DeleteCertificateAuthorityAsync(DeleteCertificateAuthorityRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region DeletePermission
///
/// Revokes permissions on a private CA granted to the Certificate Manager (ACM) service
/// principal (acm.amazonaws.com).
///
///
///
/// These permissions allow ACM to issue and renew ACM certificates that reside in the
/// same Amazon Web Services account as the CA. If you revoke these permissions, ACM will
/// no longer renew the affected certificates automatically.
///
///
///
/// Permissions can be granted with the CreatePermission
/// action and listed with the ListPermissions
/// action.
///
/// About Permissions
///
///
-
///
/// If the private CA and the certificates it issues reside in the same account, you can
/// use
CreatePermission to grant permissions for ACM to carry out automatic
/// certificate renewals.
///
/// -
///
/// For automatic certificate renewal to succeed, the ACM service principal needs permissions
/// to create, retrieve, and list certificates.
///
///
-
///
/// If the private CA and the ACM certificates reside in different accounts, then permissions
/// cannot be used to enable automatic renewals. Instead, the ACM certificate owner must
/// set up a resource-based policy to enable cross-account issuance and renewals. For
/// more information, see Using
/// a Resource Based Policy with Amazon Web Services Private CA.
///
///
///
/// Container for the necessary parameters to execute the DeletePermission service method.
///
/// The response from the DeletePermission service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for DeletePermission Operation
DeletePermissionResponse DeletePermission(DeletePermissionRequest request);
///
/// Revokes permissions on a private CA granted to the Certificate Manager (ACM) service
/// principal (acm.amazonaws.com).
///
///
///
/// These permissions allow ACM to issue and renew ACM certificates that reside in the
/// same Amazon Web Services account as the CA. If you revoke these permissions, ACM will
/// no longer renew the affected certificates automatically.
///
///
///
/// Permissions can be granted with the CreatePermission
/// action and listed with the ListPermissions
/// action.
///
/// About Permissions
///
///
-
///
/// If the private CA and the certificates it issues reside in the same account, you can
/// use
CreatePermission to grant permissions for ACM to carry out automatic
/// certificate renewals.
///
/// -
///
/// For automatic certificate renewal to succeed, the ACM service principal needs permissions
/// to create, retrieve, and list certificates.
///
///
-
///
/// If the private CA and the ACM certificates reside in different accounts, then permissions
/// cannot be used to enable automatic renewals. Instead, the ACM certificate owner must
/// set up a resource-based policy to enable cross-account issuance and renewals. For
/// more information, see Using
/// a Resource Based Policy with Amazon Web Services Private CA.
///
///
///
/// Container for the necessary parameters to execute the DeletePermission service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the DeletePermission service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for DeletePermission Operation
Task DeletePermissionAsync(DeletePermissionRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region DeletePolicy
///
/// Deletes the resource-based policy attached to a private CA. Deletion will remove any
/// access that the policy has granted. If there is no policy attached to the private
/// CA, this action will return successful.
///
///
///
/// If you delete a policy that was applied through Amazon Web Services Resource Access
/// Manager (RAM), the CA will be removed from all shares in which it was included.
///
///
///
/// The Certificate Manager Service Linked Role that the policy supports is not affected
/// when you delete the policy.
///
///
///
/// The current policy can be shown with GetPolicy
/// and updated with PutPolicy.
///
/// About Policies
///
///
-
///
/// A policy grants access on a private CA to an Amazon Web Services customer account,
/// to Amazon Web Services Organizations, or to an Amazon Web Services Organizations unit.
/// Policies are under the control of a CA administrator. For more information, see Using a
/// Resource Based Policy with Amazon Web Services Private CA.
///
///
-
///
/// A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed
/// by a CA in another account.
///
///
-
///
/// For ACM to manage automatic renewal of these certificates, the ACM user must configure
/// a Service Linked Role (SLR). The SLR allows the ACM service to assume the identity
/// of the user, subject to confirmation against the Amazon Web Services Private CA policy.
/// For more information, see Using
/// a Service Linked Role with ACM.
///
///
-
///
/// Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies.
/// For more information, see Attach
/// a Policy for Cross-Account Access.
///
///
///
/// Container for the necessary parameters to execute the DeletePolicy service method.
///
/// The response from the DeletePolicy service method, as returned by ACMPCA.
///
/// A previous update to your private CA is still ongoing.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The current action was prevented because it would lock the caller out from performing
/// subsequent actions. Verify that the specified parameters would not result in the caller
/// being denied access to the resource.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for DeletePolicy Operation
DeletePolicyResponse DeletePolicy(DeletePolicyRequest request);
///
/// Deletes the resource-based policy attached to a private CA. Deletion will remove any
/// access that the policy has granted. If there is no policy attached to the private
/// CA, this action will return successful.
///
///
///
/// If you delete a policy that was applied through Amazon Web Services Resource Access
/// Manager (RAM), the CA will be removed from all shares in which it was included.
///
///
///
/// The Certificate Manager Service Linked Role that the policy supports is not affected
/// when you delete the policy.
///
///
///
/// The current policy can be shown with GetPolicy
/// and updated with PutPolicy.
///
/// About Policies
///
///
-
///
/// A policy grants access on a private CA to an Amazon Web Services customer account,
/// to Amazon Web Services Organizations, or to an Amazon Web Services Organizations unit.
/// Policies are under the control of a CA administrator. For more information, see Using a
/// Resource Based Policy with Amazon Web Services Private CA.
///
///
-
///
/// A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed
/// by a CA in another account.
///
///
-
///
/// For ACM to manage automatic renewal of these certificates, the ACM user must configure
/// a Service Linked Role (SLR). The SLR allows the ACM service to assume the identity
/// of the user, subject to confirmation against the Amazon Web Services Private CA policy.
/// For more information, see Using
/// a Service Linked Role with ACM.
///
///
-
///
/// Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies.
/// For more information, see Attach
/// a Policy for Cross-Account Access.
