OcspConfiguration - Amazon Private Certificate Authority
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

OcspConfiguration

Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.

Contents

Enabled

Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

Type: Boolean

Required: Yes

OcspCustomCname

By default, Amazon Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

Note

The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

For more information, see Customizing Online Certificate Status Protocol (OCSP) in the Amazon Private Certificate Authority User Guide.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 253.

Pattern: [-a-zA-Z0-9;/?:@&=+$,%_.!~*()']*

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: