CreateCertificateAuthority

The following Java sample shows how to use the CreateCerticateAuthority operation.

The operation creates a private subordinate certificate authority (CA). You must specify the CA configuration, the revocation configuration, the CA type, and an optional idempotency token.

The CA configuration specifies the following:

The name of the algorithm and key size to be used to create the CA private key
The type of signing algorithm that the CA uses to sign
X.500 subject information

The CRL configuration specifies the following:

The CRL expiration period in days (the validity period of the CRL)
The Amazon S3 bucket that will contain the CRL
A CNAME alias for the S3 bucket that is included in certificates issued by the CA

If successful, this function returns the Amazon Resource Name (ARN) of the CA.

Your output should be similar to the following:


arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Create and activate a subordinate CA programmatically

Using CreateCertificateAuthority to support Active Directory