AWS Native is in preview. AWS Classic is fully supported.
aws-native.acmpca.Certificate
Explore with Pulumi AI
AWS Native is in preview. AWS Classic is fully supported.
The AWS::ACMPCA::Certificate
resource is used to issue a certificate using your private certificate authority. For more information, see the IssueCertificate action.
Create Certificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
@overload
def Certificate(resource_name: str,
args: CertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Certificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate_authority_arn: Optional[str] = None,
certificate_signing_request: Optional[str] = None,
signing_algorithm: Optional[str] = None,
validity: Optional[CertificateValidityArgs] = None,
api_passthrough: Optional[CertificateApiPassthroughArgs] = None,
template_arn: Optional[str] = None,
validity_not_before: Optional[CertificateValidityArgs] = None)
func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: aws-native:acmpca:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Certificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Certificate resource accepts the following input properties:
- string
- The Amazon Resource Name (ARN) for the private CA issues the certificate.
- Certificate
Signing stringRequest - The certificate signing request (CSR) for the certificate.
- Signing
Algorithm string - The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. - Validity
Pulumi.
Aws Native. Acmpca. Inputs. Certificate Validity - The period of time during which the certificate will be valid.
- Api
Passthrough Pulumi.Aws Native. Acmpca. Inputs. Certificate Api Passthrough - Specifies X.509 certificate information to be included in the issued certificate. An
APIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. - Template
Arn string - Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the
EndEntityCertificate/V1
template. For more information about PCAshort templates, see Using Templates. - Validity
Not Pulumi.Before Aws Native. Acmpca. Inputs. Certificate Validity - Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate.
By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the "Not Before" value. Unlike theValidity
parameter, theValidityNotBefore
parameter is optional. TheValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
.
- string
- The Amazon Resource Name (ARN) for the private CA issues the certificate.
- Certificate
Signing stringRequest - The certificate signing request (CSR) for the certificate.
- Signing
Algorithm string - The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. - Validity
Certificate
Validity Args - The period of time during which the certificate will be valid.
- Api
Passthrough CertificateApi Passthrough Args - Specifies X.509 certificate information to be included in the issued certificate. An
APIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. - Template
Arn string - Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the
EndEntityCertificate/V1
template. For more information about PCAshort templates, see Using Templates. - Validity
Not CertificateBefore Validity Args - Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate.
By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the "Not Before" value. Unlike theValidity
parameter, theValidityNotBefore
parameter is optional. TheValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
.
- String
- The Amazon Resource Name (ARN) for the private CA issues the certificate.
- certificate
Signing StringRequest - The certificate signing request (CSR) for the certificate.
- signing
Algorithm String - The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. - validity
Certificate
Validity - The period of time during which the certificate will be valid.
- api
Passthrough CertificateApi Passthrough - Specifies X.509 certificate information to be included in the issued certificate. An
APIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. - template
Arn String - Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the
EndEntityCertificate/V1
template. For more information about PCAshort templates, see Using Templates. - validity
Not CertificateBefore Validity - Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate.
By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the "Not Before" value. Unlike theValidity
parameter, theValidityNotBefore
parameter is optional. TheValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
.
- string
- The Amazon Resource Name (ARN) for the private CA issues the certificate.
- certificate
Signing stringRequest - The certificate signing request (CSR) for the certificate.
- signing
Algorithm string - The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. - validity
Certificate
Validity - The period of time during which the certificate will be valid.
- api
Passthrough CertificateApi Passthrough - Specifies X.509 certificate information to be included in the issued certificate. An
APIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. - template
Arn string - Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the
EndEntityCertificate/V1
template. For more information about PCAshort templates, see Using Templates. - validity
Not CertificateBefore Validity - Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate.
By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the "Not Before" value. Unlike theValidity
parameter, theValidityNotBefore
parameter is optional. TheValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
.
- str
- The Amazon Resource Name (ARN) for the private CA issues the certificate.
- certificate_
signing_ strrequest - The certificate signing request (CSR) for the certificate.
