Copyright | (c) 2013-2018 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- Errors
- InvalidTagException
- MalformedCSRException
- RequestAlreadyProcessedException
- MalformedCertificateException
- RequestFailedException
- CertificateMismatchException
- TooManyTagsException
- InvalidArgsException
- RequestInProgressException
- ConcurrentModificationException
- InvalidNextTokenException
- InvalidARNException
- InvalidPolicyException
- ResourceNotFoundException
- InvalidStateException
- LimitExceededException
- Waiters
- Operations
- ImportCertificateAuthorityCertificate
- DescribeCertificateAuthorityAuditReport
- RevokeCertificate
- UpdateCertificateAuthority
- DeleteCertificateAuthority
- GetCertificateAuthorityCSR
- CreateCertificateAuthority
- ListCertificateAuthorities
- GetCertificate
- TagCertificateAuthority
- DescribeCertificateAuthority
- IssueCertificate
- GetCertificateAuthorityCertificate
- UntagCertificateAuthority
- CreateCertificateAuthorityAuditReport
- ListTags
- Types
You can use the ACM PCA API to create a private certificate authority (CA). You must first call the CreateCertificateAuthority
function. If successful, the function returns an Amazon Resource Name (ARN) for your private CA. Use this ARN as input to the GetCertificateAuthorityCsr
function to retrieve the certificate signing request (CSR) for your private CA certificate. Sign the CSR using the root or an intermediate CA in your on-premises PKI hierarchy, and call the ImportCertificateAuthorityCertificate
to import your signed private CA certificate into ACM PCA.
Use your private CA to issue and revoke certificates. These are private certificates that identify and secure client computers, servers, applications, services, devices, and users over SSLS/TLS connections within your organization. Call the IssueCertificate
function to issue a certificate. Call the RevokeCertificate
function to revoke a certificate.
Your private CA can optionally create a certificate revocation list (CRL) to track the certificates you revoke. To create a CRL, you must specify a RevocationConfiguration
object when you call the CreateCertificateAuthority
function. ACM PCA writes the CRL to an S3 bucket that you specify. You must specify a bucket policy that grants ACM PCA write permission.
You can also call the CreateCertificateAuthorityAuditReport
to create an optional audit report that lists every time the CA private key is used. The private key is used for signing when the IssueCertificate or RevokeCertificate function is called.
- certificateManagerPCA :: Service
- _InvalidTagException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedCSRException :: AsError a => Getting (First ServiceError) a ServiceError
- _RequestAlreadyProcessedException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError
- _RequestFailedException :: AsError a => Getting (First ServiceError) a ServiceError
- _CertificateMismatchException :: AsError a => Getting (First ServiceError) a ServiceError
- _TooManyTagsException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidArgsException :: AsError a => Getting (First ServiceError) a ServiceError
- _RequestInProgressException :: AsError a => Getting (First ServiceError) a ServiceError
- _ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidNextTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidPolicyException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- module Network.AWS.CertificateManagerPCA.ImportCertificateAuthorityCertificate
- module Network.AWS.CertificateManagerPCA.DescribeCertificateAuthorityAuditReport
- module Network.AWS.CertificateManagerPCA.RevokeCertificate
- module Network.AWS.CertificateManagerPCA.UpdateCertificateAuthority
- module Network.AWS.CertificateManagerPCA.DeleteCertificateAuthority
- module Network.AWS.CertificateManagerPCA.GetCertificateAuthorityCSR
- module Network.AWS.CertificateManagerPCA.CreateCertificateAuthority
- module Network.AWS.CertificateManagerPCA.ListCertificateAuthorities
- module Network.AWS.CertificateManagerPCA.GetCertificate
- module Network.AWS.CertificateManagerPCA.TagCertificateAuthority
- module Network.AWS.CertificateManagerPCA.DescribeCertificateAuthority
