本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# GetCertificateAuthorityCsr
下列 Java 範例說明如何使用 [GetCertificateAuthorityCsr](https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCsr.html) 操作。
此操作能為您的私有憑證授權機構 (CA) 擷取憑證簽署要求 (CSR)。CSR 會在您呼叫 [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) 操作時建立。將 CSR 帶到您的內部部署 X.509 基礎設施,並使用您的根 CA 或次級 CA 簽署。然後呼叫 [ImportCertificateAuthorityCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html) 操作,將已簽署的憑證匯入回 ACM PCA。CSR 會以 PEM 格式傳回為 base64 編碼字串。
```
package com.amazonaws.samples;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.services.acmpca.AWSACMPCA;
import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder;
import com.amazonaws.services.acmpca.model.GetCertificateAuthorityCsrRequest;
import com.amazonaws.services.acmpca.model.GetCertificateAuthorityCsrResult;
import com.amazonaws.AmazonClientException;
import com.amazonaws.services.acmpca.model.ResourceNotFoundException;
import com.amazonaws.services.acmpca.model.InvalidArnException;
import com.amazonaws.services.acmpca.model.RequestInProgressException;
import com.amazonaws.services.acmpca.model.RequestFailedException;
import com.amazonaws.services.acmpca.model.AWSACMPCAException;
import com.amazonaws.waiters.Waiter;
import com.amazonaws.waiters.WaiterParameters;
import com.amazonaws.waiters.WaiterTimedOutException;
import com.amazonaws.waiters.WaiterUnrecoverableException;
public class GetCertificateAuthorityCsr {
public static void main(String[] args) throws Exception {
// Retrieve your credentials from the C:\Users\name\.aws\credentials file
// in Windows or the .aws/credentials file in Linux.
AWSCredentials credentials = null;
try {
credentials = new ProfileCredentialsProvider("default").getCredentials();
} catch (Exception e) {
throw new AmazonClientException("Cannot load your credentials from disk", e);
}
// Define the endpoint for your sample.
String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2"
String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/";
EndpointConfiguration endpoint =
new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion);
// Create a client that you can use to make requests.
AWSACMPCA client = AWSACMPCAClientBuilder.standard()
.withEndpointConfiguration(endpoint)
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.build();
// Create the request object and set the CA ARN.
GetCertificateAuthorityCsrRequest req = new GetCertificateAuthorityCsrRequest();
req.withCertificateAuthorityArn("arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566");
// Create waiter to wait on successful creation of the CSR file.
Waiter waiter = client.waiters().certificateAuthorityCSRCreated();
try {
waiter.run(new WaiterParameters<>(req));
} catch (WaiterUnrecoverableException e) {
//Explicit short circuit when the recourse transitions into
//an undesired state.
} catch (WaiterTimedOutException e) {
//Failed to transition into desired state even after polling.
} catch (AWSACMPCAException e) {
//Unexpected service exception.
}
// Retrieve the CSR.
GetCertificateAuthorityCsrResult result = null;
try {
result = client.getCertificateAuthorityCsr(req);
} catch (RequestInProgressException ex) {
throw ex;
} catch (ResourceNotFoundException ex) {
throw ex;
} catch (InvalidArnException ex) {
throw ex;
} catch (RequestFailedException ex) {
throw ex;
}
// Retrieve and display the CSR;
String Csr = result.getCsr();
System.out.println(Csr);
}
}
```
您指定的憑證授權單位 (CA) 的輸出應類似下列。憑證簽署要求 (CSR) 是以 base64 編碼 (PEM 格式)。儲存到本機檔案,並帶到您的內部部署 X.509 基礎設施,然後使用您的根 CA 或次級 CA 簽署。
```
-----BEGIN CERTIFICATE REQUEST----- base64-encoded request -----END CERTIFICATE REQUEST-----
```