CertificateAuthorityConfiguration - Amazon Private Certificate Authority
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

CertificateAuthorityConfiguration

Contains configuration information for your private certificate authority (CA). This includes information about the class of public key algorithm and the key pair that your private CA creates when it issues a certificate. It also includes the signature algorithm that it uses when issuing certificates, and its X.500 distinguished name. You must specify this information when you call the CreateCertificateAuthority action.

Contents

KeyAlgorithm

Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. When you create a subordinate CA, you must use a key algorithm supported by the parent CA.

Type: String

Valid Values: RSA_2048 | RSA_4096 | EC_prime256v1 | EC_secp384r1 | SM2

Required: Yes

SigningAlgorithm

Name of the algorithm your private CA uses to sign certificate requests.

This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.

Type: String

Valid Values: SHA256WITHECDSA | SHA384WITHECDSA | SHA512WITHECDSA | SHA256WITHRSA | SHA384WITHRSA | SHA512WITHRSA | SM3WITHSM2

Required: Yes

Subject

Structure that contains X.500 distinguished name information for your private CA.

Type: ASN1Subject object

Required: Yes

CsrExtensions

Specifies information to be added to the extension section of the certificate signing request (CSR).

Type: CsrExtensions object

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: