AcmpcaClient Class

Member Function Documentation

AcmpcaClient::AcmpcaClient(const QtAws::Core::AwsRegion::Region region = QtAws::Core::AwsRegion::InvalidRegion, QtAws::Core::AwsAbstractCredentials *credentials = NULL, QNetworkAccessManager * const manager = NULL, QObject * const parent = 0)

Constructs a AcmpcaClient object.

The new client object will region, credentials, and manager for network operations.

The new object will be owned by parent, if set.

AcmpcaClient::AcmpcaClient(const QUrl &endpoint, QtAws::Core::AwsAbstractCredentials *credentials = NULL, QNetworkAccessManager * const manager = NULL, QObject * const parent = 0)

This function overloads AcmpcaClient().

This overload allows the caller to specify the specific endpoint to send requests to. Typically, it is easier to use the alternative constructor, which allows the caller to specify an AWS region instead, in which case this client will determine the correct endpoint for the given region automatically (via AwsEndpoint::getEndpoint).

See also QtAws::Core::AwsEndpoint::getEndpoint.

[slot] CreateCertificateAuthorityResponse *AcmpcaClient::createCertificateAuthority(const CreateCertificateAuthorityRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an CreateCertificateAuthorityResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Creates a private subordinate certificate authority (CA). You must specify the CA configuration, the revocation configuration, the CA type, and an optional idempotency token. The CA configuration specifies the name of the algorithm and key size to be used to create the CA private key, the type of signing algorithm that the CA uses to sign, and X.500 subject information. The CRL (certificate revocation list) configuration specifies the CRL expiration period in days (the validity period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket that is included in certificates issued by the CA. If successful, this function returns the Amazon Resource Name (ARN) of the

[slot] CreateCertificateAuthorityAuditReportResponse *AcmpcaClient::createCertificateAuthorityAuditReport(const CreateCertificateAuthorityAuditReportRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an CreateCertificateAuthorityAuditReportResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Creates an audit report that lists every time that the your CA private key is used. The report is saved in the Amazon S3 bucket that you specify on input. The <a>IssueCertificate</a> and <a>RevokeCertificate</a> functions use the private key. You can generate a new report every 30

[slot] DeleteCertificateAuthorityResponse *AcmpcaClient::deleteCertificateAuthority(const DeleteCertificateAuthorityRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an DeleteCertificateAuthorityResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Deletes the private certificate authority (CA) that you created or started to create by calling the <a>CreateCertificateAuthority</a> function. This action requires that you enter an ARN (Amazon Resource Name) for the private CA that you want to delete. You can find the ARN by calling the <a>ListCertificateAuthorities</a> function. You can delete the CA if you are waiting for it to be created (the <b>Status</b> field of the <a>CertificateAuthority</a> is <code>CREATING</code>) or if the CA has been created but you haven't yet imported the signed certificate (the <b>Status</b> is <code>PENDING_CERTIFICATE</code>) into ACM PCA. If you've already imported the certificate, you cannot delete the CA unless it has been disabled for more than 30 days. To disable a CA, call the <a>UpdateCertificateAuthority</a> function and set the <b>CertificateAuthorityStatus</b> argument to <code>DISABLED</code>.

[slot] DescribeCertificateAuthorityResponse *AcmpcaClient::describeCertificateAuthority(const DescribeCertificateAuthorityRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an DescribeCertificateAuthorityResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Lists information about your private certificate authority (CA). You specify the private CA on input by its ARN (Amazon Resource Name). The output contains the status of your CA. This can be any of the following:

</p <ul> <li>

<b>CREATING:</b> ACM PCA is creating your private certificate

authority> </li> <li>

<b>PENDING_CERTIFICATE:</b> The certificate is pending. You must use your on-premises root or subordinate CA to sign your private CA CSR and then import it into PCA.

</p </li> <li>

<b>ACTIVE:</b> Your private CA is

active> </li> <li>

<b>DISABLED:</b> Your private CA has been

disabled> </li> <li>

<b>EXPIRED:</b> Your private CA certificate has

expired> </li> <li>

<b>FAILED:</b> Your private CA has failed. Your CA can fail for problems such a network outage or backend AWS failure or other errors. A failed CA can never return to the pending state. You must create a new CA.

[slot] DescribeCertificateAuthorityAuditReportResponse *AcmpcaClient::describeCertificateAuthorityAuditReport(const DescribeCertificateAuthorityAuditReportRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an DescribeCertificateAuthorityAuditReportResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Lists information about a specific audit report created by calling the <a>CreateCertificateAuthorityAuditReport</a> function. Audit information is created every time the certificate authority (CA) private key is used. The private key is used when you call the <a>IssueCertificate</a> function or the <a>RevokeCertificate</a> function.

[slot] GetCertificateResponse *AcmpcaClient::getCertificate(const GetCertificateRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an GetCertificateResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Retrieves a certificate from your private CA. The ARN of the certificate is returned when you call the <a>IssueCertificate</a> function. You must specify both the ARN of your private CA and the ARN of the issued certificate when calling the <b>GetCertificate</b> function. You can retrieve the certificate if it is in the <b>ISSUED</b> state. You can call the <a>CreateCertificateAuthorityAuditReport</a> function to create a report that contains information about all of the certificates issued and revoked by your private CA.

