Paws::ACMPCA::IssueCertificate - Arguments for method IssueCertificate on Paws::ACMPCA


This class represents the parameters used for calling the method IssueCertificate on the AWS Certificate Manager Private Certificate Authority service. Use the attributes of this class as arguments to method IssueCertificate.

You shouldn't make instances of this class. Each attribute should be used as a named argument in the call to IssueCertificate.


    my $acm-pca = Paws->service('ACMPCA');
    my $IssueCertificateResponse = $acm -pca->IssueCertificate(
      CertificateAuthorityArn => 'MyArn',
      Csr                     => 'BlobCsrBlob',
      SigningAlgorithm        => 'SHA256WITHECDSA',
      Validity                => {
        Type  => 'END_DATE',   # values: END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
        Value => 1,            # min: 1,

      IdempotencyToken => 'MyIdempotencyToken',    # OPTIONAL

    # Results:
    my $CertificateArn = $IssueCertificateResponse->CertificateArn;

    # Returns a L<Paws::ACMPCA::IssueCertificateResponse> object.

Values for attributes that are native types (Int, String, Float, etc) can passed as-is (scalar values). Values for complex Types (objects) can be passed as a HashRef. The keys and values of the hashref will be used to instance the underlying object. For the AWS API documentation, see


REQUIRED CertificateAuthorityArn => Str

The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:



The certificate signing request (CSR) for the certificate you want to issue. You can use the following OpenSSL command to create the CSR and a 2048 bit RSA private key.

openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr

If you have a configuration file, you can use the following OpenSSL command. The usr_cert block in the configuration file contains your X509 version 3 extensions.

openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr

IdempotencyToken => Str

Custom string that can be used to distinguish between calls to the IssueCertificate function. Idempotency tokens time out after one hour. Therefore, if you call IssueCertificate multiple times with the same idempotency token within 5 minutes, ACM PCA recognizes that you are requesting only one certificate and will issue only one. If you change the idempotency token for each call, PCA recognizes that you are requesting multiple certificates.

REQUIRED SigningAlgorithm => Str

The name of the algorithm that will be used to sign the certificate to be issued.


REQUIRED Validity => Paws::ACMPCA::Validity

The type of the validity period.


This class forms part of Paws, documenting arguments for method IssueCertificate in Paws::ACMPCA


The source code is located here:

Please report bugs to: