Package software.amazon.awssdk.services.acmpca.model

Interface CrlConfiguration.Builder

All Superinterfaces:
Buildable, CopyableBuilder<CrlConfiguration.Builder,CrlConfiguration>, SdkBuilder<CrlConfiguration.Builder,CrlConfiguration>, SdkPojo
Enclosing class:
CrlConfiguration
public static interface CrlConfiguration.Builder extends SdkPojo, CopyableBuilder<CrlConfiguration.Builder,CrlConfiguration>

  • Method Details

    • enabled

      CrlConfiguration.Builder enabled(Boolean enabled)

      Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority action or for an existing CA when you call the UpdateCertificateAuthority action.

      Parameters:
      enabled - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority action or for an existing CA when you call the UpdateCertificateAuthority action.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • expirationInDays

      CrlConfiguration.Builder expirationInDays(Integer expirationInDays)

      Validity period of the CRL in days.

      Parameters:
      expirationInDays - Validity period of the CRL in days.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • customCname

      CrlConfiguration.Builder customCname(String customCname)

      Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.

      The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

      Parameters:
      customCname - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.

      The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • s3BucketName

      CrlConfiguration.Builder s3BucketName(String s3BucketName)

      Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows Amazon Web Services Private CA to write the CRL to your bucket.

      The S3BucketName parameter must conform to the S3 bucket naming rules.

      Parameters:
      s3BucketName - Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows Amazon Web Services Private CA to write the CRL to your bucket.

      The S3BucketName parameter must conform to the S3 bucket naming rules.

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • s3ObjectAcl

      CrlConfiguration.Builder s3ObjectAcl(String s3ObjectAcl)

      Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

      If no value is specified, the default is PUBLIC_READ.

      Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

      For more information, see Blocking public access to the S3 bucket.

      Parameters:
      s3ObjectAcl - Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

      If no value is specified, the default is PUBLIC_READ.

      Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

      For more information, see Blocking public access to the S3 bucket.

      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • s3ObjectAcl

      CrlConfiguration.Builder s3ObjectAcl(S3ObjectAcl s3ObjectAcl)

      Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

      If no value is specified, the default is PUBLIC_READ.

      Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

      For more information, see Blocking public access to the S3 bucket.

      Parameters:
      s3ObjectAcl - Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

      If no value is specified, the default is PUBLIC_READ.

      Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

      For more information, see Blocking public access to the S3 bucket.

      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also: