public static interface ViewerCertificate.Builder extends CopyableBuilder<ViewerCertificate.Builder,ViewerCertificate>
Modifier and Type | Method and Description |
---|---|
ViewerCertificate.Builder |
acmCertificateArn(String acmCertificateArn)
For information about how and when to use
ACMCertificateArn , see ViewerCertificate. |
ViewerCertificate.Builder |
certificate(String certificate)
This field has been deprecated.
|
ViewerCertificate.Builder |
certificateSource(CertificateSource certificateSource)
This field has been deprecated.
|
ViewerCertificate.Builder |
certificateSource(String certificateSource)
This field has been deprecated.
|
ViewerCertificate.Builder |
cloudFrontDefaultCertificate(Boolean cloudFrontDefaultCertificate)
For information about how and when to use
CloudFrontDefaultCertificate , see
ViewerCertificate. |
ViewerCertificate.Builder |
iamCertificateId(String iamCertificateId)
For information about how and when to use
IAMCertificateId , see ViewerCertificate. |
ViewerCertificate.Builder |
minimumProtocolVersion(MinimumProtocolVersion minimumProtocolVersion)
Specify the security policy that you want CloudFront to use for HTTPS connections.
|
ViewerCertificate.Builder |
minimumProtocolVersion(String minimumProtocolVersion)
Specify the security policy that you want CloudFront to use for HTTPS connections.
|
ViewerCertificate.Builder |
sslSupportMethod(SSLSupportMethod sslSupportMethod)
If you specify a value for ViewerCertificate$ACMCertificateArn or for
ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS
requests: using a method that works for all clients or one that works for most clients:
|
ViewerCertificate.Builder |
sslSupportMethod(String sslSupportMethod)
If you specify a value for ViewerCertificate$ACMCertificateArn or for
ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS
requests: using a method that works for all clients or one that works for most clients:
|
copy
applyMutation, build
ViewerCertificate.Builder cloudFrontDefaultCertificate(Boolean cloudFrontDefaultCertificate)
For information about how and when to use CloudFrontDefaultCertificate
, see
ViewerCertificate.
cloudFrontDefaultCertificate
- For information about how and when to use CloudFrontDefaultCertificate
, see
ViewerCertificate.ViewerCertificate.Builder iamCertificateId(String iamCertificateId)
For information about how and when to use IAMCertificateId
, see ViewerCertificate.
iamCertificateId
- For information about how and when to use IAMCertificateId
, see ViewerCertificate.ViewerCertificate.Builder acmCertificateArn(String acmCertificateArn)
For information about how and when to use ACMCertificateArn
, see ViewerCertificate.
acmCertificateArn
- For information about how and when to use ACMCertificateArn
, see
ViewerCertificate.ViewerCertificate.Builder sslSupportMethod(String sslSupportMethod)
If you specify a value for ViewerCertificate$ACMCertificateArn or for ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:
vip
: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests
from any viewer. However, you will incur additional monthly charges.
sni-only
: CloudFront can respond to HTTPS requests from viewers that support Server Name
Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some
of your users' browsers don't support SNI, we recommend that you do one of the following:
Use the vip
option (dedicated IP addresses) instead of sni-only
.
Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
CloudFront domain name of your distribution in the URLs for your objects, for example,
https://d111111abcdef8.cloudfront.net/logo.png
.
If you can control which browser your users use, upgrade the browser to one that supports SNI.
Use HTTP instead of HTTPS.
Don't specify a value for SSLSupportMethod
if you specified
<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
.
For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
sslSupportMethod
- If you specify a value for ViewerCertificate$ACMCertificateArn or for
ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve
HTTPS requests: using a method that works for all clients or one that works for most clients:
vip
: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS
requests from any viewer. However, you will incur additional monthly charges.
sni-only
: CloudFront can respond to HTTPS requests from viewers that support Server Name
Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI.
If some of your users' browsers don't support SNI, we recommend that you do one of the following:
Use the vip
option (dedicated IP addresses) instead of sni-only
.
Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
CloudFront domain name of your distribution in the URLs for your objects, for example,
https://d111111abcdef8.cloudfront.net/logo.png
.
If you can control which browser your users use, upgrade the browser to one that supports SNI.
Use HTTP instead of HTTPS.
Don't specify a value for SSLSupportMethod
if you specified
<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
.
For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
SSLSupportMethod
,
SSLSupportMethod
ViewerCertificate.Builder sslSupportMethod(SSLSupportMethod sslSupportMethod)
If you specify a value for ViewerCertificate$ACMCertificateArn or for ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:
vip
: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests
from any viewer. However, you will incur additional monthly charges.
sni-only
: CloudFront can respond to HTTPS requests from viewers that support Server Name
Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some
of your users' browsers don't support SNI, we recommend that you do one of the following:
Use the vip
option (dedicated IP addresses) instead of sni-only
.
Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
CloudFront domain name of your distribution in the URLs for your objects, for example,
https://d111111abcdef8.cloudfront.net/logo.png
.
If you can control which browser your users use, upgrade the browser to one that supports SNI.
Use HTTP instead of HTTPS.
Don't specify a value for SSLSupportMethod
if you specified
<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
.
For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
sslSupportMethod
- If you specify a value for ViewerCertificate$ACMCertificateArn or for
ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve
HTTPS requests: using a method that works for all clients or one that works for most clients:
vip
: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS
requests from any viewer. However, you will incur additional monthly charges.
sni-only
: CloudFront can respond to HTTPS requests from viewers that support Server Name
Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI.
If some of your users' browsers don't support SNI, we recommend that you do one of the following:
Use the vip
option (dedicated IP addresses) instead of sni-only
.
Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the
CloudFront domain name of your distribution in the URLs for your objects, for example,
https://d111111abcdef8.cloudfront.net/logo.png
.
If you can control which browser your users use, upgrade the browser to one that supports SNI.
Use HTTP instead of HTTPS.
Don't specify a value for SSLSupportMethod
if you specified
<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
.
For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
SSLSupportMethod
,
SSLSupportMethod
ViewerCertificate.Builder minimumProtocolVersion(String minimumProtocolVersion)
Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:
The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers
The cipher that CloudFront uses to encrypt the content that it returns to viewers
On the CloudFront console, this setting is called Security policy.
We recommend that you specify TLSv1.1_2016
unless your users are using browsers or devices that
do not support TLSv1.1 or later.
When both of the following are true, you must specify TLSv1
or later for the security policy:
You're using a custom certificate: you specified a value for ACMCertificateArn
or for
IAMCertificateId
You're using SNI: you specified sni-only
for SSLSupportMethod
If you specify true
for CloudFrontDefaultCertificate
, CloudFront automatically sets
the security policy to TLSv1
regardless of the value that you specify for
MinimumProtocolVersion
.
For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.
minimumProtocolVersion
- Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy
determines two settings:
The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers
The cipher that CloudFront uses to encrypt the content that it returns to viewers
On the CloudFront console, this setting is called Security policy.
We recommend that you specify TLSv1.1_2016
unless your users are using browsers or
devices that do not support TLSv1.1 or later.
When both of the following are true, you must specify TLSv1
or later for the security
policy:
You're using a custom certificate: you specified a value for ACMCertificateArn
or for
IAMCertificateId
You're using SNI: you specified sni-only
for SSLSupportMethod
If you specify true
for CloudFrontDefaultCertificate
, CloudFront
automatically sets the security policy to TLSv1
regardless of the value that you specify
for MinimumProtocolVersion
.
For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.
MinimumProtocolVersion
,
MinimumProtocolVersion
ViewerCertificate.Builder minimumProtocolVersion(MinimumProtocolVersion minimumProtocolVersion)
Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:
The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers
The cipher that CloudFront uses to encrypt the content that it returns to viewers
On the CloudFront console, this setting is called Security policy.
We recommend that you specify TLSv1.1_2016
unless your users are using browsers or devices that
do not support TLSv1.1 or later.
When both of the following are true, you must specify TLSv1
or later for the security policy:
You're using a custom certificate: you specified a value for ACMCertificateArn
or for
IAMCertificateId
You're using SNI: you specified sni-only
for SSLSupportMethod
If you specify true
for CloudFrontDefaultCertificate
, CloudFront automatically sets
the security policy to TLSv1
regardless of the value that you specify for
MinimumProtocolVersion
.
For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.
minimumProtocolVersion
- Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy
determines two settings:
The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers
The cipher that CloudFront uses to encrypt the content that it returns to viewers
On the CloudFront console, this setting is called Security policy.
We recommend that you specify TLSv1.1_2016
unless your users are using browsers or
devices that do not support TLSv1.1 or later.
When both of the following are true, you must specify TLSv1
or later for the security
policy:
You're using a custom certificate: you specified a value for ACMCertificateArn
or for
IAMCertificateId
You're using SNI: you specified sni-only
for SSLSupportMethod
If you specify true
for CloudFrontDefaultCertificate
, CloudFront
automatically sets the security policy to TLSv1
regardless of the value that you specify
for MinimumProtocolVersion
.
For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.
MinimumProtocolVersion
,
MinimumProtocolVersion
ViewerCertificate.Builder certificate(String certificate)
This field has been deprecated. Use one of the following fields instead:
certificate
- This field has been deprecated. Use one of the following fields instead:
ViewerCertificate.Builder certificateSource(String certificateSource)
This field has been deprecated. Use one of the following fields instead:
certificateSource
- This field has been deprecated. Use one of the following fields instead:
CertificateSource
,
CertificateSource
ViewerCertificate.Builder certificateSource(CertificateSource certificateSource)
This field has been deprecated. Use one of the following fields instead:
certificateSource
- This field has been deprecated. Use one of the following fields instead:
CertificateSource
,
CertificateSource
Copyright © 2017 Amazon Web Services, Inc. All Rights Reserved.