OcspConfiguration - AWS Private Certificate Authority (original) (raw)

Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.

Contents

Enabled

Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.

Type: Boolean

Required: Yes

OcspCustomCname

By default, AWS Private CA injects an AWS domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

Note

The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

For more information, see Customizing Online Certificate Status Protocol (OCSP) in the AWS Private Certificate Authority User Guide.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 253.

Pattern: [-a-zA-Z0-9;/?:@&=+$,%_.!~*()']*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++
• AWS SDK for Java V2
• AWS SDK for Ruby V3

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.