CreateCertificateAuthority - Amazon Private Certificate Authority
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

CreateCertificateAuthority

The following Java sample shows how to use the CreateCerticateAuthority operation.

The operation creates a private subordinate certificate authority (CA). You must specify the CA configuration, the revocation configuration, the CA type, and an optional idempotency token.

The CA configuration specifies the following:

  • The name of the algorithm and key size to be used to create the CA private key

  • The type of signing algorithm that the CA uses to sign

  • X.500 subject information

The CRL configuration specifies the following:

  • The CRL expiration period in days (the validity period of the CRL)

  • The Amazon S3 bucket that will contain the CRL

  • A CNAME alias for the S3 bucket that is included in certificates issued by the CA

If successful, this function returns the Amazon Resource Name (ARN) of the CA.

Your output should be similar to the following:

arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566