///
///
///
/// Container for the necessary parameters to execute the DeletePolicy service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the DeletePolicy service method, as returned by ACMPCA.
///
/// A previous update to your private CA is still ongoing.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The current action was prevented because it would lock the caller out from performing
/// subsequent actions. Verify that the specified parameters would not result in the caller
/// being denied access to the resource.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for DeletePolicy Operation
Task DeletePolicyAsync(DeletePolicyRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region DescribeCertificateAuthority
///
/// Lists information about your private certificate authority (CA) or one that has been
/// shared with you. You specify the private CA on input by its ARN (Amazon Resource Name).
/// The output contains the status of your CA. This can be any of the following:
///
/// -
///
///
CREATING - Amazon Web Services Private CA is creating your private certificate
/// authority.
///
/// -
///
///
PENDING_CERTIFICATE - The certificate is pending. You must use your
/// Amazon Web Services Private CA-hosted or on-premises root or subordinate CA to sign
/// your private CA CSR and then import it into Amazon Web Services Private CA.
///
/// -
///
///
ACTIVE - Your private CA is active.
///
/// -
///
///
DISABLED - Your private CA has been disabled.
///
/// -
///
///
EXPIRED - Your private CA certificate has expired.
///
/// -
///
///
FAILED - Your private CA has failed. Your CA can fail because of problems
/// such a network outage or back-end Amazon Web Services failure or other errors. A failed
/// CA can never return to the pending state. You must create a new CA.
///
/// -
///
///
DELETED - Your private CA is within the restoration period, after which
/// it is permanently deleted. The length of time remaining in the CA's restoration period
/// is also included in this action's output.
///
///
///
/// Container for the necessary parameters to execute the DescribeCertificateAuthority service method.
///
/// The response from the DescribeCertificateAuthority service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for DescribeCertificateAuthority Operation
DescribeCertificateAuthorityResponse DescribeCertificateAuthority(DescribeCertificateAuthorityRequest request);
///
/// Lists information about your private certificate authority (CA) or one that has been
/// shared with you. You specify the private CA on input by its ARN (Amazon Resource Name).
/// The output contains the status of your CA. This can be any of the following:
///
/// -
///
///
CREATING - Amazon Web Services Private CA is creating your private certificate
/// authority.
///
/// -
///
///
PENDING_CERTIFICATE - The certificate is pending. You must use your
/// Amazon Web Services Private CA-hosted or on-premises root or subordinate CA to sign
/// your private CA CSR and then import it into Amazon Web Services Private CA.
///
/// -
///
///
ACTIVE - Your private CA is active.
///
/// -
///
///
DISABLED - Your private CA has been disabled.
///
/// -
///
///
EXPIRED - Your private CA certificate has expired.
///
/// -
///
///
FAILED - Your private CA has failed. Your CA can fail because of problems
/// such a network outage or back-end Amazon Web Services failure or other errors. A failed
/// CA can never return to the pending state. You must create a new CA.
///
/// -
///
///
DELETED - Your private CA is within the restoration period, after which
/// it is permanently deleted. The length of time remaining in the CA's restoration period
/// is also included in this action's output.
///
///
///
/// Container for the necessary parameters to execute the DescribeCertificateAuthority service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the DescribeCertificateAuthority service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for DescribeCertificateAuthority Operation
Task DescribeCertificateAuthorityAsync(DescribeCertificateAuthorityRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region DescribeCertificateAuthorityAuditReport
///
/// Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport
/// action. Audit information is created every time the certificate authority (CA) private
/// key is used. The private key is used when you call the IssueCertificate
/// action or the RevokeCertificate
/// action.
///
/// Container for the necessary parameters to execute the DescribeCertificateAuthorityAuditReport service method.
///
/// The response from the DescribeCertificateAuthorityAuditReport service method, as returned by ACMPCA.
///
/// One or more of the specified arguments was not valid.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for DescribeCertificateAuthorityAuditReport Operation
DescribeCertificateAuthorityAuditReportResponse DescribeCertificateAuthorityAuditReport(DescribeCertificateAuthorityAuditReportRequest request);
///
/// Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport
/// action. Audit information is created every time the certificate authority (CA) private
/// key is used. The private key is used when you call the IssueCertificate
/// action or the RevokeCertificate
/// action.
///
/// Container for the necessary parameters to execute the DescribeCertificateAuthorityAuditReport service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the DescribeCertificateAuthorityAuditReport service method, as returned by ACMPCA.
///
/// One or more of the specified arguments was not valid.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for DescribeCertificateAuthorityAuditReport Operation
Task DescribeCertificateAuthorityAuditReportAsync(DescribeCertificateAuthorityAuditReportRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region GetCertificate
///
/// Retrieves a certificate from your private CA or one that has been shared with you.
/// The ARN of the certificate is returned when you call the IssueCertificate
/// action. You must specify both the ARN of your private CA and the ARN of the issued
/// certificate when calling the GetCertificate action. You can retrieve the certificate
/// if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport
/// action to create a report that contains information about all of the certificates
/// issued and revoked by your private CA.
///
/// Container for the necessary parameters to execute the GetCertificate service method.
///
/// The response from the GetCertificate service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// Your request is already in progress.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for GetCertificate Operation
GetCertificateResponse GetCertificate(GetCertificateRequest request);
///
/// Retrieves a certificate from your private CA or one that has been shared with you.
/// The ARN of the certificate is returned when you call the IssueCertificate
/// action. You must specify both the ARN of your private CA and the ARN of the issued
/// certificate when calling the GetCertificate action. You can retrieve the certificate
/// if it is in the ISSUED state. You can call the CreateCertificateAuthorityAuditReport
/// action to create a report that contains information about all of the certificates
/// issued and revoked by your private CA.
///
/// Container for the necessary parameters to execute the GetCertificate service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the GetCertificate service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// Your request is already in progress.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for GetCertificate Operation
Task GetCertificateAsync(GetCertificateRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region GetCertificateAuthorityCertificate
///
/// Retrieves the certificate and certificate chain for your private certificate authority
/// (CA) or one that has been shared with you. Both the certificate and the chain are
/// base64 PEM-encoded. The chain does not include the CA certificate. Each certificate
/// in the chain signs the one before it.
