本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # Amazon 私有 CA 模板品种 Amazon 私有 CA 支持四种模板。 + **基础模板** 不允许使用传递参数的预定义模板。 + **CSRPassthrough 模板** 通过允许 CSR 传递来扩展其相应基础模板版本的模板。用于颁发证书的 CSR 中的扩展将复制到颁发的证书中。如果 CSR 包含与模板定义冲突的扩展值,则模板定义将始终具有更高的优先级。有关优先级的详细信息,请参阅 [Amazon 私有 CA 模板操作顺序模板操作顺序](template-order-of-operations.md)。 + **APIPassthrough 模板** 通过允许 API 传递来扩展其相应基础模板版本的模板。管理员或其他中间系统已知的动态值可能对请求证书的实体未知,可能无法在模板中定义,也可能在 CSR 中不可用。但是,CA 管理员可以从其他数据来源(例如 Active Directory)检索其他信息来完成请求。例如,如果一台计算机不知道自己属于哪个组织单位,则管理员可以在 Active Directory 中查找信息,然后通过在 JSON 结构中包含该信息来将其添加到证书请求中。 `IssueCertificate` 操作 `` 的 `ApiPassthrough` 参数中的值将复制到颁发的证书中。如果 `ApiPassthrough` 参数包含与模板定义冲突的信息,则模板定义将始终具有更高的优先级。有关优先级的详细信息,请参阅 [Amazon 私有 CA 模板操作顺序模板操作顺序](template-order-of-operations.md)。 + **APICSRPassthrough 模板** 通过允许 API 和 CSR 传递来扩展其相应基础模板版本的模板。用于颁发证书的 CSR 中的扩展将复制到颁发的证书中,且 `IssueCertificate` 操作的 `ApiPassthrough` 参数中的值也将复制过来。如果模板定义、API 传递值和 CSR 传递扩展存在冲突,则模板定义的优先级最高,其次是 API 传递值,最后是 CSR 传递扩展。有关优先级的详细信息,请参阅 [Amazon 私有 CA 模板操作顺序模板操作顺序](template-order-of-operations.md)。 下表列出了支持的所有模板类型,并 Amazon 私有 CA 附有指向其定义的链接。 **注意** 有关 GovCloud 区域模板 ARNs 的信息,请参阅*Amazon GovCloud (US) 用户指南[Amazon 私有证书颁发机构](https://docs.amazonaws.cn/govcloud-us/latest/UserGuide/using-govcloud-arns.html#using-govcloud-arn-syntax-acmpca)*中的。 **基础模板** | 模板名称 | 模板 ARN | 证书类型 | | --- | --- | --- | | [CodeSigningCertificate/V1](template-definitions.md#CodeSigningCertificate-V1) | `arn:aws:acm-pca:::template/CodeSigningCertificate/V1` | 代码签名 | | [EndEntityCertificate/V1](template-definitions.md#EndEntityCertificate-V1) | `arn:aws:acm-pca:::template/EndEntityCertificate/V1` | 终端实体 | | [EndEntityClientAuthCertificate/V1](template-definitions.md#EndEntityClientAuthCertificate-V1) | `arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1` | 终端实体 | | [EndEntityServerAuthCertificate/V1](template-definitions.md#EndEntityServerAuthCertificate-V1) | `arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1` | 终端实体 | | [OCSPSigning证书/V1](template-definitions.md#OCSPSigningCertificate-V1) | `arn:aws:acm-pca:::template/OCSPSigningCertificate/V1` | OCSP 签名 | | [root CACertificate /V1](template-definitions.md#RootCACertificate-V1) | `arn:aws:acm-pca:::template/RootCACertificate/V1` | CA | | [下属 CACertificate \_ PathLen 0/V1](template-definitions.md#SubordinateCACertificate_PathLen0-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0/V1` | CA | | [下属 CACertificate \_ PathLen 1/V1](template-definitions.md#SubordinateCACertificate_PathLen1-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1/V1` | CA | | [下属 CACertificate \_ PathLen 2/V1](template-definitions.md#SubordinateCACertificate_PathLen2-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1` | CA | | [下属 CACertificate \_ PathLen 3/V1](template-definitions.md#SubordinateCACertificate_PathLen3-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1` | CA | **CSRPassthrough 模板** | 模板名称 | 模板 ARN | 证书类型 | | --- | --- | --- | | [BlankEndEntityCertificate\_ CSRPassthrough /V1](template-definitions.md#BlankEndEntityCertificate_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_CSRPassthrough/V1` | 终端实体 | | [BlankEndEntityCertificate\_ CriticalBasicConstraints \_ CSRPassthrough /V1](template-definitions.md#BlankEndEntityCertificate_CriticalBasicConstraints_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_CSRPassthrough/V1` | 终端实体 | | [BlankSubordinateCACertificate\_PathLen0\_CSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen0_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_CSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen1\_CSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen1_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_CSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen2\_CSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen2_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_CSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen3\_CSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen3_CSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_CSRPassthrough/V1` | CA | | [CodeSigningCertificate\_ CSRPassthrough /V1](template-definitions.md#CodeSigningCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/CodeSigningCertificate_CSRPassthrough/V1` | 代码签名 | | [EndEntityCertificate\_ CSRPassthrough /V1](template-definitions.md#EndEntityCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/EndEntityCertificate_CSRPassthrough/V1` | 终端实体 | | [EndEntityClientAuthCertificate\_ CSRPassthrough /V1](template-definitions.md#EndEntityClientAuthCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_CSRPassthrough/V1` | 终端实体 | | [EndEntityServerAuthCertificate\_ CSRPassthrough /V1](template-definitions.md#EndEntityServerAuthCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_CSRPassthrough/V1` | 终端实体 | | [OCSPSigning证书\_ /V1 CSRPassthrough](template-definitions.md#OCSPSigningCertificate_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/OCSPSigningCertificate_CSRPassthrough/V1` | OCSP 签名 | | [下属 CACertificate \_ PathLen 0\_ /V1 CSRPassthrough](template-definitions.md#SubordinateCACertificate_PathLen0_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_CSRPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 1\_ /V1 CSRPassthrough](template-definitions.md#SubordinateCACertificate_PathLen1_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_CSRPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 2\_ /V1 CSRPassthrough](template-definitions.md#SubordinateCACertificate_PathLen2_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_CSRPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 3\_ /V1 CSRPassthrough](template-definitions.md#SubordinateCACertificate_PathLen3_CSRPassthrough-V1) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_CSRPassthrough/V1` | CA | **APIPassthrough 模板** | 模板名称 | 模板 ARN | 证书类型 | | --- | --- | --- | | [BlankEndEntityCertificate\_ APIPassthrough /V1](template-definitions.md#BlankEndEntityCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_APIPassthrough/V1` | 终端实体 | | [BlankEndEntityCertificate\_ CriticalBasicConstraints \_ APIPassthrough /V1](template-definitions.md#BlankEndEntityCertificate_CriticalBasicConstraints_APIPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_APIPassthrough/V1` | 终端实体 | | [CodeSigningCertificate\_ APIPassthrough /V1](template-definitions.md#CodeSigningCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/CodeSigningCertificate_APIPassthrough/V1` | 代码签名 | | [EndEntityCertificate\_ APIPassthrough /V1](template-definitions.md#EndEntityCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/EndEntityCertificate_APIPassthrough/V1` | 终端实体 | | [EndEntityClientAuthCertificate\_ APIPassthrough /V1](template-definitions.md#EndEntityClientAuthCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_APIPassthrough/V1` | 终端实体 | | [EndEntityServerAuthCertificate\_ APIPassthrough /V1](template-definitions.md#EndEntityServerAuthCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/EndEntityServerAuthCertificate_APIPassthrough/V1` | 终端实体 | | [OCSPSigning证书\_ /V1 APIPassthrough](template-definitions.md#OCSPSigningCertificate_APIPassthrough) | `arn:aws:acm-pca:::template/OCSPSigningCertificate_APIPassthrough/V1` | OCSP 签名 | | [root CACertificate \_ APIPassthrough /V1](template-definitions.md#RootCACertificate_APIPassthrough) | `arn:aws:acm-pca:::template/RootCACertificate_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_ APIPassthrough /V1](template-definitions.md#BlankRootCACertificate_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_ PathLen 0\_ /V1 APIPassthrough](template-definitions.md#BlankRootCACertificate_PathLen0_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen0_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_ PathLen 1\_ /V1 APIPassthrough](template-definitions.md#BlankRootCACertificate_PathLen1_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen1_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_ PathLen 2\_ /V1 APIPassthrough](template-definitions.md#BlankRootCACertificate_PathLen2_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen2_APIPassthrough/V1` | CA | | [BlankRootCACertificate\_ PathLen 3\_ /V1 APIPassthrough](template-definitions.md#BlankRootCACertificate_PathLen3_APIPassthrough) | `arn:aws:acm-pca:::template/BlankRootCACertificate_PathLen3_APIPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 0\_ /V1 APIPassthrough](template-definitions.md#SubordinateCACertificate_PathLen0_APIPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_APIPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen0\_APIPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen0_APIPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_APIPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 