class Aws::ACMPCA::Types::CertificateAuthorityConfiguration

Contains configuration information for your private certificate authority (CA). This includes information about the class of public key algorithm and the key pair that your private CA creates when it issues a certificate. It also includes the signature algorithm that it uses when issuing certificates, and its X.500 distinguished name. You must specify this information when you call the

CreateCertificateAuthority][1

action.

[1]: docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html

@note When making an API call, you may pass CertificateAuthorityConfiguration

data as a hash:

    {
      key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
      signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
      subject: { # required
        country: "CountryCodeString",
        organization: "String64",
        organizational_unit: "String64",
        distinguished_name_qualifier: "ASN1PrintableString64",
        state: "String128",
        common_name: "String64",
        serial_number: "ASN1PrintableString64",
        locality: "String128",
        title: "String64",
        surname: "String40",
        given_name: "String16",
        initials: "String5",
        pseudonym: "String128",
        generation_qualifier: "String3",
      },
      csr_extensions: {
        key_usage: {
          digital_signature: false,
          non_repudiation: false,
          key_encipherment: false,
          data_encipherment: false,
          key_agreement: false,
          key_cert_sign: false,
          crl_sign: false,
          encipher_only: false,
          decipher_only: false,
        },
        subject_information_access: [
          {
            access_method: { # required
              custom_object_identifier: "CustomObjectIdentifier",
              access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
            },
            access_location: { # required
              other_name: {
                type_id: "CustomObjectIdentifier", # required
                value: "String256", # required
              },
              rfc_822_name: "String256",
              dns_name: "String253",
              directory_name: {
                country: "CountryCodeString",
                organization: "String64",
                organizational_unit: "String64",
                distinguished_name_qualifier: "ASN1PrintableString64",
                state: "String128",
                common_name: "String64",
                serial_number: "ASN1PrintableString64",
                locality: "String128",
                title: "String64",
                surname: "String40",
                given_name: "String16",
                initials: "String5",
                pseudonym: "String128",
                generation_qualifier: "String3",
              },
              edi_party_name: {
                party_name: "String256", # required
                name_assigner: "String256",
              },
              uniform_resource_identifier: "String253",
              ip_address: "String39",
              registered_id: "CustomObjectIdentifier",
            },
          },
        ],
      },
    }

@!attribute [rw] key_algorithm

Type of the public key algorithm and size, in bits, of the key pair
that your CA creates when it issues a certificate. When you create a
subordinate CA, you must use a key algorithm supported by the parent
CA.
@return [String]

@!attribute [rw] signing_algorithm

Name of the algorithm your private CA uses to sign certificate
requests.

This parameter should not be confused with the `SigningAlgorithm`
parameter used to sign certificates when they are issued.
@return [String]

@!attribute [rw] subject

Structure that contains X.500 distinguished name information for
your private CA.
@return [Types::ASN1Subject]

@!attribute [rw] csr_extensions

Specifies information to be added to the extension section of the
certificate signing request (CSR).
@return [Types::CsrExtensions]

@see docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthorityConfiguration AWS API Documentation

Constants

SENSITIVE