///
/// Container for the necessary parameters to execute the GetCertificateAuthorityCertificate service method.
///
/// The response from the GetCertificateAuthorityCertificate service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for GetCertificateAuthorityCertificate Operation
GetCertificateAuthorityCertificateResponse GetCertificateAuthorityCertificate(GetCertificateAuthorityCertificateRequest request);
///
/// Retrieves the certificate and certificate chain for your private certificate authority
/// (CA) or one that has been shared with you. Both the certificate and the chain are
/// base64 PEM-encoded. The chain does not include the CA certificate. Each certificate
/// in the chain signs the one before it.
///
/// Container for the necessary parameters to execute the GetCertificateAuthorityCertificate service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the GetCertificateAuthorityCertificate service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for GetCertificateAuthorityCertificate Operation
Task GetCertificateAuthorityCertificateAsync(GetCertificateAuthorityCertificateRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region GetCertificateAuthorityCsr
///
/// Retrieves the certificate signing request (CSR) for your private certificate authority
/// (CA). The CSR is created when you call the CreateCertificateAuthority
/// action. Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises
/// root or subordinate CA. Then import the signed certificate back into Amazon Web Services
/// Private CA by calling the ImportCertificateAuthorityCertificate
/// action. The CSR is returned as a base64 PEM-encoded string.
///
/// Container for the necessary parameters to execute the GetCertificateAuthorityCsr service method.
///
/// The response from the GetCertificateAuthorityCsr service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// Your request is already in progress.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for GetCertificateAuthorityCsr Operation
GetCertificateAuthorityCsrResponse GetCertificateAuthorityCsr(GetCertificateAuthorityCsrRequest request);
///
/// Retrieves the certificate signing request (CSR) for your private certificate authority
/// (CA). The CSR is created when you call the CreateCertificateAuthority
/// action. Sign the CSR with your Amazon Web Services Private CA-hosted or on-premises
/// root or subordinate CA. Then import the signed certificate back into Amazon Web Services
/// Private CA by calling the ImportCertificateAuthorityCertificate
/// action. The CSR is returned as a base64 PEM-encoded string.
///
/// Container for the necessary parameters to execute the GetCertificateAuthorityCsr service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the GetCertificateAuthorityCsr service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// Your request is already in progress.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for GetCertificateAuthorityCsr Operation
Task GetCertificateAuthorityCsrAsync(GetCertificateAuthorityCsrRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region GetPolicy
///
/// Retrieves the resource-based policy attached to a private CA. If either the private
/// CA resource or the policy cannot be found, this action returns a ResourceNotFoundException.
///
///
///
///
/// The policy can be attached or updated with PutPolicy
/// and removed with DeletePolicy.
///
/// About Policies
///
///
-
///
/// A policy grants access on a private CA to an Amazon Web Services customer account,
/// to Amazon Web Services Organizations, or to an Amazon Web Services Organizations unit.
/// Policies are under the control of a CA administrator. For more information, see Using a
/// Resource Based Policy with Amazon Web Services Private CA.
///
///
-
///
/// A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed
/// by a CA in another account.
///
///
-
///
/// For ACM to manage automatic renewal of these certificates, the ACM user must configure
/// a Service Linked Role (SLR). The SLR allows the ACM service to assume the identity
/// of the user, subject to confirmation against the Amazon Web Services Private CA policy.
/// For more information, see Using
/// a Service Linked Role with ACM.
///
///
-
///
/// Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies.
/// For more information, see Attach
/// a Policy for Cross-Account Access.
///
///
///
/// Container for the necessary parameters to execute the GetPolicy service method.
///
/// The response from the GetPolicy service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for GetPolicy Operation
GetPolicyResponse GetPolicy(GetPolicyRequest request);
///
/// Retrieves the resource-based policy attached to a private CA. If either the private
/// CA resource or the policy cannot be found, this action returns a ResourceNotFoundException.
///
///
///
///
/// The policy can be attached or updated with PutPolicy
/// and removed with DeletePolicy.
///
/// About Policies
///
///
-
///
/// A policy grants access on a private CA to an Amazon Web Services customer account,
/// to Amazon Web Services Organizations, or to an Amazon Web Services Organizations unit.
/// Policies are under the control of a CA administrator. For more information, see Using a
/// Resource Based Policy with Amazon Web Services Private CA.
///
///
-
///
/// A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed
/// by a CA in another account.
///
///
-
///
/// For ACM to manage automatic renewal of these certificates, the ACM user must configure
/// a Service Linked Role (SLR). The SLR allows the ACM service to assume the identity
/// of the user, subject to confirmation against the Amazon Web Services Private CA policy.
/// For more information, see Using
/// a Service Linked Role with ACM.
///
///
-
///
/// Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies.
/// For more information, see Attach
/// a Policy for Cross-Account Access.
///
///
///
/// Container for the necessary parameters to execute the GetPolicy service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the GetPolicy service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for GetPolicy Operation
Task GetPolicyAsync(GetPolicyRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region ImportCertificateAuthorityCertificate
///
/// Imports a signed private CA certificate into Amazon Web Services Private CA. This
/// action is used when you are using a chain of trust whose root is located outside Amazon
/// Web Services Private CA. Before you can call this action, the following preparations
/// must in place:
///
/// -
///
/// In Amazon Web Services Private CA, call the CreateCertificateAuthority
/// action to create the private CA that you plan to back with the imported certificate.
///
///
-
///
/// Call the GetCertificateAuthorityCsr
/// action to generate a certificate signing request (CSR).
///
///
-
///
/// Sign the CSR using a root or intermediate CA hosted by either an on-premises PKI hierarchy
/// or by a commercial CA.
///
///
-
///
/// Create a certificate chain and copy the signed certificate and the certificate chain
/// to your working directory.
