AWS Native v0.102.0, Apr 16 24

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.102.0 published on Tuesday, Apr 16, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.acmpca.Certificate

Explore with Pulumi AI

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.102.0 published on Tuesday, Apr 16, 2024 by Pulumi

pulumi/pulumi-aws-native

Create Certificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);

@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                certificate_authority_arn: Optional[str] = None,
                certificate_signing_request: Optional[str] = None,
                signing_algorithm: Optional[str] = None,
                validity: Optional[CertificateValidityArgs] = None,
                api_passthrough: Optional[CertificateApiPassthroughArgs] = None,
                template_arn: Optional[str] = None,
                validity_not_before: Optional[CertificateValidityArgs] = None)

func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)

public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)

public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)

type: aws-native:acmpca:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

Coming soon!

Coming soon!

Coming soon!

Coming soon!

const certificateResource = new aws_native.acmpca.Certificate("certificateResource", {
    certificateAuthorityArn: "string",
    certificateSigningRequest: "string",
    signingAlgorithm: "string",
    validity: {
        type: "string",
        value: 0,
    },
    apiPassthrough: {
        extensions: {
            certificatePolicies: [{
                certPolicyId: "string",
                policyQualifiers: [{
                    policyQualifierId: "string",
                    qualifier: {
                        cpsUri: "string",
                    },
                }],
            }],
            customExtensions: [{
                objectIdentifier: "string",
                value: "string",
                critical: false,
            }],
            extendedKeyUsage: [{
                extendedKeyUsageObjectIdentifier: "string",
                extendedKeyUsageType: "string",
            }],
            keyUsage: {
                crlSign: false,
                dataEncipherment: false,
                decipherOnly: false,
                digitalSignature: false,
                encipherOnly: false,
                keyAgreement: false,
                keyCertSign: false,
                keyEncipherment: false,
                nonRepudiation: false,
            },
            subjectAlternativeNames: [{
                directoryName: {
                    commonName: "string",
                    country: "string",
                    customAttributes: [{
                        objectIdentifier: "string",
                        value: "string",
                    }],
                    distinguishedNameQualifier: "string",
                    generationQualifier: "string",
                    givenName: "string",
                    initials: "string",
                    locality: "string",
                    organization: "string",
                    organizationalUnit: "string",
                    pseudonym: "string",
                    serialNumber: "string",
                    state: "string",
                    surname: "string",
                    title: "string",
                },
                dnsName: "string",
                ediPartyName: {
                    nameAssigner: "string",
                    partyName: "string",
                },
                ipAddress: "string",
                otherName: {
                    typeId: "string",
                    value: "string",
                },
                registeredId: "string",
                rfc822Name: "string",
                uniformResourceIdentifier: "string",
            }],
        },
        subject: {
            commonName: "string",
            country: "string",
            customAttributes: [{
                objectIdentifier: "string",
                value: "string",
            }],
            distinguishedNameQualifier: "string",
            generationQualifier: "string",
            givenName: "string",
            initials: "string",
            locality: "string",
            organization: "string",
            organizationalUnit: "string",
            pseudonym: "string",
            serialNumber: "string",
            state: "string",
            surname: "string",
            title: "string",
        },
    },
    templateArn: "string",
    validityNotBefore: {
        type: "string",
        value: 0,
    },
});

Coming soon!

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Certificate resource accepts the following input properties:

CertificateAuthorityArn string: The Amazon Resource Name (ARN) for the private CA issues the certificate.
CertificateSigningRequest string: The certificate signing request (CSR) for the certificate.
SigningAlgorithm string: The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
Validity Pulumi.AwsNative.Acmpca.Inputs.CertificateValidity: The period of time during which the certificate will be valid.
ApiPassthrough Pulumi.AwsNative.Acmpca.Inputs.CertificateApiPassthrough: Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
TemplateArn string: Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
ValidityNotBefore Pulumi.AwsNative.Acmpca.Inputs.CertificateValidity: Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.

