PrivateCertificateProps

class aws_cdk.aws_certificatemanager.PrivateCertificateProps(*, certificate_authority, domain_name, key_algorithm=None, subject_alternative_names=None)

Bases: object

Properties for your private certificate.

Parameters:
  • certificate_authority (ICertificateAuthority) – Private certificate authority (CA) that will be used to issue the certificate.

  • domain_name (str) – Fully-qualified domain name to request a private certificate for. May contain wildcards, such as *.domain.com.

  • key_algorithm (Optional[KeyAlgorithm]) – Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA’s secret key. Default: KeyAlgorithm.RSA_2048

  • subject_alternative_names (Optional[Sequence[str]]) – Alternative domain names on your private certificate. Use this to register alternative domain names that represent the same site. Default: - No additional FQDNs will be included as alternative domain names.

ExampleMetadata:

infused

Example:

import aws_cdk.aws_acmpca as acmpca


acm.PrivateCertificate(self, "PrivateCertificate",
    domain_name="test.example.com",
    subject_alternative_names=["cool.example.com", "test.example.net"],  # optional
    certificate_authority=acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CA", "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/023077d8-2bfa-4eb0-8f22-05c96deade77"),
    key_algorithm=acm.KeyAlgorithm.RSA_2048
)

Attributes

certificate_authority

Private certificate authority (CA) that will be used to issue the certificate.

domain_name

Fully-qualified domain name to request a private certificate for.

May contain wildcards, such as *.domain.com.

key_algorithm

Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.

When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA’s secret key.

Default:

KeyAlgorithm.RSA_2048

See:

https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms.title

subject_alternative_names

Alternative domain names on your private certificate.

Use this to register alternative domain names that represent the same site.

Default:
  • No additional FQDNs will be included as alternative domain names.