certificate
Gets an individual certificate resource
Overview
| Name | certificate |
| Type | Resource |
| Description | certificate |
| Id | awscc.acmpca.certificate |
Fields
| Name | Datatype | Description |
|---|---|---|
api_passthrough | object | Specifies X.509 certificate information to be included in the issued certificate. An ``APIPassthrough`` or ``APICSRPassthrough`` template variant must be selected, or else this parameter is ignored. |
certificate_authority_arn | string | The Amazon Resource Name (ARN) for the private CA issues the certificate. |
certificate_signing_request | string | The certificate signing request (CSR) for the certificate. |
signing_algorithm | string | The name of the algorithm that will be used to sign the certificate to be issued. <br/> This parameter should not be confused with the ``SigningAlgorithm`` parameter used to sign a CSR in the ``CreateCertificateAuthority`` action.<br/> The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. |
template_arn | string | Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the ``EndEntityCertificate/V1`` template. For more information about PCAshort templates, see [Using Templates](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html). |
validity | object | The period of time during which the certificate will be valid. |
validity_not_before | object | Information describing the start of the validity period of the certificate. This parameter sets the “Not Before" date for the certificate.<br/> By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ``ValidityNotBefore`` parameter can be used to customize the “Not Before” value. <br/> Unlike the ``Validity`` parameter, the ``ValidityNotBefore`` parameter is optional.<br/> The ``ValidityNotBefore`` value is expressed as an explicit date and time, using the ``Validity`` type value ``ABSOLUTE``. |
certificate | string | |
arn | string | |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
api_passthrough,
certificate_authority_arn,
certificate_signing_request,
signing_algorithm,
template_arn,
validity,
validity_not_before,
certificate,
arn
FROM awscc.acmpca.certificate
WHERE data__Identifier = '<Arn>|<CertificateAuthorityArn>';
Permissions
To operate on the certificate resource, the following permissions are required:
Read
acm-pca:GetCertificate
Delete
acm-pca:GetCertificate