CertificateAuthorityArn string: The Amazon Resource Name (ARN) for the private CA issues the certificate.
CertificateSigningRequest string: The certificate signing request (CSR) for the certificate.
SigningAlgorithm string: The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
Validity CertificateValidityArgs: The period of time during which the certificate will be valid.
ApiPassthrough CertificateApiPassthroughArgs: Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
TemplateArn string: Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
ValidityNotBefore CertificateValidityArgs: Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.

certificateAuthorityArn String: The Amazon Resource Name (ARN) for the private CA issues the certificate.
certificateSigningRequest String: The certificate signing request (CSR) for the certificate.
signingAlgorithm String: The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
validity CertificateValidity: The period of time during which the certificate will be valid.
apiPassthrough CertificateApiPassthrough: Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
templateArn String: Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
validityNotBefore CertificateValidity: Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.

certificateAuthorityArn string: The Amazon Resource Name (ARN) for the private CA issues the certificate.
certificateSigningRequest string: The certificate signing request (CSR) for the certificate.
signingAlgorithm string: The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
validity CertificateValidity: The period of time during which the certificate will be valid.
apiPassthrough CertificateApiPassthrough: Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
templateArn string: Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
validityNotBefore CertificateValidity: Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.

certificate_authority_arn str: The Amazon Resource Name (ARN) for the private CA issues the certificate.
certificate_signing_request str: The certificate signing request (CSR) for the certificate.
signing_algorithm str: The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
validity CertificateValidityArgs: The period of time during which the certificate will be valid.
api_passthrough CertificateApiPassthroughArgs: Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
template_arn str: Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
validity_not_before CertificateValidityArgs: Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.

certificateAuthorityArn String: The Amazon Resource Name (ARN) for the private CA issues the certificate.
certificateSigningRequest String: The certificate signing request (CSR) for the certificate.
signingAlgorithm String: The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
validity Property Map: The period of time during which the certificate will be valid.
apiPassthrough Property Map: Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
templateArn String: Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
validityNotBefore Property Map: Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

Arn string
CertificateValue string
Id string: The provider-assigned unique ID for this managed resource.

Arn string
Certificate string
Id string: The provider-assigned unique ID for this managed resource.

arn String
certificate String
id String: The provider-assigned unique ID for this managed resource.

arn string
certificate string
id string: The provider-assigned unique ID for this managed resource.

arn str
certificate str
id str: The provider-assigned unique ID for this managed resource.

arn String
certificate String
id String: The provider-assigned unique ID for this managed resource.

Supporting Types

CertificateApiPassthrough, CertificateApiPassthroughArgs

Extensions Pulumi.AwsNative.Acmpca.Inputs.CertificateExtensions: Specifies X.509 extension information for a certificate.
Subject Pulumi.AwsNative.Acmpca.Inputs.CertificateSubject: Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

Extensions CertificateExtensions: Specifies X.509 extension information for a certificate.
Subject CertificateSubject: Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

extensions CertificateExtensions: Specifies X.509 extension information for a certificate.
subject CertificateSubject: Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

extensions CertificateExtensions: Specifies X.509 extension information for a certificate.
subject CertificateSubject: Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

extensions CertificateExtensions: Specifies X.509 extension information for a certificate.
subject CertificateSubject: Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

extensions Property Map: Specifies X.509 extension information for a certificate.
subject Property Map: Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

CertificateCustomAttribute, CertificateCustomAttributeArgs

ObjectIdentifier string: Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
Value string: Specifies the attribute value of relative distinguished name (RDN).

ObjectIdentifier string: Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
Value string: Specifies the attribute value of relative distinguished name (RDN).

objectIdentifier String: Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
value String: Specifies the attribute value of relative distinguished name (RDN).

objectIdentifier string: Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
value string: Specifies the attribute value of relative distinguished name (RDN).

object_identifier str: Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
value str: Specifies the attribute value of relative distinguished name (RDN).

objectIdentifier String: Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
value String: Specifies the attribute value of relative distinguished name (RDN).

CertificateCustomExtension, CertificateCustomExtensionArgs

ObjectIdentifier string: Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
Value string: Specifies the base64-encoded value of the X.509 extension.
Critical bool: Specifies the critical flag of the X.509 extension.

ObjectIdentifier string: Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
Value string: Specifies the base64-encoded value of the X.509 extension.
Critical bool: Specifies the critical flag of the X.509 extension.

objectIdentifier String: Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
value String: Specifies the base64-encoded value of the X.509 extension.
critical Boolean: Specifies the critical flag of the X.509 extension.

objectIdentifier string: Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
value string: Specifies the base64-encoded value of the X.509 extension.
critical boolean: Specifies the critical flag of the X.509 extension.

object_identifier str: Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
value str: Specifies the base64-encoded value of the X.509 extension.
critical bool: Specifies the critical flag of the X.509 extension.

objectIdentifier String: Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
value String: Specifies the base64-encoded value of the X.509 extension.
critical Boolean: Specifies the critical flag of the X.509 extension.

CertificateEdiPartyName, CertificateEdiPartyNameArgs

NameAssigner string: Specifies the name assigner.
PartyName string: Specifies the party name.

NameAssigner string: Specifies the name assigner.
PartyName string: Specifies the party name.

nameAssigner String: Specifies the name assigner.
partyName String: Specifies the party name.

nameAssigner string: Specifies the name assigner.
partyName string: Specifies the party name.

name_assigner str: Specifies the name assigner.
party_name str: Specifies the party name.

nameAssigner String: Specifies the name assigner.
partyName String: Specifies the party name.

CertificateExtendedKeyUsage, CertificateExtendedKeyUsageArgs

ExtendedKeyUsageObjectIdentifier string: Specifies a custom ExtendedKeyUsage with an object identifier (OID).
ExtendedKeyUsageType string: Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.

ExtendedKeyUsageObjectIdentifier string: Specifies a custom ExtendedKeyUsage with an object identifier (OID).
ExtendedKeyUsageType string: Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.

extendedKeyUsageObjectIdentifier String: Specifies a custom ExtendedKeyUsage with an object identifier (OID).
extendedKeyUsageType String: Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.

extendedKeyUsageObjectIdentifier string: Specifies a custom ExtendedKeyUsage with an object identifier (OID).
extendedKeyUsageType string: Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.

extended_key_usage_object_identifier str: Specifies a custom ExtendedKeyUsage with an object identifier (OID).
extended_key_usage_type str: Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.

extendedKeyUsageObjectIdentifier String: Specifies a custom ExtendedKeyUsage with an object identifier (OID).
extendedKeyUsageType String: Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.

CertificateExtensions, CertificateExtensionsArgs

CertificatePolicies List<Pulumi.AwsNative.Acmpca.Inputs.CertificatePolicyInformation>: Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
CustomExtensions List<Pulumi.AwsNative.Acmpca.Inputs.CertificateCustomExtension>: Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
ExtendedKeyUsage List<Pulumi.AwsNative.Acmpca.Inputs.CertificateExtendedKeyUsage>: Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
KeyUsage Pulumi.AwsNative.Acmpca.Inputs.CertificateKeyUsage: Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
SubjectAlternativeNames List<Pulumi.AwsNative.Acmpca.Inputs.CertificateGeneralName>: The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

CertificatePolicies []CertificatePolicyInformation: Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
CustomExtensions []CertificateCustomExtension: Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
ExtendedKeyUsage []CertificateExtendedKeyUsage: Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
KeyUsage CertificateKeyUsage: Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
SubjectAlternativeNames []CertificateGeneralName: The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

certificatePolicies List<CertificatePolicyInformation>: Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
customExtensions List<CertificateCustomExtension>: Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
extendedKeyUsage List<CertificateExtendedKeyUsage>: Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
keyUsage CertificateKeyUsage: Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
subjectAlternativeNames List<CertificateGeneralName>: The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

certificatePolicies CertificatePolicyInformation[]: Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
customExtensions CertificateCustomExtension[]: Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
extendedKeyUsage CertificateExtendedKeyUsage[]: Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
keyUsage CertificateKeyUsage: Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
subjectAlternativeNames CertificateGeneralName[]: The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

certificate_policies Sequence[CertificatePolicyInformation]: Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
custom_extensions Sequence[CertificateCustomExtension]: Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
extended_key_usage Sequence[CertificateExtendedKeyUsage]: Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
key_usage CertificateKeyUsage: Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
subject_alternative_names Sequence[CertificateGeneralName]: The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

certificatePolicies List<Property Map>: Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
customExtensions List<Property Map>: Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
extendedKeyUsage List<Property Map>: Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
keyUsage Property Map: Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
subjectAlternativeNames List<Property Map>: The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

CertificateGeneralName, CertificateGeneralNameArgs

DirectoryName Pulumi.AwsNative.Acmpca.Inputs.CertificateSubject: Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
DnsName string: Represents GeneralName as a DNS name.
EdiPartyName Pulumi.AwsNative.Acmpca.Inputs.CertificateEdiPartyName: Represents GeneralName as an EdiPartyName object.
IpAddress string: Represents GeneralName as an IPv4 or IPv6 address.
OtherName Pulumi.AwsNative.Acmpca.Inputs.CertificateOtherName: Represents GeneralName using an OtherName object.
RegisteredId string: Represents GeneralName as an object identifier (OID).
Rfc822Name string: Represents GeneralName as an RFC 822 email address.
UniformResourceIdentifier string: Represents GeneralName as a URI.

DirectoryName CertificateSubject: Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
DnsName string: Represents GeneralName as a DNS name.
EdiPartyName CertificateEdiPartyName: Represents GeneralName as an EdiPartyName object.
IpAddress string: Represents GeneralName as an IPv4 or IPv6 address.
OtherName CertificateOtherName: Represents GeneralName using an OtherName object.
RegisteredId string: Represents GeneralName as an object identifier (OID).
Rfc822Name string: Represents GeneralName as an RFC 822 email address.
UniformResourceIdentifier string: Represents GeneralName as a URI.

directoryName CertificateSubject: Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
dnsName String: Represents GeneralName as a DNS name.
ediPartyName CertificateEdiPartyName: Represents GeneralName as an EdiPartyName object.
ipAddress String: Represents GeneralName as an IPv4 or IPv6 address.
otherName CertificateOtherName: Represents GeneralName using an OtherName object.
registeredId String: Represents GeneralName as an object identifier (OID).
rfc822Name String: Represents GeneralName as an RFC 822 email address.
uniformResourceIdentifier String: Represents GeneralName as a URI.

directoryName CertificateSubject: Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
dnsName string: Represents GeneralName as a DNS name.
ediPartyName CertificateEdiPartyName: Represents GeneralName as an EdiPartyName object.
ipAddress string: Represents GeneralName as an IPv4 or IPv6 address.
otherName CertificateOtherName: Represents GeneralName using an OtherName object.
registeredId string: Represents GeneralName as an object identifier (OID).
rfc822Name string: Represents GeneralName as an RFC 822 email address.
uniformResourceIdentifier string: Represents GeneralName as a URI.

directory_name CertificateSubject: Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
dns_name str: Represents GeneralName as a DNS name.
edi_party_name CertificateEdiPartyName: Represents GeneralName as an EdiPartyName object.
ip_address str: Represents GeneralName as an IPv4 or IPv6 address.
other_name CertificateOtherName: Represents GeneralName using an OtherName object.
registered_id str: Represents GeneralName as an object identifier (OID).
rfc822_name str: Represents GeneralName as an RFC 822 email address.
uniform_resource_identifier str: Represents GeneralName as a URI.

directoryName Property Map: Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
dnsName String: Represents GeneralName as a DNS name.
ediPartyName Property Map: Represents GeneralName as an EdiPartyName object.
ipAddress String: Represents GeneralName as an IPv4 or IPv6 address.
otherName Property Map: Represents GeneralName using an OtherName object.
registeredId String: Represents GeneralName as an object identifier (OID).
rfc822Name String: Represents GeneralName as an RFC 822 email address.
uniformResourceIdentifier String: Represents GeneralName as a URI.

