Package-level declarations

Types

Link copied to clipboard

Provides access information used by the authorityInfoAccess and subjectInfoAccess extensions described in RFC 5280.

Link copied to clipboard

Describes the type and format of extension access. Only one of CustomObjectIdentifier or AccessMethodType may be provided. Providing both results in InvalidArgsException.

Link copied to clipboard
sealed class AccessMethodType
Link copied to clipboard

Base class for all service related exceptions thrown by the AcmPca client

Link copied to clipboard
sealed class ActionType
Link copied to clipboard

Contains X.509 certificate information to be placed in an issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.

Link copied to clipboard

Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

Link copied to clipboard
Link copied to clipboard
sealed class AuditReportStatus
Link copied to clipboard

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority action to create your private CA. You must then call the GetCertificateAuthorityCertificate action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises root or subordinate CA certificate. Call the ImportCertificateAuthorityCertificate action to import the signed certificate into Certificate Manager (ACM).

Link copied to clipboard

Contains configuration information for your private certificate authority (CA). This includes information about the class of public key algorithm and the key pair that your private CA creates when it issues a certificate. It also includes the signature algorithm that it uses when issuing certificates, and its X.500 distinguished name. You must specify this information when you call the CreateCertificateAuthority action.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard

The certificate authority certificate you are importing does not comply with conditions specified in the certificate that signed it.

Link copied to clipboard

A previous update to your private CA is still ongoing.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard

Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the Enabled parameter to true. Your private CA writes CRLs to an S3 bucket that you specify in the S3BucketName parameter. You can hide the name of your bucket by specifying a value for the CustomCname parameter. Your private CA by default copies the CNAME or the S3 bucket name to the CRL Distribution Points extension of each certificate it issues. If you want to configure this default behavior to be something different, you can set the CrlDistributionPointExtensionConfiguration parameter. Your S3 bucket policy must give write permission to Amazon Web Services Private CA.

Contains configuration information for the default behavior of the CRL Distribution Point (CDP) extension in certificates issued by your CA. This extension contains a link to download the CRL, so you can check whether a certificate has been revoked. To choose whether you want this extension omitted or not in certificates issued by your CA, you can set the OmitExtension parameter.

Link copied to clipboard
sealed class CrlType
Link copied to clipboard

Describes the certificate extensions to be added to the certificate signing request (CSR).

Link copied to clipboard

Defines the X.500 relative distinguished name (RDN).

Link copied to clipboard

Specifies the X.509 extension information for a certificate.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard

Describes an Electronic Data Interchange (EDI) entity as described in as defined in Subject Alternative Name in RFC 5280.

Link copied to clipboard

Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.

Link copied to clipboard
Link copied to clipboard

Contains X.509 extension information for a certificate.

Link copied to clipboard
sealed class FailureReason
Link copied to clipboard

Describes an ASN.1 X.400 GeneralName as defined in RFC 5280. Only one of the following naming options should be provided. Providing more than one option results in an InvalidArgsException error.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard

One or more of the specified arguments was not valid.

Link copied to clipboard

The requested Amazon Resource Name (ARN) does not refer to an existing resource.

Link copied to clipboard

The token specified in the NextToken argument is not valid. Use the token returned from your previous call to ListCertificateAuthorities.

Link copied to clipboard

The resource policy is invalid or is missing a required statement. For general information about IAM policy and statement structure, see Overview of JSON Policies.

Link copied to clipboard

The request action cannot be performed or is prohibited.

Link copied to clipboard

The state of the private CA does not allow this action to occur.

Link copied to clipboard

The tag associated with the CA is not valid. The invalid argument is contained in the message field.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
sealed class KeyAlgorithm
Link copied to clipboard
Link copied to clipboard
class KeyUsage

Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.

Link copied to clipboard

An Amazon Web Services Private CA quota has been exceeded. See the exception message returned to determine the quota that was exceeded.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard

The current action was prevented because it would lock the caller out from performing subsequent actions. Verify that the specified parameters would not result in the caller being denied access to the resource.

Link copied to clipboard

One or more fields in the certificate are invalid.

Link copied to clipboard

The certificate signing request is invalid.

Link copied to clipboard

Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

Link copied to clipboard
class OtherName

Defines a custom ASN.1 X.400 GeneralName using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of Object Identifier (OID).

Link copied to clipboard

Permissions designate which private CA actions can be performed by an Amazon Web Services service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (IssueCertificate, GetCertificate, and ListPermissions). Permissions can be assigned with the CreatePermission action, removed with the DeletePermission action, and listed with the ListPermissions action.

Link copied to clipboard

The designated permission has already been given to the user.

Link copied to clipboard

Defines the X.509 CertificatePolicies extension.

Link copied to clipboard
sealed class PolicyQualifierId
Link copied to clipboard

Modifies the CertPolicyId of a PolicyInformation object with a qualifier. Amazon Web Services Private CA supports the certification practice statement (CPS) qualifier.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
class Qualifier

Defines a PolicyInformation qualifier. Amazon Web Services Private CA supports the certification practice statement (CPS) qualifier defined in RFC 5280.

Link copied to clipboard

Your request has already been completed.

Link copied to clipboard

The request has failed for an unspecified reason.

Link copied to clipboard

Your request is already in progress.

Link copied to clipboard

A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot be found.

Link copied to clipboard
sealed class ResourceOwner
Link copied to clipboard

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate and Setting up a certificate revocation method in the Amazon Web Services Private Certificate Authority User Guide.

Link copied to clipboard
sealed class RevocationReason
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
sealed class S3ObjectAcl
Link copied to clipboard
sealed class SigningAlgorithm
Link copied to clipboard
class Tag

Tags are labels that you can use to identify and organize your private CAs. Each tag consists of a key and an optional value. You can associate up to 50 tags with a private CA. To add one or more tags to a private CA, call the TagCertificateAuthority action. To remove a tag, call the UntagCertificateAuthority action.

Link copied to clipboard

You can associate up to 50 tags with a private CA. Exception information is contained in the exception message field.

Link copied to clipboard
class Validity

Validity specifies the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the validity of a certificate starts or expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280.

Link copied to clipboard
sealed class ValidityPeriodType