RegisterCACertificate
Registers a CA certificate with AWS IoT Core. There is no limit to the number of CA
certificates you can register in your AWS account. You can register up to 10 CA
certificates with the same CA subject field per AWS account.
Requires permission to access the RegisterCACertificate action.
Request Syntax
POST /cacertificate?allowAutoRegistration=allowAutoRegistration&setAsActive=setAsActive HTTP/1.1
Content-type: application/json
{
"caCertificate": "string",
"certificateMode": "string",
"registrationConfig": {
"roleArn": "string",
"templateBody": "string",
"templateName": "string"
},
"tags": [
{
"Key": "string",
"Value": "string"
}
],
"verificationCertificate": "string"
}URI Request Parameters
The request uses the following URI parameters.
- allowAutoRegistration
-
Allows this CA certificate to be used for auto registration of device certificates.
- setAsActive
-
A boolean value that specifies if the CA certificate is set to active.
Valid values:
ACTIVE | INACTIVE
Request Body
The request accepts the following data in JSON format.
- caCertificate
-
The CA certificate.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 65536.
Pattern:
[\s\S]*Required: Yes
- certificateMode
-
Describes the certificate mode in which the Certificate Authority (CA) will be registered. If the
verificationCertificatefield is not provided, setcertificateModeto beSNI_ONLY. If theverificationCertificatefield is provided, setcertificateModeto beDEFAULT. WhencertificateModeis not provided, it defaults toDEFAULT. All the device certificates that are registered using this CA will be registered in the same certificate mode as the CA. For more information about certificate mode for device certificates, see certificate mode.Type: String
Valid Values:
DEFAULT | SNI_ONLYRequired: No
- registrationConfig
-
Information about the registration configuration.
Type: RegistrationConfig object
Required: No
-
Metadata which can be used to manage the CA certificate.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
Type: Array of Tag objects
Required: No
- verificationCertificate
-
The private key verification certificate. If
certificateModeisSNI_ONLY, theverificationCertificatefield must be empty. IfcertificateModeisDEFAULTor not provided, theverificationCertificatefield must not be empty.Type: String
Length Constraints: Minimum length of 1. Maximum length of 65536.
Pattern:
[\s\S]*Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"certificateArn": "string",
"certificateId": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- certificateArn
-
The CA certificate ARN.
Type: String
- certificateId
-
The CA certificate identifier.
Type: String
Length Constraints: Fixed length of 64.
Pattern:
(0x)?[a-fA-F0-9]+
Errors
- CertificateValidationException
-
The certificate is invalid.
HTTP Status Code: 400
- InternalFailureException
-
An unexpected error has occurred.
HTTP Status Code: 500
- InvalidRequestException
-
The request is not valid.
HTTP Status Code: 400
- LimitExceededException
-
A limit has been exceeded.
HTTP Status Code: 410
- RegistrationCodeValidationException
-
The registration code is invalid.
HTTP Status Code: 400
- ResourceAlreadyExistsException
-
The resource already exists.
HTTP Status Code: 409
- ResourceNotFoundException
-
The specified resource does not exist.
HTTP Status Code: 404
- ServiceUnavailableException
-
The service is temporarily unavailable.
HTTP Status Code: 503
- ThrottlingException
-
The rate exceeds the limit.
HTTP Status Code: 400
- UnauthorizedException
-
You are not authorized to perform this operation.
HTTP Status Code: 401
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