- module Network.AWS.CertificateManagerPCA.IssueCertificate
- module Network.AWS.CertificateManagerPCA.GetCertificateAuthorityCertificate
- module Network.AWS.CertificateManagerPCA.UntagCertificateAuthority
- module Network.AWS.CertificateManagerPCA.CreateCertificateAuthorityAuditReport
- module Network.AWS.CertificateManagerPCA.ListTags
- data AuditReportResponseFormat
- data AuditReportStatus
- data CertificateAuthorityStatus
- data CertificateAuthorityType = Subordinate
- data FailureReason
- data KeyAlgorithm
- data RevocationReason
- data SigningAlgorithm
- data ValidityPeriodType
- data ASN1Subject
- asn1Subject :: ASN1Subject
- asGivenName :: Lens' ASN1Subject (Maybe Text)
- asState :: Lens' ASN1Subject (Maybe Text)
- asCommonName :: Lens' ASN1Subject (Maybe Text)
- asOrganizationalUnit :: Lens' ASN1Subject (Maybe Text)
- asCountry :: Lens' ASN1Subject (Maybe Text)
- asGenerationQualifier :: Lens' ASN1Subject (Maybe Text)
- asLocality :: Lens' ASN1Subject (Maybe Text)
- asPseudonym :: Lens' ASN1Subject (Maybe Text)
- asInitials :: Lens' ASN1Subject (Maybe Text)
- asTitle :: Lens' ASN1Subject (Maybe Text)
- asOrganization :: Lens' ASN1Subject (Maybe Text)
- asSerialNumber :: Lens' ASN1Subject (Maybe Text)
- asSurname :: Lens' ASN1Subject (Maybe Text)
- asDistinguishedNameQualifier :: Lens' ASN1Subject (Maybe Text)
- data CertificateAuthority
- certificateAuthority :: CertificateAuthority
- caStatus :: Lens' CertificateAuthority (Maybe CertificateAuthorityStatus)
- caFailureReason :: Lens' CertificateAuthority (Maybe FailureReason)
- caCertificateAuthorityConfiguration :: Lens' CertificateAuthority (Maybe CertificateAuthorityConfiguration)
- caARN :: Lens' CertificateAuthority (Maybe Text)
- caCreatedAt :: Lens' CertificateAuthority (Maybe UTCTime)
- caSerial :: Lens' CertificateAuthority (Maybe Text)
- caNotBefore :: Lens' CertificateAuthority (Maybe UTCTime)
- caType :: Lens' CertificateAuthority (Maybe CertificateAuthorityType)
- caRevocationConfiguration :: Lens' CertificateAuthority (Maybe RevocationConfiguration)
- caLastStateChangeAt :: Lens' CertificateAuthority (Maybe UTCTime)
- caNotAfter :: Lens' CertificateAuthority (Maybe UTCTime)
- data CertificateAuthorityConfiguration
- certificateAuthorityConfiguration :: KeyAlgorithm -> SigningAlgorithm -> ASN1Subject -> CertificateAuthorityConfiguration
- cacKeyAlgorithm :: Lens' CertificateAuthorityConfiguration KeyAlgorithm
- cacSigningAlgorithm :: Lens' CertificateAuthorityConfiguration SigningAlgorithm
- cacSubject :: Lens' CertificateAuthorityConfiguration ASN1Subject
- data CrlConfiguration
- crlConfiguration :: Bool -> CrlConfiguration
- ccCustomCname :: Lens' CrlConfiguration (Maybe Text)
- ccExpirationInDays :: Lens' CrlConfiguration (Maybe Natural)
- ccS3BucketName :: Lens' CrlConfiguration (Maybe Text)
- ccEnabled :: Lens' CrlConfiguration Bool
- data RevocationConfiguration
- revocationConfiguration :: RevocationConfiguration
- rcCrlConfiguration :: Lens' RevocationConfiguration (Maybe CrlConfiguration)
- data Tag
- tag :: Text -> Tag
- tagValue :: Lens' Tag (Maybe Text)
- tagKey :: Lens' Tag Text
- data Validity
- validity :: Natural -> ValidityPeriodType -> Validity
- vValue :: Lens' Validity Natural
- vType :: Lens' Validity ValidityPeriodType
Service Configuration
certificateManagerPCA :: Service Source #
API version 2017-08-22
of the Amazon Certificate Manager Private Certificate Authority SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by CertificateManagerPCA
.
InvalidTagException
_InvalidTagException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The tag associated with the CA is not valid. The invalid argument is contained in the message field.
MalformedCSRException
_MalformedCSRException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The certificate signing request is invalid.
RequestAlreadyProcessedException
_RequestAlreadyProcessedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Your request has already been completed.
MalformedCertificateException
_MalformedCertificateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
One or more fields in the certificate are invalid.
RequestFailedException
_RequestFailedException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request has failed for an unspecified reason.
CertificateMismatchException
_CertificateMismatchException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The certificate authority certificate you are importing does not comply with conditions specified in the certificate that signed it.
TooManyTagsException
_TooManyTagsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
You can associate up to 50 tags with a private CA. Exception information is contained in the exception message field.
InvalidArgsException
_InvalidArgsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
One or more of the specified arguments was not valid.
RequestInProgressException
_RequestInProgressException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Your request is already in progress.
ConcurrentModificationException
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
A previous update to your private CA is still ongoing.
InvalidNextTokenException
_InvalidNextTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The token specified in the NextToken
argument is not valid. Use the token returned from your previous call to ListCertificateAuthorities
.
InvalidARNException
_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The requested Amazon Resource Name (ARN) does not refer to an existing resource.
InvalidPolicyException
_InvalidPolicyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The S3 bucket policy is not valid. The policy must give ACM PCA rights to read from and write to the bucket and find the bucket location.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
A resource such as a private CA, S3 bucket, certificate, or audit report cannot be found.
InvalidStateException
_InvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The private CA is in a state during which a report cannot be generated.
LimitExceededException
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
An ACM PCA limit has been exceeded. See the exception message returned to determine the limit that was exceeded.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
ImportCertificateAuthorityCertificate
DescribeCertificateAuthorityAuditReport
RevokeCertificate
UpdateCertificateAuthority
DeleteCertificateAuthority
GetCertificateAuthorityCSR
CreateCertificateAuthority
ListCertificateAuthorities
GetCertificate
TagCertificateAuthority
DescribeCertificateAuthority
IssueCertificate
GetCertificateAuthorityCertificate
UntagCertificateAuthority
CreateCertificateAuthorityAuditReport
ListTags
Types
AuditReportResponseFormat
data AuditReportResponseFormat Source #
AuditReportStatus
data AuditReportStatus Source #
CertificateAuthorityStatus
data CertificateAuthorityStatus Source #
CertificateAuthorityType
data CertificateAuthorityType Source #
FailureReason
data FailureReason Source #
KeyAlgorithm
data KeyAlgorithm Source #
RevocationReason
data RevocationReason Source #
AACompromise | |
AffiliationChanged | |
CertificateAuthorityCompromise | |
CessationOfOperation | |
KeyCompromise | |
PrivilegeWithdrawn | |
Superseded | |
Unspecified |
SigningAlgorithm
data SigningAlgorithm Source #
ValidityPeriodType
data ValidityPeriodType Source #
ASN1Subject
data ASN1Subject Source #
Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
See: asn1Subject
smart constructor.
asn1Subject :: ASN1Subject Source #
Creates a value of ASN1Subject
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
asGivenName
- First name.asState
- State in which the subject of the certificate is located.asCommonName
- Fully qualified domain name (FQDN) associated with the certificate subject.asOrganizationalUnit
- A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.asCountry
- Two digit code that specifies the country in which the certificate subject located.asGenerationQualifier
- Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.asLocality
- The locality (such as a city or town) in which the certificate subject is located.asPseudonym
- Typically a shortened version of a longer GivenName . For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.asInitials
- Concatenation that typically contains the first letter of the GivenName , the first letter of the middle name if one exists, and the first letter of the SurName .asTitle
- A title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject.asOrganization
- Legal name of the organization with which the certificate subject is affiliated.asSerialNumber
- The certificate serial number.asSurname
- Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.asDistinguishedNameQualifier
- Disambiguating information for the certificate subject.
asGivenName :: Lens' ASN1Subject (Maybe Text) Source #
First name.
asState :: Lens' ASN1Subject (Maybe Text) Source #
State in which the subject of the certificate is located.
asCommonName :: Lens' ASN1Subject (Maybe Text) Source #
Fully qualified domain name (FQDN) associated with the certificate subject.
asOrganizationalUnit :: Lens' ASN1Subject (Maybe Text) Source #
A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
asCountry :: Lens' ASN1Subject (Maybe Text) Source #
Two digit code that specifies the country in which the certificate subject located.
asGenerationQualifier :: Lens' ASN1Subject (Maybe Text) Source #
Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
asLocality :: Lens' ASN1Subject (Maybe Text) Source #
The locality (such as a city or town) in which the certificate subject is located.
asPseudonym :: Lens' ASN1Subject (Maybe Text) Source #
Typically a shortened version of a longer GivenName . For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
asInitials :: Lens' ASN1Subject (Maybe Text) Source #
Concatenation that typically contains the first letter of the GivenName , the first letter of the middle name if one exists, and the first letter of the SurName .
asTitle :: Lens' ASN1Subject (Maybe Text) Source #
A title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject.
asOrganization :: Lens' ASN1Subject (Maybe Text) Source #
Legal name of the organization with which the certificate subject is affiliated.
asSerialNumber :: Lens' ASN1Subject (Maybe Text) Source #
The certificate serial number.
asSurname :: Lens' ASN1Subject (Maybe Text) Source #
Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
asDistinguishedNameQualifier :: Lens' ASN1Subject (Maybe Text) Source #
Disambiguating information for the certificate subject.
CertificateAuthority
data CertificateAuthority Source #
Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the Subject Public Key Info field. Call the CreateCertificateAuthority
function to create your private CA. You must then call the GetCertificateAuthorityCertificate
function to retrieve a private CA certificate signing request (CSR). Take the CSR to your on-premises CA and sign it with the root CA certificate or a subordinate certificate. Call the ImportCertificateAuthorityCertificate
function to import the signed certificate into AWS Certificate Manager (ACM).
See: certificateAuthority
smart constructor.
certificateAuthority :: CertificateAuthority Source #
Creates a value of CertificateAuthority
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
caStatus
- Status of your private CA.caFailureReason
- Reason the request to create your private CA failed.caCertificateAuthorityConfiguration
- Your private CA configuration.caARN
- Amazon Resource Name (ARN) for your private certificate authority (CA). The format is12345678-1234-1234-1234-123456789012
.caCreatedAt
- Date and time at which your private CA was created.caSerial
- Serial number of your private CA.caNotBefore
- Date and time before which your private CA certificate is not valid.caType
- Type of your private CA.caRevocationConfiguration
- Information about the certificate revocation list (CRL) created and maintained by your private CA.caLastStateChangeAt
- Date and time at which your private CA was last updated.caNotAfter
- Date and time after which your private CA certificate is not valid.
caStatus :: Lens' CertificateAuthority (Maybe CertificateAuthorityStatus) Source #
Status of your private CA.
caFailureReason :: Lens' CertificateAuthority (Maybe FailureReason) Source #
Reason the request to create your private CA failed.
caCertificateAuthorityConfiguration :: Lens' CertificateAuthority (Maybe CertificateAuthorityConfiguration) Source #
Your private CA configuration.
caARN :: Lens' CertificateAuthority (Maybe Text) Source #
Amazon Resource Name (ARN) for your private certificate authority (CA). The format is 12345678-1234-1234-1234-123456789012
.
caCreatedAt :: Lens' CertificateAuthority (Maybe UTCTime) Source #
Date and time at which your private CA was created.
caNotBefore :: Lens' CertificateAuthority (Maybe UTCTime) Source #
Date and time before which your private CA certificate is not valid.
caType :: Lens' CertificateAuthority (Maybe CertificateAuthorityType) Source #
Type of your private CA.
caRevocationConfiguration :: Lens' CertificateAuthority (Maybe RevocationConfiguration) Source #
Information about the certificate revocation list (CRL) created and maintained by your private CA.
caLastStateChangeAt :: Lens' CertificateAuthority (Maybe UTCTime) Source #
Date and time at which your private CA was last updated.
caNotAfter :: Lens' CertificateAuthority (Maybe UTCTime) Source #
Date and time after which your private CA certificate is not valid.
CertificateAuthorityConfiguration
data CertificateAuthorityConfiguration Source #
Contains configuration information for your private certificate authority (CA). This includes information about the class of public key algorithm and the key pair that your private CA creates when it issues a certificate, the signature algorithm it uses used when issuing certificates, and its X.500 distinguished name. You must specify this information when you call the CreateCertificateAuthority
function.
