2]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
|
3271
2356
|
# @return [String]
|
3272
2357
|
#
|
@@ -3292,16 +2377,8 @@ module Aws::ACMPCA
|
|
3292
2377
|
#
|
3293
2378
|
#
|
3294
2379
|
#
|
3295
|
-
# [1]: https://docs.aws.amazon.com/
|
3296
|
-
# [2]: https://docs.aws.amazon.com/
|
3297
|
-
#
|
3298
|
-
# @note When making an API call, you may pass Tag
|
3299
|
-
# data as a hash:
|
3300
|
-
#
|
3301
|
-
# {
|
3302
|
-
# key: "TagKey", # required
|
3303
|
-
# value: "TagValue",
|
3304
|
-
# }
|
2380
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html
|
2381
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html
|
3305
2382
|
#
|
3306
2383
|
# @!attribute [rw] key
|
3307
2384
|
# Key (name) of the tag.
|
@@ -3320,19 +2397,6 @@ module Aws::ACMPCA
|
|
3320
2397
|
include Aws::Structure
|
3321
2398
|
end
|
3322
2399
|
|
3323
|
-
# @note When making an API call, you may pass TagCertificateAuthorityRequest
|
3324
|
-
# data as a hash:
|
3325
|
-
#
|
3326
|
-
# {
|
3327
|
-
# certificate_authority_arn: "Arn", # required
|
3328
|
-
# tags: [ # required
|
3329
|
-
# {
|
3330
|
-
# key: "TagKey", # required
|
3331
|
-
# value: "TagValue",
|
3332
|
-
# },
|
3333
|
-
# ],
|
3334
|
-
# }
|
3335
|
-
#
|
3336
2400
|
# @!attribute [rw] certificate_authority_arn
|
3337
2401
|
# The Amazon Resource Name (ARN) that was returned when you called
|
3338
2402
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
@@ -3342,7 +2406,7 @@ module Aws::ACMPCA
|
|
3342
2406
|
#
|
3343
2407
|
#
|
3344
2408
|
#
|
3345
|
-
# [1]: https://docs.aws.amazon.com/
|
2409
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
3346
2410
|
# @return [String]
|
3347
2411
|
#
|
3348
2412
|
# @!attribute [rw] tags
|
@@ -3372,19 +2436,6 @@ module Aws::ACMPCA
|
|
3372
2436
|
include Aws::Structure
|
3373
2437
|
end
|
3374
2438
|
|
3375
|
-
# @note When making an API call, you may pass UntagCertificateAuthorityRequest
|
3376
|
-
# data as a hash:
|
3377
|
-
#
|
3378
|
-
# {
|
3379
|
-
# certificate_authority_arn: "Arn", # required
|
3380
|
-
# tags: [ # required
|
3381
|
-
# {
|
3382
|
-
# key: "TagKey", # required
|
3383
|
-
# value: "TagValue",
|
3384
|
-
# },
|
3385
|
-
# ],
|
3386
|
-
# }
|
3387
|
-
#
|
3388
2439
|
# @!attribute [rw] certificate_authority_arn
|
3389
2440
|
# The Amazon Resource Name (ARN) that was returned when you called
|
3390
2441
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
@@ -3394,7 +2445,7 @@ module Aws::ACMPCA
|
|
3394
2445
|
#
|
3395
2446
|
#
|
3396
2447
|
#
|
3397
|
-
# [1]: https://docs.aws.amazon.com/
|
2448
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
|
3398
2449
|
# @return [String]
|
3399
2450
|
#
|
3400
2451
|
# @!attribute [rw] tags
|
@@ -3410,27 +2461,6 @@ module Aws::ACMPCA
|
|
3410
2461
|
include Aws::Structure
|
3411
2462
|
end
|
3412
2463
|
|
3413
|
-
# @note When making an API call, you may pass UpdateCertificateAuthorityRequest
|
3414
|
-
# data as a hash:
|
3415
|
-
#
|
3416
|
-
# {
|
3417
|
-
# certificate_authority_arn: "Arn", # required
|
3418
|
-
# revocation_configuration: {
|
3419
|
-
# crl_configuration: {
|
3420
|
-
# enabled: false, # required
|
3421
|
-
# expiration_in_days: 1,
|
3422
|
-
# custom_cname: "String253",
|
3423
|
-
# s3_bucket_name: "String3To255",
|
3424
|
-
# s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
|
3425
|
-
# },
|
3426
|
-
# ocsp_configuration: {
|
3427
|
-
# enabled: false, # required
|
3428
|
-
# ocsp_custom_cname: "String253",
|
3429
|
-
# },
|
3430
|
-
# },
|
3431
|
-
# status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
|
3432
|
-
# }
|
3433
|
-
#
|
3434
2464
|
# @!attribute [rw] certificate_authority_arn
|
3435
2465
|
# Amazon Resource Name (ARN) of the private CA that issued the
|
3436
2466
|