CertificateKeyUsage, CertificateKeyUsageArgs

CrlSign bool: Key can be used to sign CRLs.
DataEncipherment bool: Key can be used to decipher data.
DecipherOnly bool: Key can be used only to decipher data.
DigitalSignature bool: Key can be used for digital signing.
EncipherOnly bool: Key can be used only to encipher data.
KeyAgreement bool: Key can be used in a key-agreement protocol.
KeyCertSign bool: Key can be used to sign certificates.
KeyEncipherment bool: Key can be used to encipher data.
NonRepudiation bool: Key can be used for non-repudiation.

CrlSign bool: Key can be used to sign CRLs.
DataEncipherment bool: Key can be used to decipher data.
DecipherOnly bool: Key can be used only to decipher data.
DigitalSignature bool: Key can be used for digital signing.
EncipherOnly bool: Key can be used only to encipher data.
KeyAgreement bool: Key can be used in a key-agreement protocol.
KeyCertSign bool: Key can be used to sign certificates.
KeyEncipherment bool: Key can be used to encipher data.
NonRepudiation bool: Key can be used for non-repudiation.

crlSign Boolean: Key can be used to sign CRLs.
dataEncipherment Boolean: Key can be used to decipher data.
decipherOnly Boolean: Key can be used only to decipher data.
digitalSignature Boolean: Key can be used for digital signing.
encipherOnly Boolean: Key can be used only to encipher data.
keyAgreement Boolean: Key can be used in a key-agreement protocol.
keyCertSign Boolean: Key can be used to sign certificates.
keyEncipherment Boolean: Key can be used to encipher data.
nonRepudiation Boolean: Key can be used for non-repudiation.

crlSign boolean: Key can be used to sign CRLs.
dataEncipherment boolean: Key can be used to decipher data.
decipherOnly boolean: Key can be used only to decipher data.
digitalSignature boolean: Key can be used for digital signing.
encipherOnly boolean: Key can be used only to encipher data.
keyAgreement boolean: Key can be used in a key-agreement protocol.
keyCertSign boolean: Key can be used to sign certificates.
keyEncipherment boolean: Key can be used to encipher data.
nonRepudiation boolean: Key can be used for non-repudiation.

crl_sign bool: Key can be used to sign CRLs.
data_encipherment bool: Key can be used to decipher data.
decipher_only bool: Key can be used only to decipher data.
digital_signature bool: Key can be used for digital signing.
encipher_only bool: Key can be used only to encipher data.
key_agreement bool: Key can be used in a key-agreement protocol.
key_cert_sign bool: Key can be used to sign certificates.
key_encipherment bool: Key can be used to encipher data.
non_repudiation bool: Key can be used for non-repudiation.

crlSign Boolean: Key can be used to sign CRLs.
dataEncipherment Boolean: Key can be used to decipher data.
decipherOnly Boolean: Key can be used only to decipher data.
digitalSignature Boolean: Key can be used for digital signing.
encipherOnly Boolean: Key can be used only to encipher data.
keyAgreement Boolean: Key can be used in a key-agreement protocol.
keyCertSign Boolean: Key can be used to sign certificates.
keyEncipherment Boolean: Key can be used to encipher data.
nonRepudiation Boolean: Key can be used for non-repudiation.

CertificateOtherName, CertificateOtherNameArgs

TypeId string: Specifies an OID.
Value string: Specifies an OID value.

TypeId string: Specifies an OID.
Value string: Specifies an OID value.

typeId String: Specifies an OID.
value String: Specifies an OID value.

typeId string: Specifies an OID.
value string: Specifies an OID value.

type_id str: Specifies an OID.
value str: Specifies an OID value.

typeId String: Specifies an OID.
value String: Specifies an OID value.