See: certificateAuthorityConfiguration
smart constructor.
certificateAuthorityConfiguration Source #
Creates a value of CertificateAuthorityConfiguration
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cacKeyAlgorithm
- Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate.cacSigningAlgorithm
- Name of the algorithm your private CA uses to sign certificate requests.cacSubject
- Structure that contains X.500 distinguished name information for your private CA.
cacKeyAlgorithm :: Lens' CertificateAuthorityConfiguration KeyAlgorithm Source #
Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate.
cacSigningAlgorithm :: Lens' CertificateAuthorityConfiguration SigningAlgorithm Source #
Name of the algorithm your private CA uses to sign certificate requests.
cacSubject :: Lens' CertificateAuthorityConfiguration ASN1Subject Source #
Structure that contains X.500 distinguished name information for your private CA.
CrlConfiguration
data CrlConfiguration Source #
Contains configuration information for a certificate revocation list (CRL). Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the Enabled parameter to true
. Your private CA writes CRLs to an S3 bucket that you specify in the S3BucketName parameter. You can hide the name of your bucket by specifying a value for the CustomCname parameter. Your private CA copies the CNAME or the S3 bucket name to the CRL Distribution Points extension of each certificate it issues. Your S3 bucket policy must give write permission to ACM PCA.
Your private CA uses the value in the ExpirationInDays parameter to calculate the nextUpdate field in the CRL. The CRL is refreshed at 1/2 the age of next update or when a certificate is revoked. When a certificate is revoked, it is recorded in the next CRL that is generated and in the next audit report. Only time valid certificates are listed in the CRL. Expired certificates are not included.
CRLs contain the following fields:
- Version : The current version number defined in RFC 5280 is V2. The integer value is 0x1.
- Signature Algorithm : The name of the algorithm used to sign the CRL.
- Issuer : The X.500 distinguished name of your private CA that issued the CRL.
- Last Update : The issue date and time of this CRL.
- Next Update : The day and time by which the next CRL will be issued.
- Revoked Certificates : List of revoked certificates. Each list item contains the following information.
- Serial Number : The serial number, in hexadecimal format, of the revoked certificate.
- Revocation Date : Date and time the certificate was revoked.
- CRL Entry Extensions : Optional extensions for the CRL entry.
- X509v3 CRL Reason Code : Reason the certificate was revoked.
- CRL Extensions : Optional extensions for the CRL.
- X509v3 Authority Key Identifier : Identifies the public key associated with the private key used to sign the certificate.
- X509v3 CRL Number: : Decimal sequence number for the CRL.
- Signature Algorithm : Algorithm used by your private CA to sign the CRL.
- Signature Value : Signature computed over the CRL.
Certificate revocation lists created by ACM PCA are DER-encoded. You can use the following OpenSSL command to list a CRL.
openssl crl -inform DER -text -in crl_path -noout
See: crlConfiguration
smart constructor.
Creates a value of CrlConfiguration
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ccCustomCname
- Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.ccExpirationInDays
- Number of days until a certificate expires.ccS3BucketName
- Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling theUpdateCertificateAuthority
function. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket.ccEnabled
- Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call theCreateCertificateAuthority
function or for an existing CA when you call theUpdateCertificateAuthority
function.
ccCustomCname :: Lens' CrlConfiguration (Maybe Text) Source #
Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.
ccExpirationInDays :: Lens' CrlConfiguration (Maybe Natural) Source #
Number of days until a certificate expires.
ccS3BucketName :: Lens' CrlConfiguration (Maybe Text) Source #
Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority
function. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket.
ccEnabled :: Lens' CrlConfiguration Bool Source #
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority
function or for an existing CA when you call the UpdateCertificateAuthority
function.
RevocationConfiguration
data RevocationConfiguration Source #
Certificate revocation information used by the CreateCertificateAuthority
and UpdateCertificateAuthority
functions. Your private certificate authority (CA) can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates revoked by your CA. For more information, see RevokeCertificate
.
See: revocationConfiguration
smart constructor.
revocationConfiguration :: RevocationConfiguration Source #
Creates a value of RevocationConfiguration
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rcCrlConfiguration
- Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
rcCrlConfiguration :: Lens' RevocationConfiguration (Maybe CrlConfiguration) Source #
Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
Tag
Tags are labels that you can use to identify and organize your private CAs. Each tag consists of a key and an optional value. You can associate up to 50 tags with a private CA. To add one or more tags to a private CA, call the TagCertificateAuthority
function. To remove a tag, call the UntagCertificateAuthority
function.
See: tag
smart constructor.
Validity
Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years. You can issue a certificate by calling the IssueCertificate
function.
See: validity
smart constructor.