Struct aws_sdk_acmpca::input::IssueCertificateInput
source · [−]#[non_exhaustive]pub struct IssueCertificateInput {
pub api_passthrough: Option<ApiPassthrough>,
pub certificate_authority_arn: Option<String>,
pub csr: Option<Blob>,
pub signing_algorithm: Option<SigningAlgorithm>,
pub template_arn: Option<String>,
pub validity: Option<Validity>,
pub validity_not_before: Option<Validity>,
pub idempotency_token: Option<String>,
}
Fields (Non-exhaustive)
This struct is marked as non-exhaustive
Struct { .. }
syntax; cannot be matched against without a wildcard ..
; and struct update syntax will not work.api_passthrough: Option<ApiPassthrough>
Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough
or APICSRPassthrough
template variant must be selected, or else this parameter is ignored. For more information about using these templates, see Understanding Certificate Templates.
If conflicting or duplicate certificate information is supplied during certificate issuance, ACM Private CA applies order of operation rules to determine what information is used.
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
csr: Option<Blob>
The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the following OpenSSL command to create the CSR and a 2048 bit RSA private key.
openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
If you have a configuration file, you can then use the following OpenSSL command. The usr_cert
block in the configuration file contains your X509 version 3 extensions.
openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
Note: A CSR must provide either a subject name or a subject alternative name or the request will be rejected.
signing_algorithm: Option<SigningAlgorithm>
The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the SigningAlgorithm
parameter used to sign a CSR in the CreateCertificateAuthority
action.
template_arn: Option<String>
Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, ACM Private CA defaults to the EndEntityCertificate/V1
template. For CA certificates, you should choose the shortest path length that meets your needs. The path length is indicated by the PathLenN portion of the ARN, where N is the CA depth.
Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the CA hierarchy.
For a list of TemplateArn
values supported by ACM Private CA, see Understanding Certificate Templates.
validity: Option<Validity>
Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate.
Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280.
This value is unaffected when ValidityNotBefore
is also specified. For example, if Validity
is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore
value.
The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA hierarchy.
validity_not_before: Option<Validity>
Information describing the start of the validity period of the certificate. This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, ACM Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore
parameter can be used to customize the “Not Before” value.
Unlike the Validity
parameter, the ValidityNotBefore
parameter is optional.
The ValidityNotBefore
value is expressed as an explicit date and time, using the Validity
type value ABSOLUTE
. For more information, see Validity in this API reference and Validity in RFC 5280.
idempotency_token: Option<String>
Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action. Idempotency tokens for IssueCertificate time out after one minute. Therefore, if you call IssueCertificate multiple times with the same idempotency token within one minute, ACM Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the idempotency token for each call, PCA recognizes that you are requesting multiple certificates.
Implementations
sourceimpl IssueCertificateInput
impl IssueCertificateInput
sourcepub async fn make_operation(
&self,
_config: &Config
) -> Result<Operation<IssueCertificate, AwsErrorRetryPolicy>, BuildError>
pub async fn make_operation(
&self,
_config: &Config
) -> Result<Operation<IssueCertificate, AwsErrorRetryPolicy>, BuildError>
Consumes the builder and constructs an Operation<IssueCertificate
>
sourcepub fn builder() -> Builder
pub fn builder() -> Builder
Creates a new builder-style object to manufacture IssueCertificateInput
sourceimpl IssueCertificateInput
impl IssueCertificateInput
sourcepub fn api_passthrough(&self) -> Option<&ApiPassthrough>
pub fn api_passthrough(&self) -> Option<&ApiPassthrough>
Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough
or APICSRPassthrough
template variant must be selected, or else this parameter is ignored. For more information about using these templates, see Understanding Certificate Templates.
If conflicting or duplicate certificate information is supplied during certificate issuance, ACM Private CA applies order of operation rules to determine what information is used.
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
sourcepub fn csr(&self) -> Option<&Blob>
pub fn csr(&self) -> Option<&Blob>
The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the following OpenSSL command to create the CSR and a 2048 bit RSA private key.
openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
If you have a configuration file, you can then use the following OpenSSL command. The usr_cert
block in the configuration file contains your X509 version 3 extensions.
openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
Note: A CSR must provide either a subject name or a subject alternative name or the request will be rejected.
sourcepub fn signing_algorithm(&self) -> Option<&SigningAlgorithm>
pub fn signing_algorithm(&self) -> Option<&SigningAlgorithm>
The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the SigningAlgorithm
parameter used to sign a CSR in the CreateCertificateAuthority
action.
sourcepub fn template_arn(&self) -> Option<&str>
pub fn template_arn(&self) -> Option<&str>
Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, ACM Private CA defaults to the EndEntityCertificate/V1
template. For CA certificates, you should choose the shortest path length that meets your needs. The path length is indicated by the PathLenN portion of the ARN, where N is the CA depth.
Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the CA hierarchy.
For a list of TemplateArn
values supported by ACM Private CA, see Understanding Certificate Templates.
sourcepub fn validity(&self) -> Option<&Validity>
pub fn validity(&self) -> Option<&Validity>
Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate.
Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280.
This value is unaffected when ValidityNotBefore
is also specified. For example, if Validity
is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore
value.
The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA hierarchy.
sourcepub fn validity_not_before(&self) -> Option<&Validity>
pub fn validity_not_before(&self) -> Option<&Validity>
Information describing the start of the validity period of the certificate. This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, ACM Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore
parameter can be used to customize the “Not Before” value.
Unlike the Validity
parameter, the ValidityNotBefore
parameter is optional.
The ValidityNotBefore
value is expressed as an explicit date and time, using the Validity
type value ABSOLUTE
. For more information, see Validity in this API reference and Validity in RFC 5280.
sourcepub fn idempotency_token(&self) -> Option<&str>
pub fn idempotency_token(&self) -> Option<&str>
Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action. Idempotency tokens for IssueCertificate time out after one minute. Therefore, if you call IssueCertificate multiple times with the same idempotency token within one minute, ACM Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the idempotency token for each call, PCA recognizes that you are requesting multiple certificates.
Trait Implementations
sourceimpl Clone for IssueCertificateInput
impl Clone for IssueCertificateInput
sourcefn clone(&self) -> IssueCertificateInput
fn clone(&self) -> IssueCertificateInput
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
sourceimpl Debug for IssueCertificateInput
impl Debug for IssueCertificateInput
sourceimpl PartialEq<IssueCertificateInput> for IssueCertificateInput
impl PartialEq<IssueCertificateInput> for IssueCertificateInput
sourcefn eq(&self, other: &IssueCertificateInput) -> bool
fn eq(&self, other: &IssueCertificateInput) -> bool
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
sourcefn ne(&self, other: &IssueCertificateInput) -> bool
fn ne(&self, other: &IssueCertificateInput) -> bool
This method tests for !=
.
impl StructuralPartialEq for IssueCertificateInput
Auto Trait Implementations
impl RefUnwindSafe for IssueCertificateInput
impl Send for IssueCertificateInput
impl Sync for IssueCertificateInput
impl Unpin for IssueCertificateInput
impl UnwindSafe for IssueCertificateInput
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more
sourceimpl<T> WithSubscriber for T
impl<T> WithSubscriber for T
sourcefn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
sourcefn with_current_subscriber(self) -> WithDispatch<Self>
fn with_current_subscriber(self) -> WithDispatch<Self>
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more