class Aws::ACMPCA::Types::CertificateAuthority

Contains information about your private certificate authority (CA). Your private CA can issue and revoke X.509 digital certificates. Digital certificates verify that the entity named in the certificate Subject field owns or controls the public key contained in the **Subject Public Key Info** field. Call the

CreateCertificateAuthority][1

action to create your private CA. You

must then call the [GetCertificateAuthorityCertificate] action to retrieve a private CA certificate signing request (CSR). Sign the CSR with your ACM Private CA-hosted or on-premises root or subordinate CA certificate. Call the [ImportCertificateAuthorityCertificate] action to import the signed certificate into AWS Certificate Manager (ACM).

[1]: docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html [2]: docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html [3]: docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html

@!attribute [rw] arn

Amazon Resource Name (ARN) for your private certificate authority
(CA). The format is ` 12345678-1234-1234-1234-123456789012 `.
@return [String]

@!attribute [rw] owner_account

The AWS account ID that owns the certificate authority.
@return [String]

@!attribute [rw] created_at

Date and time at which your private CA was created.
@return [Time]

@!attribute [rw] last_state_change_at

Date and time at which your private CA was last updated.
@return [Time]

@!attribute [rw] type

Type of your private CA.
@return [String]

@!attribute [rw] serial

Serial number of your private CA.
@return [String]

@!attribute [rw] status

Status of your private CA.
@return [String]

@!attribute [rw] not_before

Date and time before which your private CA certificate is not valid.
@return [Time]

@!attribute [rw] not_after

Date and time after which your private CA certificate is not valid.
@return [Time]

@!attribute [rw] failure_reason

Reason the request to create your private CA failed.
@return [String]

@!attribute [rw] certificate_authority_configuration

Your private CA configuration.
@return [Types::CertificateAuthorityConfiguration]

@!attribute [rw] revocation_configuration

Information about the Online Certificate Status Protocol (OCSP)
configuration or certificate revocation list (CRL) created and
maintained by your private CA.
@return [Types::RevocationConfiguration]

@!attribute [rw] restorable_until

The period during which a deleted CA can be restored. For more
information, see the `PermanentDeletionTimeInDays` parameter of the
[DeleteCertificateAuthorityRequest][1] action.

[1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
@return [Time]

@!attribute [rw] key_storage_security_standard

Defines a cryptographic key management compliance standard used for
handling CA keys.

Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER

Note: AWS Region ap-northeast-3 supports only
FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
parameter and value when creating a CA in that Region. Specifying a
different value (or no value) results in an `InvalidArgsException`
with the message "A certificate authority cannot be created in this
region with the specified security standard."
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthority AWS API Documentation

Constants

SENSITIVE