1\_ /V1 APIPassthrough](template-definitions.md#SubordinateCACertificate_PathLen1_APIPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_APIPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen1\_APIPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen1_APIPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_APIPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 2\_ /V1 APIPassthrough](template-definitions.md#SubordinateCACertificate_PathLen2_APIPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_APIPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen2\_APIPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen2_APIPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_APIPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 3\_ /V1 APIPassthrough](template-definitions.md#SubordinateCACertificate_PathLen3_APIPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_APIPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen3\_APIPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen3_APIPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_APIPassthrough/V1` | CA | **APICSRPassthrough 模板** | 模板名称 | 模板 ARN | 证书类型 | | --- | --- | --- | | [BlankEndEntityCertificate\_ APICSRPassthrough /V1](template-definitions.md#BlankEndEntityCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_APICSRPassthrough/V1` | 终端实体 | | | | | | [BlankEndEntityCertificate\_ CriticalBasicConstraints \_ APICSRPassthrough /V1](template-definitions.md#BlankEndEntityCertificate_CriticalBasicConstraints_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankEndEntityCertificate_CriticalBasicConstraints_APICSRPassthrough/V1` | 终端实体 | | [CodeSigningCertificate\_ APICSRPassthrough /V1](template-definitions.md#CodeSigningCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/CodeSigningCertificate_APICSRPassthrough/V1` | 代码签名 | | [EndEntityCertificate\_ APICSRPassthrough /V1](template-definitions.md#EndEntityCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/EndEntityCertificate_APICSRPassthrough/V1` | 终端实体 | | [EndEntityClientAuthCertificate\_ APICSRPassthrough /V1](template-definitions.md#EndEntityClientAuthCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/EndEntityClientAuthCertificate_APICSRPassthrough/V1` | 终端实体 | | [EndEntityServerAuthCertificate\_ APICSRPassthrough /V1](template-definitions.md#EndEntityServerAuthCertificate_APICSRPassthrough) | arn:aws:acm-pca:::template/EndEntityServerAuthCertificate\_APICSRPassthrough/V1 | 终端实体 | | [OCSPSigning证书\_ /V1 APICSRPassthrough](template-definitions.md#OCSPSigningCertificate_APICSRPassthrough) | `arn:aws:acm-pca:::template/OCSPSigningCertificate_APICSRPassthrough/V1` | OCSP 签名 | | [下属 CACertificate \_ PathLen 0\_ /V1 APICSRPassthrough](template-definitions.md#SubordinateCACertificate_PathLen0_APICSRPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen0_APICSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen0\_APICSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen0_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen0_APICSRPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 1\_ /V1 APICSRPassthrough](template-definitions.md#SubordinateCACertificate_PathLen1_APICSRPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen1_APICSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen1\_APICSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen1_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen1_APICSRPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 2\_APICSRPassthrough/PathLen3\_ V1 APIPassthrough](template-definitions.md#SubordinateCACertificate_PathLen2_APICSRPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2_APICSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen2\_APICSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen2_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen2_APICSRPassthrough/V1` | CA | | [下属 CACertificate \_ PathLen 3\_ /V1 APICSRPassthrough](template-definitions.md#SubordinateCACertificate_PathLen3_APICSRPassthrough) | `arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3_APICSRPassthrough/V1` | CA | | [BlankSubordinateCACertificate\_PathLen3\_APICSRPassthrough/V1](template-definitions.md#BlankSubordinateCACertificate_PathLen3_APICSRPassthrough) | `arn:aws:acm-pca:::template/BlankSubordinateCACertificate_PathLen3_APICSRPassthrough/V1` | CA |