CertificatePolicyInformation, CertificatePolicyInformationArgs

CertPolicyId string: Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
PolicyQualifiers List<Pulumi.AwsNative.Acmpca.Inputs.CertificatePolicyQualifierInfo>: Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.

CertPolicyId string: Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
PolicyQualifiers []CertificatePolicyQualifierInfo: Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.

certPolicyId String: Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
policyQualifiers List<CertificatePolicyQualifierInfo>: Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.

certPolicyId string: Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
policyQualifiers CertificatePolicyQualifierInfo[]: Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.

cert_policy_id str: Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
policy_qualifiers Sequence[CertificatePolicyQualifierInfo]: Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.

certPolicyId String: Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
policyQualifiers List<Property Map>: Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.

CertificatePolicyQualifierInfo, CertificatePolicyQualifierInfoArgs

PolicyQualifierId string: Identifies the qualifier modifying a CertPolicyId.
Qualifier Pulumi.AwsNative.Acmpca.Inputs.CertificateQualifier: Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.

PolicyQualifierId string: Identifies the qualifier modifying a CertPolicyId.
Qualifier CertificateQualifier: Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.

policyQualifierId String: Identifies the qualifier modifying a CertPolicyId.
qualifier CertificateQualifier: Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.

policyQualifierId string: Identifies the qualifier modifying a CertPolicyId.
qualifier CertificateQualifier: Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.

policy_qualifier_id str: Identifies the qualifier modifying a CertPolicyId.
qualifier CertificateQualifier: Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.

policyQualifierId String: Identifies the qualifier modifying a CertPolicyId.
qualifier Property Map: Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.

CertificateQualifier, CertificateQualifierArgs

CpsUri string: Contains a pointer to a certification practice statement (CPS) published by the CA.

CpsUri string: Contains a pointer to a certification practice statement (CPS) published by the CA.

cpsUri String: Contains a pointer to a certification practice statement (CPS) published by the CA.

cpsUri string: Contains a pointer to a certification practice statement (CPS) published by the CA.

cps_uri str: Contains a pointer to a certification practice statement (CPS) published by the CA.

cpsUri String: Contains a pointer to a certification practice statement (CPS) published by the CA.

CertificateSubject, CertificateSubjectArgs

CommonName string: For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
Country string: Two-digit code that specifies the country in which the certificate subject located.
CustomAttributes List<Pulumi.AwsNative.Acmpca.Inputs.CertificateCustomAttribute>: Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
DistinguishedNameQualifier string: Disambiguating information for the certificate subject.
GenerationQualifier string: Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
GivenName string: First name.
Initials string: Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
Locality string: The locality (such as a city or town) in which the certificate subject is located.
Organization string: Legal name of the organization with which the certificate subject is affiliated.
OrganizationalUnit string: A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
Pseudonym string: Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
SerialNumber string: The certificate serial number.
State string: State in which the subject of the certificate is located.
Surname string: Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
Title string: A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.

CommonName string: For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
Country string: Two-digit code that specifies the country in which the certificate subject located.
CustomAttributes []CertificateCustomAttribute: Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
DistinguishedNameQualifier string: Disambiguating information for the certificate subject.
GenerationQualifier string: Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
GivenName string: First name.
Initials string: Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
Locality string: The locality (such as a city or town) in which the certificate subject is located.
Organization string: Legal name of the organization with which the certificate subject is affiliated.
OrganizationalUnit string: A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
Pseudonym string: Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
SerialNumber string: The certificate serial number.
State string: State in which the subject of the certificate is located.
Surname string: Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
Title string: A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.

commonName String: For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
country String: Two-digit code that specifies the country in which the certificate subject located.
customAttributes List<CertificateCustomAttribute>: Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
distinguishedNameQualifier String: Disambiguating information for the certificate subject.
generationQualifier String: Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
givenName String: First name.
initials String: Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
locality String: The locality (such as a city or town) in which the certificate subject is located.
organization String: Legal name of the organization with which the certificate subject is affiliated.
organizationalUnit String: A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
pseudonym String: Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
serialNumber String: The certificate serial number.
state String: State in which the subject of the certificate is located.
surname String: Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
title String: A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.

