Package-level declarations
Types
An access control entry allows or denies Active Directory groups based on their security identifiers (SIDs) from enrolling and/or autoenrolling with the template.
Summary of group access control entries that allow or deny Active Directory groups based on their security identifiers (SIDs) from enrolling and/or autofenrolling with the template.
You can receive this error if you attempt to create a resource share when you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.
Application policies describe what the certificate can be used for.
Application policies describe what the certificate can be used for.
Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
This request cannot be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
Amazon Web Services Private CA Connector for Active Directory is a service that links your Active Directory with Amazon Web Services Private CA. The connector brokers the exchange of certificates from Amazon Web Services Private CA to domain-joined users and machines managed with Active Directory.
Summary description of the Amazon Web Services Private CA AD connectors belonging to an Amazon Web Services account.
The directory registration represents the authorization of the connector service with a directory.
The directory registration represents the authorization of the connector service with the Active Directory.
Template configurations for v2 template schema.
Template configurations for v3 template schema.
Template configurations for v4 template schema.
Certificate extensions for v2 template schema
Certificate extensions for v3 template schema
Certificate extensions for v4 template schema
General flags for v2 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.
General flags for v3 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.
General flags for v4 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.
The request processing has failed because of an unknown error, exception or failure with an internal server.
The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.
Specifies key usage.
Base class for all service related exceptions thrown by the PcaConnectorAd client
Defines the attributes of the private key.
Defines the attributes of the private key.
Defines the attributes of the private key.
Private key flags for v2 templates specify the client compatibility, if the private key can be exported, and if user input is required when using a private key.
Private key flags for v3 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, and if an alternate signature algorithm should be used.
Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
The operation tried to access a nonexistent resource. The resource might not be specified correctly, or its status might not be ACTIVE.
The service principal name that the connector uses to authenticate with Active Directory.
The service principal name that the connector uses to authenticate with Active Directory.
Request would cause a service quota to be exceeded.
Information to include in the subject name and alternate subject name of the certificate. The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.
Information to include in the subject name and alternate subject name of the certificate. The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.
Information to include in the subject name and alternate subject name of the certificate. The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.
Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
The revision version of the template. Template updates will increment the minor revision. Re-enrolling all certificate holders will increment the major revision.
An Active Directory compatible certificate template. Connectors issue certificates against these templates based on the requestor's Active Directory group membership.
v2 template schema that uses Legacy Cryptographic Providers.
v3 template schema that uses Key Storage Providers.
v4 template schema that can use either Legacy Cryptographic Providers or Key Storage Providers.
The limit on the number of requests per second was exceeded.
An input validation error occurred. For example, invalid characters in a template name, or if a pagination token is invalid.
Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in hours, days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
Information about your VPC and security groups used with the connector.