///
///
///
/// Amazon Web Services Private CA supports three scenarios for installing a CA certificate:
///
/// -
///
/// Installing a certificate for a root CA hosted by Amazon Web Services Private CA.
///
///
-
///
/// Installing a subordinate CA certificate whose parent authority is hosted by Amazon
/// Web Services Private CA.
///
///
-
///
/// Installing a subordinate CA certificate whose parent authority is externally hosted.
///
///
///
/// The following additional requirements apply when you import a CA certificate.
///
/// -
///
/// Only a self-signed certificate can be imported as a root CA.
///
///
-
///
/// A self-signed certificate cannot be imported as a subordinate CA.
///
///
-
///
/// Your certificate chain must not include the private CA certificate that you are importing.
///
///
-
///
/// Your root CA must be the last certificate in your chain. The subordinate certificate,
/// if any, that your root CA signed must be next to last. The subordinate certificate
/// signed by the preceding subordinate CA must come next, and so on until your chain
/// is built.
///
///
-
///
/// The chain must be PEM-encoded.
///
///
-
///
/// The maximum allowed size of a certificate is 32 KB.
///
///
-
///
/// The maximum allowed size of a certificate chain is 2 MB.
///
///
///
/// Enforcement of Critical Constraints
///
///
///
/// Amazon Web Services Private CA allows the following extensions to be marked critical
/// in the imported CA certificate or chain.
///
/// -
///
/// Basic constraints (must be marked critical)
///
///
-
///
/// Subject alternative names
///
///
-
///
/// Key usage
///
///
-
///
/// Extended key usage
///
///
-
///
/// Authority key identifier
///
///
-
///
/// Subject key identifier
///
///
-
///
/// Issuer alternative name
///
///
-
///
/// Subject directory attributes
///
///
-
///
/// Subject information access
///
///
-
///
/// Certificate policies
///
///
-
///
/// Policy mappings
///
///
-
///
/// Inhibit anyPolicy
///
///
///
/// Amazon Web Services Private CA rejects the following extensions when they are marked
/// critical in an imported CA certificate or chain.
///
/// -
///
/// Name constraints
///
///
-
///
/// Policy constraints
///
///
-
///
/// CRL distribution points
///
///
-
///
/// Authority information access
///
///
-
///
/// Freshest CRL
///
///
-
///
/// Any other extension
///
///
///
/// Container for the necessary parameters to execute the ImportCertificateAuthorityCertificate service method.
///
/// The response from the ImportCertificateAuthorityCertificate service method, as returned by ACMPCA.
///
/// The certificate authority certificate you are importing does not comply with conditions
/// specified in the certificate that signed it.
///
///
/// A previous update to your private CA is still ongoing.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The request action cannot be performed or is prohibited.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// One or more fields in the certificate are invalid.
///
///
/// The request has failed for an unspecified reason.
///
///
/// Your request is already in progress.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for ImportCertificateAuthorityCertificate Operation
ImportCertificateAuthorityCertificateResponse ImportCertificateAuthorityCertificate(ImportCertificateAuthorityCertificateRequest request);
///
/// Imports a signed private CA certificate into Amazon Web Services Private CA. This
/// action is used when you are using a chain of trust whose root is located outside Amazon
/// Web Services Private CA. Before you can call this action, the following preparations
/// must in place:
///
/// -
///
/// In Amazon Web Services Private CA, call the CreateCertificateAuthority
/// action to create the private CA that you plan to back with the imported certificate.
///
///
-
///
/// Call the GetCertificateAuthorityCsr
/// action to generate a certificate signing request (CSR).
///
///
-
///
/// Sign the CSR using a root or intermediate CA hosted by either an on-premises PKI hierarchy
/// or by a commercial CA.
///
///
-
///
/// Create a certificate chain and copy the signed certificate and the certificate chain
/// to your working directory.
///
///
///
/// Amazon Web Services Private CA supports three scenarios for installing a CA certificate:
///
/// -
///
/// Installing a certificate for a root CA hosted by Amazon Web Services Private CA.
///
///
-
///
/// Installing a subordinate CA certificate whose parent authority is hosted by Amazon
/// Web Services Private CA.
///
///
-
///
/// Installing a subordinate CA certificate whose parent authority is externally hosted.
///
///
///
/// The following additional requirements apply when you import a CA certificate.
///
/// -
///
/// Only a self-signed certificate can be imported as a root CA.
///
///
-
///
/// A self-signed certificate cannot be imported as a subordinate CA.
///
///
-
///
/// Your certificate chain must not include the private CA certificate that you are importing.
///
///
-
///
/// Your root CA must be the last certificate in your chain. The subordinate certificate,
/// if any, that your root CA signed must be next to last. The subordinate certificate
/// signed by the preceding subordinate CA must come next, and so on until your chain
/// is built.
///
///
-
///
/// The chain must be PEM-encoded.
///
///
-
///
/// The maximum allowed size of a certificate is 32 KB.
///
///
-
///
/// The maximum allowed size of a certificate chain is 2 MB.
///
///
///
/// Enforcement of Critical Constraints
///
///
///
/// Amazon Web Services Private CA allows the following extensions to be marked critical
/// in the imported CA certificate or chain.
///
/// -
///
/// Basic constraints (must be marked critical)
///
///
-
///
/// Subject alternative names
///
///
-
///
/// Key usage
///
///
-
///
/// Extended key usage
///
///
-
///
/// Authority key identifier
///
///
-
///
/// Subject key identifier
///
///
-
///
/// Issuer alternative name
///
///
-
///
/// Subject directory attributes
///
///
-
///
/// Subject information access
///
///
-
///
/// Certificate policies
///
///
-
///
/// Policy mappings
///
///
-
///
/// Inhibit anyPolicy
///
///
///
/// Amazon Web Services Private CA rejects the following extensions when they are marked
/// critical in an imported CA certificate or chain.