- signing_
algorithm str - The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. - validity
Certificate
Validity Args - The period of time during which the certificate will be valid.
- api_
passthrough CertificateApi Passthrough Args - Specifies X.509 certificate information to be included in the issued certificate. An
APIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. - template_
arn str - Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the
EndEntityCertificate/V1
template. For more information about PCAshort templates, see Using Templates. - validity_
not_ Certificatebefore Validity Args - Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate.
By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the "Not Before" value. Unlike theValidity
parameter, theValidityNotBefore
parameter is optional. TheValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
.
- String
- The Amazon Resource Name (ARN) for the private CA issues the certificate.
- certificate
Signing StringRequest - The certificate signing request (CSR) for the certificate.
- signing
Algorithm String - The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the
SigningAlgorithm
parameter used to sign a CSR in theCreateCertificateAuthority
action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. - validity Property Map
- The period of time during which the certificate will be valid.
- api
Passthrough Property Map - Specifies X.509 certificate information to be included in the issued certificate. An
APIPassthrough
orAPICSRPassthrough
template variant must be selected, or else this parameter is ignored. - template
Arn String - Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the
EndEntityCertificate/V1
template. For more information about PCAshort templates, see Using Templates. - validity
Not Property MapBefore - Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate.
By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the "Not Before" value. Unlike theValidity
parameter, theValidityNotBefore
parameter is optional. TheValidityNotBefore
value is expressed as an explicit date and time, using theValidity
type valueABSOLUTE
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:
- Arn string
- The Amazon Resource Name (ARN) of the issued certificate.
- Certificate
Value string - The issued Base64 PEM-encoded certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Arn string
- The Amazon Resource Name (ARN) of the issued certificate.
- Certificate string
- The issued Base64 PEM-encoded certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- arn String
- The Amazon Resource Name (ARN) of the issued certificate.
- certificate String
- The issued Base64 PEM-encoded certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- arn string
- The Amazon Resource Name (ARN) of the issued certificate.
- certificate string
- The issued Base64 PEM-encoded certificate.
- id string
- The provider-assigned unique ID for this managed resource.
- arn str
- The Amazon Resource Name (ARN) of the issued certificate.
- certificate str
- The issued Base64 PEM-encoded certificate.
- id str
- The provider-assigned unique ID for this managed resource.
- arn String
- The Amazon Resource Name (ARN) of the issued certificate.
- certificate String
- The issued Base64 PEM-encoded certificate.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
CertificateApiPassthrough, CertificateApiPassthroughArgs
- Extensions
Pulumi.
Aws Native. Acmpca. Inputs. Certificate Extensions - Specifies X.509 extension information for a certificate.
- Subject
Pulumi.
Aws Native. Acmpca. Inputs. Certificate Subject - Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
- Extensions
Certificate
Extensions - Specifies X.509 extension information for a certificate.
- Subject
Certificate
Subject - Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
- extensions
Certificate
Extensions - Specifies X.509 extension information for a certificate.
- subject
Certificate
Subject - Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
- extensions
Certificate
Extensions - Specifies X.509 extension information for a certificate.
- subject
Certificate
Subject - Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
- extensions
Certificate
Extensions - Specifies X.509 extension information for a certificate.
- subject
Certificate
Subject - Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
- extensions Property Map
- Specifies X.509 extension information for a certificate.
- subject Property Map
- Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
CertificateCustomAttribute, CertificateCustomAttributeArgs
- Object
Identifier string - Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
- Value string
- Specifies the attribute value of relative distinguished name (RDN).
- Object
Identifier string - Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
- Value string
- Specifies the attribute value of relative distinguished name (RDN).
- object
Identifier String - Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
- value String
- Specifies the attribute value of relative distinguished name (RDN).
- object
Identifier string - Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
- value string
- Specifies the attribute value of relative distinguished name (RDN).
- object_
identifier str - Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
- value str
- Specifies the attribute value of relative distinguished name (RDN).