# certificate to be revoked. This must be of the form:
|
@@ -3447,10 +2477,31 @@ module Aws::ACMPCA
|
|
3447
2477
|
# information, see the [OcspConfiguration][1] and
|
3448
2478
|
# [CrlConfiguration][2] types.
|
3449
2479
|
#
|
2480
|
+
# <note markdown="1"> The following requirements apply to revocation configurations.
|
2481
|
+
#
|
2482
|
+
# * A configuration disabling CRLs or OCSP must contain only the
|
2483
|
+
# `Enabled=False` parameter, and will fail if other parameters such
|
2484
|
+
# as `CustomCname` or `ExpirationInDays` are included.
|
2485
|
+
#
|
2486
|
+
# * In a CRL configuration, the `S3BucketName` parameter must conform
|
2487
|
+
# to [Amazon S3 bucket naming rules][3].
|
2488
|
+
#
|
2489
|
+
# * A configuration containing a custom Canonical Name (CNAME)
|
2490
|
+
# parameter for CRLs or OCSP must conform to [RFC2396][4]
|
2491
|
+
# restrictions on the use of special characters in a CNAME.
|
3450
2492
|
#
|
2493
|
+
# * In a CRL or OCSP configuration, the value of a CNAME parameter
|
2494
|
+
# must not include a protocol prefix such as "http://" or
|
2495
|
+
# "https://".
|
3451
2496
|
#
|
3452
|
-
#
|
3453
|
-
#
|
2497
|
+
# </note>
|
2498
|
+
#
|
2499
|
+
#
|
2500
|
+
#
|
2501
|
+
# [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
|
2502
|
+
# [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
|
2503
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
|
2504
|
+
# [4]: https://www.ietf.org/rfc/rfc2396.txt
|
3454
2505
|
# @return [Types::RevocationConfiguration]
|
3455
2506
|
#
|
3456
2507
|
# @!attribute [rw] status
|
@@ -3473,34 +2524,26 @@ module Aws::ACMPCA
|
|
3473
2524
|
# after issuance, stated in days, months, or years. For more
|
3474
2525
|
# information, see [Validity][1] in RFC 5280.
|
3475
2526
|
#
|
3476
|
-
#
|
3477
|
-
# two distinct parameters of the `IssueCertificate`
|
3478
|
-
# parameter `IssueCertificate`\:`Validity`
|
3479
|
-
# certificate's validity period. The optional
|
3480
|
-
# `IssueCertificate`\:`ValidityNotBefore` specifies a
|
3481
|
-
# starting time for the validity period.
|
2527
|
+
# Amazon Web Services Private CA API consumes the `Validity` data type
|
2528
|
+
# differently in two distinct parameters of the `IssueCertificate`
|
2529
|
+
# action. The required parameter `IssueCertificate`\:`Validity`
|
2530
|
+
# specifies the end of a certificate's validity period. The optional
|
2531
|
+
# parameter `IssueCertificate`\:`ValidityNotBefore` specifies a
|
2532
|
+
# customized starting time for the validity period.
|
3482
2533
|
#
|
3483
2534
|
#
|
3484
2535
|
#
|
3485
2536
|
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
3486
2537
|
#
|
3487
|
-
# @note When making an API call, you may pass Validity
|
3488
|
-
# data as a hash:
|
3489
|
-
#
|
3490
|
-
# {
|
3491
|
-
# value: 1, # required
|
3492
|
-
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
3493
|
-
# }
|
3494
|
-
#
|
3495
2538
|
# @!attribute [rw] value
|
3496
2539
|
# A long integer interpreted according to the value of `Type`, below.
|
3497
2540
|
# @return [Integer]
|
3498
2541
|
#
|
3499
2542
|
# @!attribute [rw] type
|
3500
|
-
# Determines how *
|
3501
|
-
# integer. Supported validity types include
|
3502
|
-
# definitions with values include a sample
|
3503
|
-
# resulting output.
|
2543
|
+
# Determines how *Amazon Web Services Private CA* interprets the
|
2544
|
+
# `Value` parameter, an integer. Supported validity types include
|
2545
|
+
# those listed below. Type definitions with values include a sample
|
2546
|
+
# input value and the resulting output.
|
3504
2547
|
#
|
3505
2548
|
# `END_DATE`\: The specific date and time when the certificate will
|
3506
2549
|
# expire, expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime
|