///
/// -
///
/// Name constraints
///
///
-
///
/// Policy constraints
///
///
-
///
/// CRL distribution points
///
///
-
///
/// Authority information access
///
///
-
///
/// Freshest CRL
///
///
-
///
/// Any other extension
///
///
///
/// Container for the necessary parameters to execute the ImportCertificateAuthorityCertificate service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the ImportCertificateAuthorityCertificate service method, as returned by ACMPCA.
///
/// The certificate authority certificate you are importing does not comply with conditions
/// specified in the certificate that signed it.
///
///
/// A previous update to your private CA is still ongoing.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The request action cannot be performed or is prohibited.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// One or more fields in the certificate are invalid.
///
///
/// The request has failed for an unspecified reason.
///
///
/// Your request is already in progress.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for ImportCertificateAuthorityCertificate Operation
Task ImportCertificateAuthorityCertificateAsync(ImportCertificateAuthorityCertificateRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region IssueCertificate
///
/// Uses your private certificate authority (CA), or one that has been shared with you,
/// to issue a client certificate. This action returns the Amazon Resource Name (ARN)
/// of the certificate. You can retrieve the certificate by calling the GetCertificate
/// action and specifying the ARN.
///
///
///
/// You cannot use the ACM ListCertificateAuthorities action to retrieve the ARNs
/// of the certificates that you issue by using Amazon Web Services Private CA.
///
///
///
/// Container for the necessary parameters to execute the IssueCertificate service method.
///
/// The response from the IssueCertificate service method, as returned by ACMPCA.
///
/// One or more of the specified arguments was not valid.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// An Amazon Web Services Private CA quota has been exceeded. See the exception message
/// returned to determine the quota that was exceeded.
///
///
/// The certificate signing request is invalid.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for IssueCertificate Operation
IssueCertificateResponse IssueCertificate(IssueCertificateRequest request);
///
/// Uses your private certificate authority (CA), or one that has been shared with you,
/// to issue a client certificate. This action returns the Amazon Resource Name (ARN)
/// of the certificate. You can retrieve the certificate by calling the GetCertificate
/// action and specifying the ARN.
///
///
///
/// You cannot use the ACM ListCertificateAuthorities action to retrieve the ARNs
/// of the certificates that you issue by using Amazon Web Services Private CA.
///
///
///
/// Container for the necessary parameters to execute the IssueCertificate service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the IssueCertificate service method, as returned by ACMPCA.
///
/// One or more of the specified arguments was not valid.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// An Amazon Web Services Private CA quota has been exceeded. See the exception message
/// returned to determine the quota that was exceeded.
///
///
/// The certificate signing request is invalid.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for IssueCertificate Operation
Task IssueCertificateAsync(IssueCertificateRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region ListCertificateAuthorities
///
/// Lists the private certificate authorities that you created by using the CreateCertificateAuthority
/// action.
///
/// Container for the necessary parameters to execute the ListCertificateAuthorities service method.
///
/// The response from the ListCertificateAuthorities service method, as returned by ACMPCA.
///
/// The token specified in the NextToken argument is not valid. Use the token
/// returned from your previous call to ListCertificateAuthorities.
///
/// REST API Reference for ListCertificateAuthorities Operation
ListCertificateAuthoritiesResponse ListCertificateAuthorities(ListCertificateAuthoritiesRequest request);
///
/// Lists the private certificate authorities that you created by using the CreateCertificateAuthority
/// action.
///
/// Container for the necessary parameters to execute the ListCertificateAuthorities service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the ListCertificateAuthorities service method, as returned by ACMPCA.
///
/// The token specified in the NextToken argument is not valid. Use the token
/// returned from your previous call to ListCertificateAuthorities.
///
/// REST API Reference for ListCertificateAuthorities Operation
Task ListCertificateAuthoritiesAsync(ListCertificateAuthoritiesRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region ListPermissions
///
/// List all permissions on a private CA, if any, granted to the Certificate Manager (ACM)
/// service principal (acm.amazonaws.com).
///
///
///
/// These permissions allow ACM to issue and renew ACM certificates that reside in the
/// same Amazon Web Services account as the CA.
///
///
///
/// Permissions can be granted with the CreatePermission
/// action and revoked with the DeletePermission
/// action.
///
/// About Permissions
///
///
-
///
/// If the private CA and the certificates it issues reside in the same account, you can
/// use
CreatePermission to grant permissions for ACM to carry out automatic
/// certificate renewals.
///
/// -
///
/// For automatic certificate renewal to succeed, the ACM service principal needs permissions
/// to create, retrieve, and list certificates.
///
///
-
///
/// If the private CA and the ACM certificates reside in different accounts, then permissions
/// cannot be used to enable automatic renewals. Instead, the ACM certificate owner must
/// set up a resource-based policy to enable cross-account issuance and renewals. For
/// more information, see Using
/// a Resource Based Policy with Amazon Web Services Private CA.
///
///
///
/// Container for the necessary parameters to execute the ListPermissions service method.
///
/// The response from the ListPermissions service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The token specified in the NextToken argument is not valid. Use the token
/// returned from your previous call to ListCertificateAuthorities.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for ListPermissions Operation
ListPermissionsResponse ListPermissions(ListPermissionsRequest request);
///
/// List all permissions on a private CA, if any, granted to the Certificate Manager (ACM)
/// service principal (acm.amazonaws.com).
///
///
///
/// These permissions allow ACM to issue and renew ACM certificates that reside in the
/// same Amazon Web Services account as the CA.
///
///
///
/// Permissions can be granted with the CreatePermission
/// action and revoked with the DeletePermission
/// action.
///
/// About Permissions
///
///
-
///
/// If the private CA and the certificates it issues reside in the same account, you can
/// use
CreatePermission to grant permissions for ACM to carry out automatic
/// certificate renewals.
///
/// -
///
/// For automatic certificate renewal to succeed, the ACM service principal needs permissions
/// to create, retrieve, and list certificates.
///
///
-
///
/// If the private CA and the ACM certificates reside in different accounts, then permissions
/// cannot be used to enable automatic renewals. Instead, the ACM certificate owner must
/// set up a resource-based policy to enable cross-account issuance and renewals. For
/// more information, see Using
/// a Resource Based Policy with Amazon Web Services Private CA.
