aws-cdk-lib.aws_acmpca.CfnCertificateAuthority.RevocationConfigurationProperty

interface RevocationConfigurationProperty

LanguageType name
.NETAmazon.CDK.AWS.ACMPCA.CfnCertificateAuthority.RevocationConfigurationProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsacmpca#CfnCertificateAuthority_RevocationConfigurationProperty
Javasoftware.amazon.awscdk.services.acmpca.CfnCertificateAuthority.RevocationConfigurationProperty
Pythonaws_cdk.aws_acmpca.CfnCertificateAuthority.RevocationConfigurationProperty
TypeScript aws-cdk-lib » aws_acmpca » CfnCertificateAuthority » RevocationConfigurationProperty

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see RevokeCertificate in the AWS Private CA API Reference and Setting up a certificate revocation method in the AWS Private CA User Guide .

The following requirements apply to revocation configurations.

  • A configuration disabling CRLs or OCSP must contain only the Enabled=False parameter, and will fail if other parameters such as CustomCname or ExpirationInDays are included.
  • In a CRL configuration, the S3BucketName parameter must conform to the Amazon S3 bucket naming rules .
  • A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
  • In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_acmpca as acmpca } from 'aws-cdk-lib';
const revocationConfigurationProperty: acmpca.CfnCertificateAuthority.RevocationConfigurationProperty = {
  crlConfiguration: {
    customCname: 'customCname',
    enabled: false,
    expirationInDays: 123,
    s3BucketName: 's3BucketName',
    s3ObjectAcl: 's3ObjectAcl',
  },
  ocspConfiguration: {
    enabled: false,
    ocspCustomCname: 'ocspCustomCname',
  },
};

Properties

NameTypeDescription
crlConfiguration?IResolvable | CrlConfigurationPropertyConfiguration of the certificate revocation list (CRL), if any, maintained by your private CA.
ocspConfiguration?IResolvable | OcspConfigurationPropertyConfiguration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.

crlConfiguration?

Type: IResolvable | CrlConfigurationProperty (optional)

Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.


ocspConfiguration?

Type: IResolvable | OcspConfigurationProperty (optional)

Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.