Working with IAM Server Certificates - Amazon SDK for Java 1.x
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

The Amazon SDK for Java 1.x has entered maintenance mode as of July 31, 2024, and will reach end-of-support on December 31, 2025. We recommend that you migrate to the Amazon SDK for Java 2.x to continue receiving new features, availability improvements, and security updates.

Working with IAM Server Certificates

To enable HTTPS connections to your website or application on Amazon, you need an SSL/TLS server certificate. You can use a server certificate provided by Amazon Certificate Manager or one that you obtained from an external provider.

We recommend that you use ACM to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to your Amazon resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about ACM , see the ACM User Guide.

Getting a Server Certificate

You can retrieve a server certificate by calling the AmazonIdentityManagementClient’s getServerCertificate method, passing it a GetServerCertificateRequest with the certificate’s name.

Imports

import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.GetServerCertificateRequest; import com.amazonaws.services.identitymanagement.model.GetServerCertificateResult;

Code

final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); GetServerCertificateRequest request = new GetServerCertificateRequest() .withServerCertificateName(cert_name); GetServerCertificateResult response = iam.getServerCertificate(request);

See the complete example on GitHub.

Listing Server Certificates

To list your server certificates, call the AmazonIdentityManagementClient’s listServerCertificates method with a ListServerCertificatesRequest. It returns a ListServerCertificatesResult.

Call the returned ListServerCertificateResult object’s getServerCertificateMetadataList method to get a list of ServerCertificateMetadata objects that you can use to get information about each certificate.

Results may be truncated; if the ListServerCertificateResult object’s getIsTruncated method returns true, call the ListServerCertificatesRequest object’s setMarker method and use it to call listServerCertificates again to get the next batch of results.

Imports

import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.ListServerCertificatesRequest; import com.amazonaws.services.identitymanagement.model.ListServerCertificatesResult; import com.amazonaws.services.identitymanagement.model.ServerCertificateMetadata;

Code

final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); boolean done = false; ListServerCertificatesRequest request = new ListServerCertificatesRequest(); while(!done) { ListServerCertificatesResult response = iam.listServerCertificates(request); for(ServerCertificateMetadata metadata : response.getServerCertificateMetadataList()) { System.out.printf("Retrieved server certificate %s", metadata.getServerCertificateName()); } request.setMarker(response.getMarker()); if(!response.getIsTruncated()) { done = true; } }

See the complete example on GitHub.

Updating a Server Certificate

You can update a server certificate’s name or path by calling the AmazonIdentityManagementClient’s updateServerCertificate method. It takes a UpdateServerCertificateRequest object set with the server certificate’s current name and either a new name or new path to use.

Imports

import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.UpdateServerCertificateRequest; import com.amazonaws.services.identitymanagement.model.UpdateServerCertificateResult;

Code

final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); UpdateServerCertificateRequest request = new UpdateServerCertificateRequest() .withServerCertificateName(cur_name) .withNewServerCertificateName(new_name); UpdateServerCertificateResult response = iam.updateServerCertificate(request);

See the complete example on GitHub.

Deleting a Server Certificate

To delete a server certificate, call the AmazonIdentityManagementClient’s deleteServerCertificate method with a DeleteServerCertificateRequest containing the certificate’s name.

Imports

import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.DeleteServerCertificateRequest; import com.amazonaws.services.identitymanagement.model.DeleteServerCertificateResult;

Code

final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); DeleteServerCertificateRequest request = new DeleteServerCertificateRequest() .withServerCertificateName(cert_name); DeleteServerCertificateResult response = iam.deleteServerCertificate(request);

See the complete example on GitHub.

More Information