///
///
///
/// Container for the necessary parameters to execute the ListPermissions service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the ListPermissions service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The token specified in the NextToken argument is not valid. Use the token
/// returned from your previous call to ListCertificateAuthorities.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for ListPermissions Operation
Task ListPermissionsAsync(ListPermissionsRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region ListTags
///
/// Lists the tags, if any, that are associated with your private CA or one that has been
/// shared with you. Tags are labels that you can use to identify and organize your CAs.
/// Each tag consists of a key and an optional value. Call the TagCertificateAuthority
/// action to add one or more tags to your CA. Call the UntagCertificateAuthority
/// action to remove tags.
///
/// Container for the necessary parameters to execute the ListTags service method.
///
/// The response from the ListTags service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for ListTags Operation
ListTagsResponse ListTags(ListTagsRequest request);
///
/// Lists the tags, if any, that are associated with your private CA or one that has been
/// shared with you. Tags are labels that you can use to identify and organize your CAs.
/// Each tag consists of a key and an optional value. Call the TagCertificateAuthority
/// action to add one or more tags to your CA. Call the UntagCertificateAuthority
/// action to remove tags.
///
/// Container for the necessary parameters to execute the ListTags service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the ListTags service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for ListTags Operation
Task ListTagsAsync(ListTagsRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region PutPolicy
///
/// Attaches a resource-based policy to a private CA.
///
///
///
/// A policy can also be applied by sharing a private CA through Amazon Web Services Resource
/// Access Manager (RAM). For more information, see Attach
/// a Policy for Cross-Account Access.
///
///
///
/// The policy can be displayed with GetPolicy
/// and removed with DeletePolicy.
///
/// About Policies
///
///
-
///
/// A policy grants access on a private CA to an Amazon Web Services customer account,
/// to Amazon Web Services Organizations, or to an Amazon Web Services Organizations unit.
/// Policies are under the control of a CA administrator. For more information, see Using a
/// Resource Based Policy with Amazon Web Services Private CA.
///
///
-
///
/// A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed
/// by a CA in another account.
///
///
-
///
/// For ACM to manage automatic renewal of these certificates, the ACM user must configure
/// a Service Linked Role (SLR). The SLR allows the ACM service to assume the identity
/// of the user, subject to confirmation against the Amazon Web Services Private CA policy.
/// For more information, see Using
/// a Service Linked Role with ACM.
///
///
-
///
/// Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies.
/// For more information, see Attach
/// a Policy for Cross-Account Access.
///
///
///
/// Container for the necessary parameters to execute the PutPolicy service method.
///
/// The response from the PutPolicy service method, as returned by ACMPCA.
///
/// A previous update to your private CA is still ongoing.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The resource policy is invalid or is missing a required statement. For general information
/// about IAM policy and statement structure, see Overview
/// of JSON Policies.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The current action was prevented because it would lock the caller out from performing
/// subsequent actions. Verify that the specified parameters would not result in the caller
/// being denied access to the resource.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for PutPolicy Operation
PutPolicyResponse PutPolicy(PutPolicyRequest request);
///
/// Attaches a resource-based policy to a private CA.
///
///
///
/// A policy can also be applied by sharing a private CA through Amazon Web Services Resource
/// Access Manager (RAM). For more information, see Attach
/// a Policy for Cross-Account Access.
///
///
///
/// The policy can be displayed with GetPolicy
/// and removed with DeletePolicy.
///
/// About Policies
///
///
-
///
/// A policy grants access on a private CA to an Amazon Web Services customer account,
/// to Amazon Web Services Organizations, or to an Amazon Web Services Organizations unit.
/// Policies are under the control of a CA administrator. For more information, see Using a
/// Resource Based Policy with Amazon Web Services Private CA.
///
///
-
///
/// A policy permits a user of Certificate Manager (ACM) to issue ACM certificates signed
/// by a CA in another account.
///
///
-
///
/// For ACM to manage automatic renewal of these certificates, the ACM user must configure
/// a Service Linked Role (SLR). The SLR allows the ACM service to assume the identity
/// of the user, subject to confirmation against the Amazon Web Services Private CA policy.
/// For more information, see Using
/// a Service Linked Role with ACM.
///
///
-
///
/// Updates made in Amazon Web Services Resource Manager (RAM) are reflected in policies.
/// For more information, see Attach
/// a Policy for Cross-Account Access.
///
///
///
/// Container for the necessary parameters to execute the PutPolicy service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the PutPolicy service method, as returned by ACMPCA.
///
/// A previous update to your private CA is still ongoing.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The resource policy is invalid or is missing a required statement. For general information
/// about IAM policy and statement structure, see Overview
/// of JSON Policies.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The current action was prevented because it would lock the caller out from performing
/// subsequent actions. Verify that the specified parameters would not result in the caller
/// being denied access to the resource.
///
///
/// The request has failed for an unspecified reason.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for PutPolicy Operation
Task PutPolicyAsync(PutPolicyRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region RestoreCertificateAuthority
///
/// Restores a certificate authority (CA) that is in the DELETED state. You
/// can restore a CA during the period that you defined in the PermanentDeletionTimeInDays
/// parameter of the DeleteCertificateAuthority
/// action. Currently, you can specify 7 to 30 days. If you did not specify a PermanentDeletionTimeInDays
/// value, by default you can restore the CA at any time in a 30 day period. You can check
/// the time remaining in the restoration period of a private CA in the DELETED
/// state by calling the DescribeCertificateAuthority
/// or ListCertificateAuthorities
/// actions. The status of a restored CA is set to its pre-deletion status when the RestoreCertificateAuthority
/// action returns. To change its status to ACTIVE, call the UpdateCertificateAuthority
/// action. If the private CA was in the PENDING_CERTIFICATE state at deletion,
/// you must use the ImportCertificateAuthorityCertificate
/// action to import a certificate authority into the private CA before it can be activated.