commonName string: For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
country string: Two-digit code that specifies the country in which the certificate subject located.
customAttributes CertificateCustomAttribute[]: Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
distinguishedNameQualifier string: Disambiguating information for the certificate subject.
generationQualifier string: Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
givenName string: First name.
initials string: Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
locality string: The locality (such as a city or town) in which the certificate subject is located.
organization string: Legal name of the organization with which the certificate subject is affiliated.
organizationalUnit string: A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
pseudonym string: Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
serialNumber string: The certificate serial number.
state string: State in which the subject of the certificate is located.
surname string: Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
title string: A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.

common_name str: For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
country str: Two-digit code that specifies the country in which the certificate subject located.
custom_attributes Sequence[CertificateCustomAttribute]: Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
distinguished_name_qualifier str: Disambiguating information for the certificate subject.
generation_qualifier str: Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
given_name str: First name.
initials str: Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
locality str: The locality (such as a city or town) in which the certificate subject is located.
organization str: Legal name of the organization with which the certificate subject is affiliated.
organizational_unit str: A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
pseudonym str: Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
serial_number str: The certificate serial number.
state str: State in which the subject of the certificate is located.
surname str: Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
title str: A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.

commonName String: For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
country String: Two-digit code that specifies the country in which the certificate subject located.
customAttributes List<Property Map>: Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
distinguishedNameQualifier String: Disambiguating information for the certificate subject.
generationQualifier String: Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
givenName String: First name.
initials String: Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
locality String: The locality (such as a city or town) in which the certificate subject is located.
organization String: Legal name of the organization with which the certificate subject is affiliated.
organizationalUnit String: A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
pseudonym String: Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
serialNumber String: The certificate serial number.
state String: State in which the subject of the certificate is located.
surname String: Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
title String: A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.

CertificateValidity, CertificateValidityArgs

Type string: Specifies whether the Value parameter represents days, months, or years.
Value double: A long integer interpreted according to the value of Type, below.

Type string: Specifies whether the Value parameter represents days, months, or years.
Value float64: A long integer interpreted according to the value of Type, below.

type String: Specifies whether the Value parameter represents days, months, or years.
value Double: A long integer interpreted according to the value of Type, below.

type string: Specifies whether the Value parameter represents days, months, or years.
value number: A long integer interpreted according to the value of Type, below.

type str: Specifies whether the Value parameter represents days, months, or years.
value float: A long integer interpreted according to the value of Type, below.

type String: Specifies whether the Value parameter represents days, months, or years.
value Number: A long integer interpreted according to the value of Type, below.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.102.0 published on Tuesday, Apr 16, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.acmpca.Certificate

On this page

On this page

Create Certificate Resource

Constructor syntax

Parameters

Example

Certificate Resource Properties

Inputs

Outputs

Supporting Types

CertificateApiPassthrough, CertificateApiPassthroughArgs

CertificateCustomAttribute, CertificateCustomAttributeArgs

CertificateCustomExtension, CertificateCustomExtensionArgs

CertificateEdiPartyName, CertificateEdiPartyNameArgs

CertificateExtendedKeyUsage, CertificateExtendedKeyUsageArgs

CertificateExtensions, CertificateExtensionsArgs

CertificateGeneralName, CertificateGeneralNameArgs

CertificateKeyUsage, CertificateKeyUsageArgs

CertificateOtherName, CertificateOtherNameArgs

CertificatePolicyInformation, CertificatePolicyInformationArgs

CertificatePolicyQualifierInfo, CertificatePolicyQualifierInfoArgs

CertificateQualifier, CertificateQualifierArgs

CertificateSubject, CertificateSubjectArgs

CertificateValidity, CertificateValidityArgs

Package Details

On this page

On this page