@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class ServerCertificateConfiguration extends Object implements Serializable, Cloneable, StructuredPojo
Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt
traffic using a TLSInspectionConfiguration. You can configure ServerCertificates for inbound
SSL/TLS inspection, a CertificateAuthorityArn for outbound SSL/TLS inspection, or both. For information
about working with certificates for TLS inspection, see
Requirements for using SSL/TLS server certficiates with TLS inspection configurations in the Network Firewall
Developer Guide.
If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.
| Constructor and Description |
|---|
ServerCertificateConfiguration() |
| Modifier and Type | Method and Description |
|---|---|
ServerCertificateConfiguration |
clone() |
boolean |
equals(Object obj) |
String |
getCertificateAuthorityArn()
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate
Manager (ACM) to use for outbound SSL/TLS inspection.
|
CheckCertificateRevocationStatusActions |
getCheckCertificateRevocationStatus()
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status.
|
List<ServerCertificateScope> |
getScopes()
A list of scopes.
|
List<ServerCertificate> |
getServerCertificates()
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS
inspection.
|
int |
hashCode() |
void |
marshall(ProtocolMarshaller protocolMarshaller) |
void |
setCertificateAuthorityArn(String certificateAuthorityArn)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate
Manager (ACM) to use for outbound SSL/TLS inspection.
|
void |
setCheckCertificateRevocationStatus(CheckCertificateRevocationStatusActions checkCertificateRevocationStatus)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status.
|
void |
setScopes(Collection<ServerCertificateScope> scopes)
A list of scopes.
|
void |
setServerCertificates(Collection<ServerCertificate> serverCertificates)
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS
inspection.
|
String |
toString()
Returns a string representation of this object.
|
ServerCertificateConfiguration |
withCertificateAuthorityArn(String certificateAuthorityArn)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate
Manager (ACM) to use for outbound SSL/TLS inspection.
|
ServerCertificateConfiguration |
withCheckCertificateRevocationStatus(CheckCertificateRevocationStatusActions checkCertificateRevocationStatus)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status.
|
ServerCertificateConfiguration |
withScopes(Collection<ServerCertificateScope> scopes)
A list of scopes.
|
ServerCertificateConfiguration |
withScopes(ServerCertificateScope... scopes)
A list of scopes.
|
ServerCertificateConfiguration |
withServerCertificates(Collection<ServerCertificate> serverCertificates)
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS
inspection.
|
ServerCertificateConfiguration |
withServerCertificates(ServerCertificate... serverCertificates)
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS
inspection.
|
public List<ServerCertificate> getServerCertificates()
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS inspection.
public void setServerCertificates(Collection<ServerCertificate> serverCertificates)
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS inspection.
serverCertificates - The list of a server certificate configuration's Certificate Manager certificates, used for inbound
SSL/TLS inspection.public ServerCertificateConfiguration withServerCertificates(ServerCertificate... serverCertificates)
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS inspection.
NOTE: This method appends the values to the existing list (if any). Use
setServerCertificates(java.util.Collection) or withServerCertificates(java.util.Collection) if
you want to override the existing values.
serverCertificates - The list of a server certificate configuration's Certificate Manager certificates, used for inbound
SSL/TLS inspection.public ServerCertificateConfiguration withServerCertificates(Collection<ServerCertificate> serverCertificates)
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS inspection.
serverCertificates - The list of a server certificate configuration's Certificate Manager certificates, used for inbound
SSL/TLS inspection.public List<ServerCertificateScope> getScopes()
A list of scopes.
public void setScopes(Collection<ServerCertificateScope> scopes)
A list of scopes.
scopes - A list of scopes.public ServerCertificateConfiguration withScopes(ServerCertificateScope... scopes)
A list of scopes.
NOTE: This method appends the values to the existing list (if any). Use
setScopes(java.util.Collection) or withScopes(java.util.Collection) if you want to override the
existing values.
scopes - A list of scopes.public ServerCertificateConfiguration withScopes(Collection<ServerCertificateScope> scopes)
A list of scopes.
scopes - A list of scopes.public void setCertificateAuthorityArn(String certificateAuthorityArn)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about the certificate requirements for outbound inspection, see Requirements for using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
certificateAuthorityArn - The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in
Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about the certificate requirements for outbound inspection, see Requirements for using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
public String getCertificateAuthorityArn()
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about the certificate requirements for outbound inspection, see Requirements for using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about the certificate requirements for outbound inspection, see Requirements for using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
public ServerCertificateConfiguration withCertificateAuthorityArn(String certificateAuthorityArn)
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about the certificate requirements for outbound inspection, see Requirements for using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
certificateAuthorityArn - The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in
Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about the certificate requirements for outbound inspection, see Requirements for using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
public void setCheckCertificateRevocationStatus(CheckCertificateRevocationStatusActions checkCertificateRevocationStatus)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions
that Network Firewall takes on outbound traffic. To use this option, you must specify a
CertificateAuthorityArn in ServerCertificateConfiguration.
checkCertificateRevocationStatus - When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS
connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must
specify the actions that Network Firewall takes on outbound traffic. To use this option, you must specify
a CertificateAuthorityArn in ServerCertificateConfiguration.public CheckCertificateRevocationStatusActions getCheckCertificateRevocationStatus()
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions
that Network Firewall takes on outbound traffic. To use this option, you must specify a
CertificateAuthorityArn in ServerCertificateConfiguration.
CertificateAuthorityArn in ServerCertificateConfiguration.public ServerCertificateConfiguration withCheckCertificateRevocationStatus(CheckCertificateRevocationStatusActions checkCertificateRevocationStatus)
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection
has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions
that Network Firewall takes on outbound traffic. To use this option, you must specify a
CertificateAuthorityArn in ServerCertificateConfiguration.
checkCertificateRevocationStatus - When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS
connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must
specify the actions that Network Firewall takes on outbound traffic. To use this option, you must specify
a CertificateAuthorityArn in ServerCertificateConfiguration.public String toString()
toString in class ObjectObject.toString()public ServerCertificateConfiguration clone()
public void marshall(ProtocolMarshaller protocolMarshaller)
marshall in interface StructuredPojoCopyright © 2023. All rights reserved.