AWS::ACMPCA::CertificateAuthority KeyUsage

Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "CRLSign" : Boolean,
  "DataEncipherment" : Boolean,
  "DecipherOnly" : Boolean,
  "DigitalSignature" : Boolean,
  "EncipherOnly" : Boolean,
  "KeyAgreement" : Boolean,
  "KeyCertSign" : Boolean,
  "KeyEncipherment" : Boolean,
  "NonRepudiation" : Boolean
}

YAML


  CRLSign: Boolean
  DataEncipherment: Boolean
  DecipherOnly: Boolean
  DigitalSignature: Boolean
  EncipherOnly: Boolean
  KeyAgreement: Boolean
  KeyCertSign: Boolean
  KeyEncipherment: Boolean
  NonRepudiation: Boolean

Properties

CRLSign

Key can be used to sign CRLs.

Required: No

Type: Boolean

Update requires: Replacement

DataEncipherment

Key can be used to decipher data.

Required: No

Type: Boolean

Update requires: Replacement

DecipherOnly

Key can be used only to decipher data.

Required: No

Type: Boolean

Update requires: Replacement

DigitalSignature

Key can be used for digital signing.

Required: No

Type: Boolean

Update requires: Replacement

EncipherOnly

Key can be used only to encipher data.

Required: No

Type: Boolean

Update requires: Replacement

KeyAgreement

Key can be used in a key-agreement protocol.

Required: No

Type: Boolean

Update requires: Replacement

KeyCertSign

Key can be used to sign certificates.

Required: No

Type: Boolean

Update requires: Replacement

KeyEncipherment

Key can be used to encipher data.

Required: No

Type: Boolean

Update requires: Replacement

NonRepudiation

Key can be used for non-repudiation.

Required: No

Type: Boolean

Update requires: Replacement

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

GeneralName

OcspConfiguration