/// You cannot restore a CA after the restoration period has ended.
///
/// Container for the necessary parameters to execute the RestoreCertificateAuthority service method.
///
/// The response from the RestoreCertificateAuthority service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for RestoreCertificateAuthority Operation
RestoreCertificateAuthorityResponse RestoreCertificateAuthority(RestoreCertificateAuthorityRequest request);
///
/// Restores a certificate authority (CA) that is in the DELETED state. You
/// can restore a CA during the period that you defined in the PermanentDeletionTimeInDays
/// parameter of the DeleteCertificateAuthority
/// action. Currently, you can specify 7 to 30 days. If you did not specify a PermanentDeletionTimeInDays
/// value, by default you can restore the CA at any time in a 30 day period. You can check
/// the time remaining in the restoration period of a private CA in the DELETED
/// state by calling the DescribeCertificateAuthority
/// or ListCertificateAuthorities
/// actions. The status of a restored CA is set to its pre-deletion status when the RestoreCertificateAuthority
/// action returns. To change its status to ACTIVE, call the UpdateCertificateAuthority
/// action. If the private CA was in the PENDING_CERTIFICATE state at deletion,
/// you must use the ImportCertificateAuthorityCertificate
/// action to import a certificate authority into the private CA before it can be activated.
/// You cannot restore a CA after the restoration period has ended.
///
/// Container for the necessary parameters to execute the RestoreCertificateAuthority service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the RestoreCertificateAuthority service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for RestoreCertificateAuthority Operation
Task RestoreCertificateAuthorityAsync(RestoreCertificateAuthorityRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region RevokeCertificate
///
/// Revokes a certificate that was issued inside Amazon Web Services Private CA. If you
/// enable a certificate revocation list (CRL) when you create or update your private
/// CA, information about the revoked certificates will be included in the CRL. Amazon
/// Web Services Private CA writes the CRL to an S3 bucket that you specify. A CRL is
/// typically updated approximately 30 minutes after a certificate is revoked. If for
/// any reason the CRL update fails, Amazon Web Services Private CA attempts makes further
/// attempts every 15 minutes. With Amazon CloudWatch, you can create alarms for the metrics
/// CRLGenerated and MisconfiguredCRLBucket. For more information,
/// see Supported
/// CloudWatch Metrics.
///
///
///
/// Both Amazon Web Services Private CA and the IAM principal must have permission to
/// write to the S3 bucket that you specify. If the IAM principal making the call does
/// not have permission to write to the bucket, then an exception is thrown. For more
/// information, see Access
/// policies for CRLs in Amazon S3.
///
///
///
/// Amazon Web Services Private CA also writes revocation information to the audit report.
/// For more information, see CreateCertificateAuthorityAuditReport.
///
///
///
/// You cannot revoke a root CA self-signed certificate.
///
///
///
/// Container for the necessary parameters to execute the RevokeCertificate service method.
///
/// The response from the RevokeCertificate service method, as returned by ACMPCA.
///
/// A previous update to your private CA is still ongoing.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The request action cannot be performed or is prohibited.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// An Amazon Web Services Private CA quota has been exceeded. See the exception message
/// returned to determine the quota that was exceeded.
///
///
/// Your request has already been completed.
///
///
/// The request has failed for an unspecified reason.
///
///
/// Your request is already in progress.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for RevokeCertificate Operation
RevokeCertificateResponse RevokeCertificate(RevokeCertificateRequest request);
///
/// Revokes a certificate that was issued inside Amazon Web Services Private CA. If you
/// enable a certificate revocation list (CRL) when you create or update your private
/// CA, information about the revoked certificates will be included in the CRL. Amazon
/// Web Services Private CA writes the CRL to an S3 bucket that you specify. A CRL is
/// typically updated approximately 30 minutes after a certificate is revoked. If for
/// any reason the CRL update fails, Amazon Web Services Private CA attempts makes further
/// attempts every 15 minutes. With Amazon CloudWatch, you can create alarms for the metrics
/// CRLGenerated and MisconfiguredCRLBucket. For more information,
/// see Supported
/// CloudWatch Metrics.
///
///
///
/// Both Amazon Web Services Private CA and the IAM principal must have permission to
/// write to the S3 bucket that you specify. If the IAM principal making the call does
/// not have permission to write to the bucket, then an exception is thrown. For more
/// information, see Access
/// policies for CRLs in Amazon S3.
///
///
///
/// Amazon Web Services Private CA also writes revocation information to the audit report.
/// For more information, see CreateCertificateAuthorityAuditReport.
///
///
///
/// You cannot revoke a root CA self-signed certificate.
///
///
///
/// Container for the necessary parameters to execute the RevokeCertificate service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the RevokeCertificate service method, as returned by ACMPCA.
///
/// A previous update to your private CA is still ongoing.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The request action cannot be performed or is prohibited.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// An Amazon Web Services Private CA quota has been exceeded. See the exception message
/// returned to determine the quota that was exceeded.
///
///
/// Your request has already been completed.
///
///
/// The request has failed for an unspecified reason.
///
///
/// Your request is already in progress.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for RevokeCertificate Operation
Task RevokeCertificateAsync(RevokeCertificateRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region TagCertificateAuthority
///
/// Adds one or more tags to your private CA. Tags are labels that you can use to identify
/// and organize your Amazon Web Services resources. Each tag consists of a key and an
/// optional value. You specify the private CA on input by its Amazon Resource Name (ARN).
/// You specify the tag by using a key-value pair. You can apply a tag to just one private
/// CA if you want to identify a specific characteristic of that CA, or you can apply
/// the same tag to multiple private CAs if you want to filter for a common relationship
/// among those CAs. To remove one or more tags, use the UntagCertificateAuthority
/// action. Call the ListTags
/// action to see what tags are associated with your CA.
///
///
///
/// To attach tags to a private CA during the creation procedure, a CA administrator must
/// first associate an inline IAM policy with the CreateCertificateAuthority
/// action and explicitly allow tagging. For more information, see Attaching
/// tags to a CA at the time of creation.