[slot] GetCertificateAuthorityCertificateResponse *AcmpcaClient::getCertificateAuthorityCertificate(const GetCertificateAuthorityCertificateRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an GetCertificateAuthorityCertificateResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Retrieves the certificate and certificate chain for your private certificate authority (CA). Both the certificate and the chain are base64 PEM-encoded. The chain does not include the CA certificate. Each certificate in the chain signs the one before it.

[slot] GetCertificateAuthorityCsrResponse *AcmpcaClient::getCertificateAuthorityCsr(const GetCertificateAuthorityCsrRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an GetCertificateAuthorityCsrResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Retrieves the certificate signing request (CSR) for your private certificate authority (CA). The CSR is created when you call the <a>CreateCertificateAuthority</a> function. Take the CSR to your on-premises X.509 infrastructure and sign it by using your root or a subordinate CA. Then import the signed certificate back into ACM PCA by calling the <a>ImportCertificateAuthorityCertificate</a> function. The CSR is returned as a base64 PEM-encoded string.

[slot] ImportCertificateAuthorityCertificateResponse *AcmpcaClient::importCertificateAuthorityCertificate(const ImportCertificateAuthorityCertificateRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an ImportCertificateAuthorityCertificateResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Imports your signed private CA certificate into ACM PCA. Before you can call this function, you must create the private certificate authority by calling the <a>CreateCertificateAuthority</a> function. You must then generate a certificate signing request (CSR) by calling the <a>GetCertificateAuthorityCsr</a> function. Take the CSR to your on-premises CA and use the root certificate or a subordinate certificate to sign it. Create a certificate chain and copy the signed certificate and the certificate chain to your working directory.

</p <note>

Your certificate chain must not include the private CA certificate that you are

importing> </note> <note>

Your on-premises CA certificate must be the last certificate in your chain. The subordinate certificate, if any, that your root CA signed must be next to last. The subordinate certificate signed by the preceding subordinate CA must come next, and so on until your chain is built.

</p </note> <note>

The chain must be

[slot] IssueCertificateResponse *AcmpcaClient::issueCertificate(const IssueCertificateRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an IssueCertificateResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Uses your private certificate authority (CA) to issue a client certificate. This function returns the Amazon Resource Name (ARN) of the certificate. You can retrieve the certificate by calling the <a>GetCertificate</a> function and specifying the ARN.

</p <note>

You cannot use the ACM <b>ListCertificateAuthorities</b> function to retrieve the ARNs of the certificates that you issue by using ACM

[slot] ListCertificateAuthoritiesResponse *AcmpcaClient::listCertificateAuthorities(const ListCertificateAuthoritiesRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an ListCertificateAuthoritiesResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Lists the private certificate authorities that you created by using the <a>CreateCertificateAuthority</a>

[slot] ListTagsResponse *AcmpcaClient::listTags(const ListTagsRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an ListTagsResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Lists the tags, if any, that are associated with your private CA. Tags are labels that you can use to identify and organize your CAs. Each tag consists of a key and an optional value. Call the <a>TagCertificateAuthority</a> function to add one or more tags to your CA. Call the <a>UntagCertificateAuthority</a> function to remove tags.

[slot] RevokeCertificateResponse *AcmpcaClient::revokeCertificate(const RevokeCertificateRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an RevokeCertificateResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Revokes a certificate that you issued by calling the <a>IssueCertificate</a> function. If you enable a certificate revocation list (CRL) when you create or update your private CA, information about the revoked certificates will be included in the CRL. ACM PCA writes the CRL to an S3 bucket that you specify. For more information about revocation, see the <a>CrlConfiguration</a> structure. ACM PCA also writes revocation information to the audit report. For more information, see <a>CreateCertificateAuthorityAuditReport</a>.

[slot] TagCertificateAuthorityResponse *AcmpcaClient::tagCertificateAuthority(const TagCertificateAuthorityRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an TagCertificateAuthorityResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Adds one or more tags to your private CA. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. You specify the private CA on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value pair. You can apply a tag to just one private CA if you want to identify a specific characteristic of that CA, or you can apply the same tag to multiple private CAs if you want to filter for a common relationship among those CAs. To remove one or more tags, use the <a>UntagCertificateAuthority</a> function. Call the <a>ListTags</a> function to see what tags are associated with your CA.

[slot] UntagCertificateAuthorityResponse *AcmpcaClient::untagCertificateAuthority(const UntagCertificateAuthorityRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an UntagCertificateAuthorityResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Remove one or more tags from your private CA. A tag consists of a key-value pair. If you do not specify the value portion of the tag when calling this function, the tag will be removed regardless of value. If you specify a value, the tag is removed only if it is associated with the specified value. To add tags to a private CA, use the <a>TagCertificateAuthority</a>. Call the <a>ListTags</a> function to see what tags are associated with your CA.

[slot] UpdateCertificateAuthorityResponse *AcmpcaClient::updateCertificateAuthority(const UpdateCertificateAuthorityRequest &request)

Sends request to the AcmpcaClient service, and returns a pointer to an UpdateCertificateAuthorityResponse object to track the result.

Note: The caller is to take responsbility for the resulting pointer.

Updates the status or configuration of a private certificate authority (CA). Your private CA must be in the <b> <code>ACTIVE</code> </b> or <b> <code>DISABLED</code> </b> state before you can update it. You can disable a private CA that is in the <b> <code>ACTIVE</code> </b> state or make a CA that is in the <b> <code>DISABLED</code> </b> state active