- object
Identifier String - Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
- value String
- Specifies the attribute value of relative distinguished name (RDN).
CertificateCustomExtension, CertificateCustomExtensionArgs
- Object
Identifier string - Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
- Value string
- Specifies the base64-encoded value of the X.509 extension.
- Critical bool
- Specifies the critical flag of the X.509 extension.
- Object
Identifier string - Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
- Value string
- Specifies the base64-encoded value of the X.509 extension.
- Critical bool
- Specifies the critical flag of the X.509 extension.
- object
Identifier String - Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
- value String
- Specifies the base64-encoded value of the X.509 extension.
- critical Boolean
- Specifies the critical flag of the X.509 extension.
- object
Identifier string - Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
- value string
- Specifies the base64-encoded value of the X.509 extension.
- critical boolean
- Specifies the critical flag of the X.509 extension.
- object_
identifier str - Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
- value str
- Specifies the base64-encoded value of the X.509 extension.
- critical bool
- Specifies the critical flag of the X.509 extension.
- object
Identifier String - Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
- value String
- Specifies the base64-encoded value of the X.509 extension.
- critical Boolean
- Specifies the critical flag of the X.509 extension.
CertificateEdiPartyName, CertificateEdiPartyNameArgs
- Name
Assigner string - Specifies the name assigner.
- Party
Name string - Specifies the party name.
- Name
Assigner string - Specifies the name assigner.
- Party
Name string - Specifies the party name.
- name
Assigner String - Specifies the name assigner.
- party
Name String - Specifies the party name.
- name
Assigner string - Specifies the name assigner.
- party
Name string - Specifies the party name.
- name_
assigner str - Specifies the name assigner.
- party_
name str - Specifies the party name.
- name
Assigner String - Specifies the name assigner.
- party
Name String - Specifies the party name.
CertificateExtendedKeyUsage, CertificateExtendedKeyUsageArgs
- Extended
Key stringUsage Object Identifier - Specifies a custom
ExtendedKeyUsage
with an object identifier (OID). - Extended
Key stringUsage Type - Specifies a standard
ExtendedKeyUsage
as defined as in RFC 5280.
- Extended
Key stringUsage Object Identifier - Specifies a custom
ExtendedKeyUsage
with an object identifier (OID). - Extended
Key stringUsage Type - Specifies a standard
ExtendedKeyUsage
as defined as in RFC 5280.
- extended
Key StringUsage Object Identifier - Specifies a custom
ExtendedKeyUsage
with an object identifier (OID). - extended
Key StringUsage Type - Specifies a standard
ExtendedKeyUsage
as defined as in RFC 5280.
- extended
Key stringUsage Object Identifier - Specifies a custom
ExtendedKeyUsage
with an object identifier (OID). - extended
Key stringUsage Type - Specifies a standard
ExtendedKeyUsage
as defined as in RFC 5280.
- extended_
key_ strusage_ object_ identifier - Specifies a custom
ExtendedKeyUsage
with an object identifier (OID). - extended_
key_ strusage_ type - Specifies a standard
ExtendedKeyUsage
as defined as in RFC 5280.
- extended
Key StringUsage Object Identifier - Specifies a custom
ExtendedKeyUsage
with an object identifier (OID). - extended
Key StringUsage Type - Specifies a standard
ExtendedKeyUsage
as defined as in RFC 5280.
CertificateExtensions, CertificateExtensionsArgs
- Certificate
Policies List<Pulumi.Aws Native. Acmpca. Inputs. Certificate Policy Information> - Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
- Custom
Extensions List<Pulumi.Aws Native. Acmpca. Inputs. Certificate Custom Extension> - Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
- Extended
Key List<Pulumi.Usage Aws Native. Acmpca. Inputs. Certificate Extended Key Usage> - Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the
KeyUsage
extension. - Key
Usage Pulumi.Aws Native. Acmpca. Inputs. Certificate Key Usage - Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
- Subject
Alternative List<Pulumi.Names Aws Native. Acmpca. Inputs. Certificate General Name> - The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
- Certificate
Policies []CertificatePolicy Information - Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
- Custom
Extensions []CertificateCustom Extension - Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
- Extended
Key []CertificateUsage Extended Key Usage - Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the
KeyUsage
extension. - Key
Usage CertificateKey Usage - Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
- Subject
Alternative []CertificateNames General Name - The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
- certificate
Policies List<CertificatePolicy Information> - Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
- custom
Extensions List<CertificateCustom Extension> - Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
- extended
Key List<CertificateUsage Extended Key Usage> - Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the
KeyUsage
extension. - key
Usage CertificateKey Usage - Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
- subject
Alternative List<CertificateNames General Name> - The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
- certificate
Policies CertificatePolicy Information[] - Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
- custom
Extensions CertificateCustom Extension[] - Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
- extended
Key CertificateUsage Extended Key Usage[] - Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the
KeyUsage
extension. - key
Usage CertificateKey Usage - Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
- subject
Alternative CertificateNames General Name[] - The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
- certificate_
policies Sequence[CertificatePolicy Information] - Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
- custom_
extensions Sequence[CertificateCustom Extension] - Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
- extended_
key_ Sequence[Certificateusage Extended Key Usage] - Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the
KeyUsage
extension. - key_
usage CertificateKey Usage - Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
- subject_
alternative_ Sequence[Certificatenames General Name] - The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
- certificate
Policies List<Property Map> - Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
- custom
Extensions List<Property Map> - Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
- extended
Key List<Property Map>Usage - Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the
KeyUsage
extension. - key
Usage Property Map - Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
- subject
Alternative List<Property Map>Names - The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
CertificateGeneralName, CertificateGeneralNameArgs
- Directory
Name Pulumi.Aws Native. Acmpca. Inputs. Certificate Subject - Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
- Dns
Name string - Represents
GeneralName
as a DNS name. - Edi
Party Pulumi.Name Aws Native. Acmpca. Inputs. Certificate Edi Party Name - Represents
GeneralName
as anEdiPartyName
object. - Ip
Address string - Represents
GeneralName
as an IPv4 or IPv6 address. - Other
Name Pulumi.Aws Native. Acmpca. Inputs. Certificate Other Name - Represents
GeneralName
using anOtherName
object. - Registered
Id string - Represents
GeneralName
as an object identifier (OID). - Rfc822Name string
- Represents
GeneralName
as an RFC 822 email address. - Uniform
Resource stringIdentifier - Represents
GeneralName
as a URI.
- Directory
Name CertificateSubject - Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
- Dns
Name string - Represents
GeneralName
as a DNS name. - Edi
Party CertificateName Edi Party Name - Represents
GeneralName
as anEdiPartyName
object. - Ip
Address string - Represents
GeneralName
as an IPv4 or IPv6 address. - Other
Name CertificateOther Name - Represents
GeneralName
using anOtherName
object. - Registered
Id string - Represents
GeneralName
as an object identifier (OID). - Rfc822Name string
- Represents
GeneralName
as an RFC 822 email address. - Uniform
Resource stringIdentifier - Represents
GeneralName
as a URI.
- directory
Name CertificateSubject - Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
- dns
Name String - Represents
GeneralName
as a DNS name. - edi
Party CertificateName Edi Party Name - Represents
GeneralName
as anEdiPartyName
object. - ip
Address String - Represents
GeneralName
as an IPv4 or IPv6 address. - other
Name CertificateOther Name - Represents
GeneralName
using anOtherName
object. - registered
Id String - Represents
GeneralName
as an object identifier (OID). - rfc822Name String
- Represents
GeneralName
as an RFC 822 email address. - uniform
Resource StringIdentifier - Represents
GeneralName
as a URI.
- directory
Name CertificateSubject - Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
- dns
Name string - Represents
GeneralName
as a DNS name. - edi
Party CertificateName Edi Party Name - Represents
GeneralName
as anEdiPartyName
object. - ip
Address string - Represents
GeneralName
as an IPv4 or IPv6 address. - other
Name CertificateOther Name - Represents
GeneralName
using anOtherName
object. - registered
Id string - Represents
GeneralName
as an object identifier (OID). - rfc822Name string
- Represents
GeneralName
as an RFC 822 email address. - uniform
Resource stringIdentifier - Represents
GeneralName
as a URI.
- directory_
name CertificateSubject - Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
- dns_
name str - Represents
GeneralName
as a DNS name. - edi_
party_ Certificatename Edi Party Name - Represents
GeneralName
as anEdiPartyName
object. - ip_
address str - Represents
GeneralName
as an IPv4 or IPv6 address. - other_
name CertificateOther Name - Represents
GeneralName
using anOtherName
object. - registered_
id str - Represents
GeneralName
as an object identifier (OID). - rfc822_
name str - Represents
GeneralName
as an RFC 822 email address. - uniform_
resource_ stridentifier - Represents
GeneralName
as a URI.
- directory
Name Property Map - Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
- dns
Name String - Represents
GeneralName
as a DNS name. - edi
Party Property MapName - Represents
GeneralName
as anEdiPartyName
object. - ip
Address String - Represents
GeneralName
as an IPv4 or IPv6 address. - other
Name Property Map - Represents
GeneralName
using anOtherName
object. - registered
Id String - Represents
GeneralName
as an object identifier (OID). - rfc822Name String
- Represents
GeneralName
as an RFC 822 email address. - uniform
Resource StringIdentifier - Represents
GeneralName
as a URI.
CertificateKeyUsage, CertificateKeyUsageArgs
- Crl
Sign bool - Key can be used to sign CRLs.
- Data
Encipherment bool - Key can be used to decipher data.
- Decipher
Only bool - Key can be used only to decipher data.
- Digital
Signature bool - Key can be used for digital signing.
- Encipher
Only bool - Key can be used only to encipher data.
- Key
Agreement bool - Key can be used in a key-agreement protocol.
- Key
Cert boolSign - Key can be used to sign certificates.
- Key
Encipherment bool - Key can be used to encipher data.
- Non
Repudiation bool - Key can be used for non-repudiation.
- Crl
Sign bool - Key can be used to sign CRLs.
- Data
Encipherment bool - Key can be used to decipher data.
- Decipher
Only bool - Key can be used only to decipher data.
- Digital
Signature bool - Key can be used for digital signing.
- Encipher
Only bool - Key can be used only to encipher data.
- Key
Agreement bool - Key can be used in a key-agreement protocol.
- Key
Cert boolSign - Key can be used to sign certificates.
- Key
Encipherment bool - Key can be used to encipher data.
- Non
Repudiation bool - Key can be used for non-repudiation.
- crl
Sign Boolean - Key can be used to sign CRLs.
- data
Encipherment Boolean - Key can be used to decipher data.
- decipher
Only Boolean - Key can be used only to decipher data.
- digital
Signature Boolean - Key can be used for digital signing.
- encipher
Only Boolean - Key can be used only to encipher data.
- key
Agreement Boolean - Key can be used in a key-agreement protocol.
- key
Cert BooleanSign - Key can be used to sign certificates.
- key
Encipherment Boolean - Key can be used to encipher data.
- non
Repudiation Boolean - Key can be used for non-repudiation.
- crl
Sign boolean - Key can be used to sign CRLs.
- data
Encipherment boolean - Key can be used to decipher data.
- decipher
Only boolean - Key can be used only to decipher data.
- digital
Signature boolean - Key can be used for digital signing.
- encipher
Only boolean - Key can be used only to encipher data.
- key
Agreement boolean - Key can be used in a key-agreement protocol.
- key
Cert booleanSign - Key can be used to sign certificates.
- key
Encipherment boolean - Key can be used to encipher data.
- non
Repudiation boolean - Key can be used for non-repudiation.
- crl_
sign bool - Key can be used to sign CRLs.
- data_
encipherment bool - Key can be used to decipher data.
- decipher_
only bool - Key can be used only to decipher data.
- digital_
signature bool - Key can be used for digital signing.
- encipher_
only bool - Key can be used only to encipher data.
- key_
agreement bool - Key can be used in a key-agreement protocol.
- key_
cert_ boolsign - Key can be used to sign certificates.
- key_
encipherment bool - Key can be used to encipher data.
- non_
repudiation bool - Key can be used for non-repudiation.
- crl
Sign Boolean - Key can be used to sign CRLs.
- data
Encipherment Boolean - Key can be used to decipher data.
- decipher
Only Boolean - Key can be used only to decipher data.
- digital
Signature Boolean - Key can be used for digital signing.
- encipher
Only Boolean - Key can be used only to encipher data.
- key
Agreement Boolean - Key can be used in a key-agreement protocol.
- key
Cert BooleanSign - Key can be used to sign certificates.
- key
Encipherment Boolean - Key can be used to encipher data.
- non
Repudiation Boolean - Key can be used for non-repudiation.
CertificateOtherName, CertificateOtherNameArgs
CertificatePolicyInformation, CertificatePolicyInformationArgs
- Cert
Policy stringId - Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
- Policy
Qualifiers List<Pulumi.Aws Native. Acmpca. Inputs. Certificate Policy Qualifier Info> - Modifies the given
CertPolicyId
with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
- Cert
Policy stringId - Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
- Policy
Qualifiers []CertificatePolicy Qualifier Info - Modifies the given
CertPolicyId
with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
- cert
Policy StringId - Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
- policy
Qualifiers List<CertificatePolicy Qualifier Info> - Modifies the given
CertPolicyId
with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
- cert
Policy stringId - Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
- policy
Qualifiers CertificatePolicy Qualifier Info[] - Modifies the given
CertPolicyId
with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
- cert_
policy_ strid - Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
- policy_
qualifiers Sequence[CertificatePolicy Qualifier Info] - Modifies the given
CertPolicyId
with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
- cert
Policy StringId - Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
- policy
Qualifiers List<Property Map> - Modifies the given
CertPolicyId
with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
CertificatePolicyQualifierInfo, CertificatePolicyQualifierInfoArgs
- Policy
Qualifier stringId - Identifies the qualifier modifying a
CertPolicyId
. - Qualifier
Pulumi.
Aws Native. Acmpca. Inputs. Certificate Qualifier - Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
- Policy
Qualifier stringId - Identifies the qualifier modifying a
CertPolicyId
. - Qualifier
Certificate
Qualifier - Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
- policy
Qualifier StringId - Identifies the qualifier modifying a
CertPolicyId
. - qualifier
Certificate
Qualifier - Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
- policy
Qualifier stringId - Identifies the qualifier modifying a
CertPolicyId
. - qualifier
Certificate
Qualifier - Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
- policy_
qualifier_ strid - Identifies the qualifier modifying a
CertPolicyId
. - qualifier
Certificate
Qualifier - Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
- policy
Qualifier StringId - Identifies the qualifier modifying a
CertPolicyId
. - qualifier Property Map
- Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
CertificateQualifier, CertificateQualifierArgs
- Cps
Uri string - Contains a pointer to a certification practice statement (CPS) published by the CA.
- Cps
Uri string - Contains a pointer to a certification practice statement (CPS) published by the CA.
- cps
Uri String - Contains a pointer to a certification practice statement (CPS) published by the CA.
- cps
Uri string - Contains a pointer to a certification practice statement (CPS) published by the CA.
- cps_
uri str - Contains a pointer to a certification practice statement (CPS) published by the CA.
- cps
Uri String - Contains a pointer to a certification practice statement (CPS) published by the CA.
CertificateSubject, CertificateSubjectArgs
- Common
Name string - For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
- Country string
- Two-digit code that specifies the country in which the certificate subject located.
- Custom
Attributes List<Pulumi.Aws Native. Acmpca. Inputs. Certificate Custom Attribute> - Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
- Distinguished
Name stringQualifier - Disambiguating information for the certificate subject.