///
///
///
/// Container for the necessary parameters to execute the TagCertificateAuthority service method.
///
/// The response from the TagCertificateAuthority service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The tag associated with the CA is not valid. The invalid argument is contained in
/// the message field.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
///
/// You can associate up to 50 tags with a private CA. Exception information is contained
/// in the exception message field.
///
/// REST API Reference for TagCertificateAuthority Operation
TagCertificateAuthorityResponse TagCertificateAuthority(TagCertificateAuthorityRequest request);
///
/// Adds one or more tags to your private CA. Tags are labels that you can use to identify
/// and organize your Amazon Web Services resources. Each tag consists of a key and an
/// optional value. You specify the private CA on input by its Amazon Resource Name (ARN).
/// You specify the tag by using a key-value pair. You can apply a tag to just one private
/// CA if you want to identify a specific characteristic of that CA, or you can apply
/// the same tag to multiple private CAs if you want to filter for a common relationship
/// among those CAs. To remove one or more tags, use the UntagCertificateAuthority
/// action. Call the ListTags
/// action to see what tags are associated with your CA.
///
///
///
/// To attach tags to a private CA during the creation procedure, a CA administrator must
/// first associate an inline IAM policy with the CreateCertificateAuthority
/// action and explicitly allow tagging. For more information, see Attaching
/// tags to a CA at the time of creation.
///
///
///
/// Container for the necessary parameters to execute the TagCertificateAuthority service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the TagCertificateAuthority service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The tag associated with the CA is not valid. The invalid argument is contained in
/// the message field.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
///
/// You can associate up to 50 tags with a private CA. Exception information is contained
/// in the exception message field.
///
/// REST API Reference for TagCertificateAuthority Operation
Task TagCertificateAuthorityAsync(TagCertificateAuthorityRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region UntagCertificateAuthority
///
/// Remove one or more tags from your private CA. A tag consists of a key-value pair.
/// If you do not specify the value portion of the tag when calling this action, the tag
/// will be removed regardless of value. If you specify a value, the tag is removed only
/// if it is associated with the specified value. To add tags to a private CA, use the
/// TagCertificateAuthority.
/// Call the ListTags
/// action to see what tags are associated with your CA.
///
/// Container for the necessary parameters to execute the UntagCertificateAuthority service method.
///
/// The response from the UntagCertificateAuthority service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The tag associated with the CA is not valid. The invalid argument is contained in
/// the message field.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for UntagCertificateAuthority Operation
UntagCertificateAuthorityResponse UntagCertificateAuthority(UntagCertificateAuthorityRequest request);
///
/// Remove one or more tags from your private CA. A tag consists of a key-value pair.
/// If you do not specify the value portion of the tag when calling this action, the tag
/// will be removed regardless of value. If you specify a value, the tag is removed only
/// if it is associated with the specified value. To add tags to a private CA, use the
/// TagCertificateAuthority.
/// Call the ListTags
/// action to see what tags are associated with your CA.
///
/// Container for the necessary parameters to execute the UntagCertificateAuthority service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the UntagCertificateAuthority service method, as returned by ACMPCA.
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// The tag associated with the CA is not valid. The invalid argument is contained in
/// the message field.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for UntagCertificateAuthority Operation
Task UntagCertificateAuthorityAsync(UntagCertificateAuthorityRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
#region UpdateCertificateAuthority
///
/// Updates the status or configuration of a private certificate authority (CA). Your
/// private CA must be in the ACTIVE or DISABLED state before
/// you can update it. You can disable a private CA that is in the ACTIVE
/// state or make a CA that is in the DISABLED state active again.
///
///
///
/// Both Amazon Web Services Private CA and the IAM principal must have permission to
/// write to the S3 bucket that you specify. If the IAM principal making the call does
/// not have permission to write to the bucket, then an exception is thrown. For more
/// information, see Access
/// policies for CRLs in Amazon S3.
///
///
///
/// Container for the necessary parameters to execute the UpdateCertificateAuthority service method.
///
/// The response from the UpdateCertificateAuthority service method, as returned by ACMPCA.
///
/// A previous update to your private CA is still ongoing.
///
///
/// One or more of the specified arguments was not valid.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The resource policy is invalid or is missing a required statement. For general information
/// about IAM policy and statement structure, see Overview
/// of JSON Policies.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for UpdateCertificateAuthority Operation
UpdateCertificateAuthorityResponse UpdateCertificateAuthority(UpdateCertificateAuthorityRequest request);
///
/// Updates the status or configuration of a private certificate authority (CA). Your
/// private CA must be in the ACTIVE or DISABLED state before
/// you can update it. You can disable a private CA that is in the ACTIVE
/// state or make a CA that is in the DISABLED state active again.
///
///
///
/// Both Amazon Web Services Private CA and the IAM principal must have permission to
/// write to the S3 bucket that you specify. If the IAM principal making the call does
/// not have permission to write to the bucket, then an exception is thrown. For more
/// information, see Access
/// policies for CRLs in Amazon S3.
///
///
///
/// Container for the necessary parameters to execute the UpdateCertificateAuthority service method.
///
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
///
///
/// The response from the UpdateCertificateAuthority service method, as returned by ACMPCA.
///
/// A previous update to your private CA is still ongoing.
///
///
/// One or more of the specified arguments was not valid.
///
///
/// The requested Amazon Resource Name (ARN) does not refer to an existing resource.
///
///
/// The resource policy is invalid or is missing a required statement. For general information
/// about IAM policy and statement structure, see Overview
/// of JSON Policies.
///
///
/// The state of the private CA does not allow this action to occur.
///
///
/// A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot
/// be found.
///
/// REST API Reference for UpdateCertificateAuthority Operation
Task UpdateCertificateAuthorityAsync(UpdateCertificateAuthorityRequest request, CancellationToken cancellationToken = default(CancellationToken));
#endregion
}
}