本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用 IAM 伺服器憑證
若要啟用網站或應用程式的 HTTPS 連線 AWS,您需要 SSL/TLS *伺服器憑證*。您可以使用 提供的伺服器憑證, AWS Certificate Manager 或是從外部供應商取得的憑證。
建議您使用 ACM 來佈建、管理和部署伺服器憑證。透過 ACM ,您可以請求憑證、將其部署到您的 AWS 資源,並讓 為您 ACM 處理憑證續約。提供的憑證 ACM 是免費的。如需 的詳細資訊 ACM,請參閱[AWS Certificate Manager 《 使用者指南》](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html)。
## 取得伺服器憑證
您可以透過呼叫 IamClient 的 `getServerCertificate`方法來擷取伺服器憑證,並使用憑證的名稱傳遞 [GetServerCertificateRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetServerCertificateRequest.html)。
**匯入**
```
import software.amazon.awssdk.services.iam.model.GetServerCertificateRequest;
import software.amazon.awssdk.services.iam.model.GetServerCertificateResponse;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Code**
```
public static void getCertificate(IamClient iam,String certName ) {
try {
GetServerCertificateRequest request = GetServerCertificateRequest.builder()
.serverCertificateName(certName)
.build();
GetServerCertificateResponse response = iam.getServerCertificate(request);
System.out.format("Successfully retrieved certificate with body %s",
response.serverCertificate().certificateBody());
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/0b1785e42949ebf959eaa0f0da4dc2a48f92ea25/javav2/example_code/iam/src/main/java/com/example/iam/GetServerCertificate.java)。
## 列出伺服器憑證
若要列出您的伺服器憑證,請使用 [ListServerCertificatesRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListServerCertificatesRequest.html) 呼叫 IamClient 的 `listServerCertificates`方法。它會傳回 [ListServerCertificatesResponse](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListServerCertificatesResponse.html)。
呼叫傳回 `ListServerCertificateResponse` 物件的 `serverCertificateMetadataList` 方法以取得 [ServerCertificateMetadata](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ServerCertificateMetadata.html) 物件的清單,您可以用來取得每個憑證的相關資訊。
結果可能遭到截斷;如果 `ListServerCertificateResponse` 物件的 `isTruncated` 方法傳回 `true`,請呼叫 `ListServerCertificatesResponse` 物件的 `marker` 方法並使用標記來建立新的請求。使用新的請求再次呼叫 `listServerCertificates`,以取得下一個結果批次。
**匯入**
```
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.ListServerCertificatesRequest;
import software.amazon.awssdk.services.iam.model.ListServerCertificatesResponse;
import software.amazon.awssdk.services.iam.model.ServerCertificateMetadata;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
```
**Code**
```
public static void listCertificates(IamClient iam) {
try {
boolean done = false;
String newMarker = null;
while(!done) {
ListServerCertificatesResponse response;
if (newMarker == null) {
ListServerCertificatesRequest request =
ListServerCertificatesRequest.builder().build();
response = iam.listServerCertificates(request);
} else {
ListServerCertificatesRequest request =
ListServerCertificatesRequest.builder()
.marker(newMarker).build();
response = iam.listServerCertificates(request);
}
for(ServerCertificateMetadata metadata :
response.serverCertificateMetadataList()) {
System.out.printf("Retrieved server certificate %s",
metadata.serverCertificateName());
}
if(!response.isTruncated()) {
done = true;
} else {
newMarker = response.marker();
}
}
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/0b1785e42949ebf959eaa0f0da4dc2a48f92ea25/javav2/example_code/iam/src/main/java/com/example/iam/ListServerCertificates.java)。
## 更新伺服器憑證
您可以透過呼叫 IamClient 的 `updateServerCertificate`方法來更新伺服器憑證的名稱或路徑。它需要設定 [UpdateServerCertificateRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/UpdateServerCertificateRequest.html) 物件,並搭配伺服器憑證的目前名稱以及要使用的新名稱或新路徑。
**匯入**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.UpdateServerCertificateRequest;
import software.amazon.awssdk.services.iam.model.UpdateServerCertificateResponse;
```
**Code**
```
public static void updateCertificate(IamClient iam, String curName, String newName) {
try {
UpdateServerCertificateRequest request =
UpdateServerCertificateRequest.builder()
.serverCertificateName(curName)
.newServerCertificateName(newName)
.build();
UpdateServerCertificateResponse response =
iam.updateServerCertificate(request);
System.out.printf("Successfully updated server certificate to name %s",
newName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/0b1785e42949ebf959eaa0f0da4dc2a48f92ea25/javav2/example_code/iam/src/main/java/com/example/iam/UpdateServerCertificate.java)。
## 刪除伺服器憑證
若要刪除伺服器憑證,請使用包含憑證名稱的 [DeleteServerCertificateRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/DeleteServerCertificateRequest.html) 呼叫 IamClient 的 `deleteServerCertificate`方法。
**匯入**
```
import software.amazon.awssdk.services.iam.model.DeleteServerCertificateRequest;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Code**
```
public static void deleteCert(IamClient iam,String certName ) {
try {
DeleteServerCertificateRequest request =
DeleteServerCertificateRequest.builder()
.serverCertificateName(certName)
.build();
iam.deleteServerCertificate(request);
System.out.println("Successfully deleted server certificate " +
certName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/0b1785e42949ebf959eaa0f0da4dc2a48f92ea25/javav2/example_code/iam/src/main/java/com/example/iam/DeleteServerCertificate.java)。
## 其他資訊
+ 《 IAM 使用者指南[》中的使用伺服器憑證](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html)
+ IAM API 參考中的 [GetServerCertificate](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html)
+ IAM API 參考中的 [ListServerCertificates](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html)
+ IAM API 參考中的 [UpdateServerCertificate](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServerCertificate.html)
+ IAM API 參考中的 [DeleteServerCertificate](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html)
+ [AWS Certificate Manager 使用者指南](https://docs.aws.amazon.com/acm/latest/userguide/)