- Generation
Qualifier string - Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
- Given
Name string - First name.
- Initials string
- Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
- Locality string
- The locality (such as a city or town) in which the certificate subject is located.
- Organization string
- Legal name of the organization with which the certificate subject is affiliated.
- Organizational
Unit string - A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
- Pseudonym string
- Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
- Serial
Number string - The certificate serial number.
- State string
- State in which the subject of the certificate is located.
- Surname string
- Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
- Title string
- A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
- Common
Name string - For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
- Country string
- Two-digit code that specifies the country in which the certificate subject located.
- Custom
Attributes []CertificateCustom Attribute - Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
- Distinguished
Name stringQualifier - Disambiguating information for the certificate subject.
- Generation
Qualifier string - Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
- Given
Name string - First name.
- Initials string
- Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
- Locality string
- The locality (such as a city or town) in which the certificate subject is located.
- Organization string
- Legal name of the organization with which the certificate subject is affiliated.
- Organizational
Unit string - A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
- Pseudonym string
- Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
- Serial
Number string - The certificate serial number.
- State string
- State in which the subject of the certificate is located.
- Surname string
- Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
- Title string
- A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
- common
Name String - For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
- country String
- Two-digit code that specifies the country in which the certificate subject located.
- custom
Attributes List<CertificateCustom Attribute> - Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
- distinguished
Name StringQualifier - Disambiguating information for the certificate subject.
- generation
Qualifier String - Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
- given
Name String - First name.
- initials String
- Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
- locality String
- The locality (such as a city or town) in which the certificate subject is located.
- organization String
- Legal name of the organization with which the certificate subject is affiliated.
- organizational
Unit String - A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
- pseudonym String
- Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
- serial
Number String - The certificate serial number.
- state String
- State in which the subject of the certificate is located.
- surname String
- Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
- title String
- A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
- common
Name string - For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
- country string
- Two-digit code that specifies the country in which the certificate subject located.
- custom
Attributes CertificateCustom Attribute[] - Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
- distinguished
Name stringQualifier - Disambiguating information for the certificate subject.
- generation
Qualifier string - Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
- given
Name string - First name.
- initials string
- Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
- locality string
- The locality (such as a city or town) in which the certificate subject is located.
- organization string
- Legal name of the organization with which the certificate subject is affiliated.
- organizational
Unit string - A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
- pseudonym string
- Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
- serial
Number string - The certificate serial number.
- state string
- State in which the subject of the certificate is located.
- surname string
- Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
- title string
- A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
- common_
name str - For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
- country str
- Two-digit code that specifies the country in which the certificate subject located.
- custom_
attributes Sequence[CertificateCustom Attribute] - Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
- distinguished_
name_ strqualifier - Disambiguating information for the certificate subject.
- generation_
qualifier str - Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
- given_
name str - First name.
- initials str
- Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
- locality str
- The locality (such as a city or town) in which the certificate subject is located.
- organization str
- Legal name of the organization with which the certificate subject is affiliated.
- organizational_
unit str - A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
- pseudonym str
- Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
- serial_
number str - The certificate serial number.
- state str
- State in which the subject of the certificate is located.
- surname str
- Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
- title str
- A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
- common
Name String - For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
- country String
- Two-digit code that specifies the country in which the certificate subject located.
- custom
Attributes List<Property Map> - Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
- distinguished
Name StringQualifier - Disambiguating information for the certificate subject.
- generation
Qualifier String - Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
- given
Name String - First name.
- initials String
- Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
- locality String
- The locality (such as a city or town) in which the certificate subject is located.
- organization String
- Legal name of the organization with which the certificate subject is affiliated.
- organizational
Unit String - A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
- pseudonym String
- Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
- serial
Number String - The certificate serial number.
- state String
- State in which the subject of the certificate is located.
- surname String
- Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
- title String
- A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
CertificateValidity, CertificateValidityArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
AWS Native is in preview. AWS Classic is fully supported.