AwsCertificateManagerCertificateDetails
Provides details about an AWS Certificate Manager certificate.
Contents
- CertificateAuthorityArn
-
The ARN of the private certificate authority (CA) that will be used to issue the certificate.
Type: String
Pattern:
.*\S.*
Required: No
- CreatedAt
-
Indicates when the certificate was requested.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:-
YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
) -
YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
) -
YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round
2024-10-31T23:00:00.123456789Z
to2024-10-31T23:00:00.123Z
.Type: String
Pattern:
.*\S.*
Required: No
-
- DomainName
-
The fully qualified domain name (FQDN), such as www.example.com, that is secured by the certificate.
Type: String
Pattern:
.*\S.*
Required: No
- DomainValidationOptions
-
Contains information about the initial validation of each domain name that occurs as a result of the
RequestCertificate
request.Only provided if the certificate type is
AMAZON_ISSUED
.Type: Array of AwsCertificateManagerCertificateDomainValidationOption objects
Required: No
- ExtendedKeyUsages
-
Contains a list of Extended Key Usage X.509 v3 extension objects. Each object specifies a purpose for which the certificate public key can be used and consists of a name and an object identifier (OID).
Type: Array of AwsCertificateManagerCertificateExtendedKeyUsage objects
Required: No
- FailureReason
-
For a failed certificate request, the reason for the failure.
Valid values:
NO_AVAILABLE_CONTACTS
|ADDITIONAL_VERIFICATION_REQUIRED
|DOMAIN_NOT_ALLOWED
|INVALID_PUBLIC_DOMAIN
|DOMAIN_VALIDATION_DENIED
|CAA_ERROR
|PCA_LIMIT_EXCEEDED
|PCA_INVALID_ARN
|PCA_INVALID_STATE
|PCA_REQUEST_FAILED
|PCA_NAME_CONSTRAINTS_VALIDATION
|PCA_RESOURCE_NOT_FOUND
|PCA_INVALID_ARGS
|PCA_INVALID_DURATION
|PCA_ACCESS_DENIED
|SLR_NOT_FOUND
|OTHER
Type: String
Pattern:
.*\S.*
Required: No
- ImportedAt
-
Indicates when the certificate was imported. Provided if the certificate type is
IMPORTED
.This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:-
YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
) -
YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
) -
YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round
2024-10-31T23:00:00.123456789Z
to2024-10-31T23:00:00.123Z
.Type: String
Pattern:
.*\S.*
Required: No
-
- InUseBy
-
The list of ARNs for the AWS resources that use the certificate.
Type: Array of strings
Pattern:
.*\S.*
Required: No
- IssuedAt
-
Indicates when the certificate was issued. Provided if the certificate type is
AMAZON_ISSUED
.This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:-
YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
) -
YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
) -
YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round
2024-10-31T23:00:00.123456789Z
to2024-10-31T23:00:00.123Z
.Type: String
Pattern:
.*\S.*
Required: No
-
- Issuer
-
The name of the certificate authority that issued and signed the certificate.
Type: String
Pattern:
.*\S.*
Required: No
- KeyAlgorithm
-
The algorithm that was used to generate the public-private key pair.
Valid values:
RSA_2048
|RSA_1024
|RSA_4096
|EC_prime256v1
|EC_secp384r1
|EC_secp521r1
Type: String
Pattern:
.*\S.*
Required: No
- KeyUsages
-
A list of key usage X.509 v3 extension objects.
Type: Array of AwsCertificateManagerCertificateKeyUsage objects
Required: No
- NotAfter
-
The time after which the certificate becomes invalid.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:-
YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
) -
YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
) -
YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round
2024-10-31T23:00:00.123456789Z
to2024-10-31T23:00:00.123Z
.Type: String
Pattern:
.*\S.*
Required: No
-
- NotBefore
-
The time before which the certificate is not valid.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:-
YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
) -
YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
) -
YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round
2024-10-31T23:00:00.123456789Z
to2024-10-31T23:00:00.123Z
.Type: String
Pattern:
.*\S.*
Required: No
-
- Options
-
Provides a value that specifies whether to add the certificate to a transparency log.
Type: AwsCertificateManagerCertificateOptions object
Required: No
- RenewalEligibility
-
Whether the certificate is eligible for renewal.
Valid values:
ELIGIBLE
|INELIGIBLE
Type: String
Pattern:
.*\S.*
Required: No
- RenewalSummary
-
Information about the status of the AWS Certificate Manager managed renewal for the certificate. Provided only when the certificate type is
AMAZON_ISSUED
.Type: AwsCertificateManagerCertificateRenewalSummary object
Required: No
- Serial
-
The serial number of the certificate.
Type: String
Pattern:
.*\S.*
Required: No
- SignatureAlgorithm
-
The algorithm that was used to sign the certificate.
Type: String
Pattern:
.*\S.*
Required: No
- Status
-
The status of the certificate.
Valid values:
PENDING_VALIDATION
|ISSUED
|INACTIVE
|EXPIRED
|VALIDATION_TIMED_OUT
|REVOKED
|FAILED
Type: String
Pattern:
.*\S.*
Required: No
- Subject
-
The name of the entity that is associated with the public key contained in the certificate.
Type: String
Pattern:
.*\S.*
Required: No
- SubjectAlternativeNames
-
One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate.
The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.
Type: Array of strings
Pattern:
.*\S.*
Required: No
- Type
-
The source of the certificate. For certificates that AWS Certificate Manager provides,
Type
isAMAZON_ISSUED
. For certificates that are imported withImportCertificate
,Type
isIMPORTED
.Valid values:
IMPORTED
|AMAZON_ISSUED
|PRIVATE
Type: String
Pattern:
.*\S.*
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: