com.amazonaws.services.cloudfront.model

Class ViewerCertificate

java.lang.Object

com.amazonaws.services.cloudfront.model.ViewerCertificate

All Implemented Interfaces:

Serializable, Cloneable

@Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class ViewerCertificate
extends Object
implements Serializable, Cloneable

A complex type that specifies the following:

• Which SSL/TLS certificate to use when viewers request objects using HTTPS

• Whether you want CloudFront to use dedicated IP addresses or SNI when you're using alternate domain names in your object names

• The minimum protocol version that you want CloudFront to use when communicating with viewers

For more information, see Using an HTTPS Connection to Access Your Objects in the Amazon Amazon CloudFront Developer Guide.

See Also:

AWS API Documentation, Serialized Form

Constructor Summary

Constructors

Constructor and Description
ViewerCertificate()

Method Summary

Modifier and Type	Method and Description
ViewerCertificate	clone()
boolean	equals(Object obj)
String	getACMCertificateArn()
String	getCertificate() Deprecated.
String	getCertificateSource() Deprecated.
Boolean	getCloudFrontDefaultCertificate()
String	getIAMCertificateId()
String	getMinimumProtocolVersion() Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1.
String	getSSLSupportMethod() If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:
int	hashCode()
Boolean	isCloudFrontDefaultCertificate()
void	setACMCertificateArn(String aCMCertificateArn)
void	setCertificate(String certificate) Deprecated.
void	setCertificateSource(CertificateSource certificateSource) Deprecated.
void	setCertificateSource(String certificateSource) Deprecated.
void	setCloudFrontDefaultCertificate(Boolean cloudFrontDefaultCertificate)
void	setIAMCertificateId(String iAMCertificateId)
void	setMinimumProtocolVersion(MinimumProtocolVersion minimumProtocolVersion) Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1.
void	setMinimumProtocolVersion(String minimumProtocolVersion) Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1.
void	setSSLSupportMethod(SSLSupportMethod sSLSupportMethod) If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:
void	setSSLSupportMethod(String sSLSupportMethod) If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:
String	toString() Returns a string representation of this object; useful for testing and debugging.
ViewerCertificate	withACMCertificateArn(String aCMCertificateArn)
ViewerCertificate	withCertificate(String certificate) Deprecated.
ViewerCertificate	withCertificateSource(CertificateSource certificateSource) Deprecated.
ViewerCertificate	withCertificateSource(String certificateSource) Deprecated.
ViewerCertificate	withCloudFrontDefaultCertificate(Boolean cloudFrontDefaultCertificate)
ViewerCertificate	withIAMCertificateId(String iAMCertificateId)
ViewerCertificate	withMinimumProtocolVersion(MinimumProtocolVersion minimumProtocolVersion) Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1.
ViewerCertificate	withMinimumProtocolVersion(String minimumProtocolVersion) Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1.
ViewerCertificate	withSSLSupportMethod(SSLSupportMethod sSLSupportMethod) If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:
ViewerCertificate	withSSLSupportMethod(String sSLSupportMethod) If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ViewerCertificate

public ViewerCertificate()

Method Detail

setCloudFrontDefaultCertificate

public void setCloudFrontDefaultCertificate(Boolean cloudFrontDefaultCertificate)

Parameters:

cloudFrontDefaultCertificate -

getCloudFrontDefaultCertificate

public Boolean getCloudFrontDefaultCertificate()

Returns:

withCloudFrontDefaultCertificate

public ViewerCertificate withCloudFrontDefaultCertificate(Boolean cloudFrontDefaultCertificate)

Parameters:

cloudFrontDefaultCertificate -

Returns:

Returns a reference to this object so that method calls can be chained together.

isCloudFrontDefaultCertificate

public Boolean isCloudFrontDefaultCertificate()

Returns:

setIAMCertificateId

public void setIAMCertificateId(String iAMCertificateId)

Parameters:

iAMCertificateId -

getIAMCertificateId

public String getIAMCertificateId()

Returns:

withIAMCertificateId

public ViewerCertificate withIAMCertificateId(String iAMCertificateId)

Parameters:

iAMCertificateId -

Returns:

Returns a reference to this object so that method calls can be chained together.

setACMCertificateArn

public void setACMCertificateArn(String aCMCertificateArn)

Parameters:

aCMCertificateArn -

getACMCertificateArn

public String getACMCertificateArn()

Returns:

withACMCertificateArn

public ViewerCertificate withACMCertificateArn(String aCMCertificateArn)

Parameters:

aCMCertificateArn -

Returns:

Returns a reference to this object so that method calls can be chained together.

setSSLSupportMethod

public void setSSLSupportMethod(String sSLSupportMethod)

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Parameters:

sSLSupportMethod - If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

See Also:

SSLSupportMethod

getSSLSupportMethod

public String getSSLSupportMethod()

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Returns:

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

See Also:

SSLSupportMethod

withSSLSupportMethod

public ViewerCertificate withSSLSupportMethod(String sSLSupportMethod)

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Parameters:

sSLSupportMethod - If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

SSLSupportMethod

setSSLSupportMethod

public void setSSLSupportMethod(SSLSupportMethod sSLSupportMethod)

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Parameters:

sSLSupportMethod - If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

See Also:

SSLSupportMethod

withSSLSupportMethod

public ViewerCertificate withSSLSupportMethod(SSLSupportMethod sSLSupportMethod)

If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Parameters:

sSLSupportMethod - If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

• vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.

• sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:

  • Use the vip option (dedicated IP addresses) instead of sni-only.

  • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.

  • If you can control which browser your users use, upgrade the browser to one that supports SNI.

  • Use HTTP instead of HTTPS.

Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

SSLSupportMethod

setMinimumProtocolVersion

public void setMinimumProtocolVersion(String minimumProtocolVersion)

Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

Parameters:

minimumProtocolVersion - Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

See Also:

MinimumProtocolVersion

getMinimumProtocolVersion

public String getMinimumProtocolVersion()

Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

Returns:

Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

See Also:

MinimumProtocolVersion

withMinimumProtocolVersion

public ViewerCertificate withMinimumProtocolVersion(String minimumProtocolVersion)

Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

Parameters:

minimumProtocolVersion - Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

MinimumProtocolVersion

setMinimumProtocolVersion

public void setMinimumProtocolVersion(MinimumProtocolVersion minimumProtocolVersion)

Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

Parameters:

minimumProtocolVersion - Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

See Also:

MinimumProtocolVersion

withMinimumProtocolVersion

public ViewerCertificate withMinimumProtocolVersion(MinimumProtocolVersion minimumProtocolVersion)

Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

Parameters:

minimumProtocolVersion - Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:

• If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.

• If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

MinimumProtocolVersion

setCertificate

@Deprecated
public void setCertificate(String certificate)

Deprecated.

Include one of these values to specify the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.

• If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.

• If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

You must specify one (and only one) of the three values. Do not specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

• If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:

  • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

  • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

  If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

  If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution ( https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

  • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.

  • sni-only: CloudFront drops the connection with the browser without returning the object.

• If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

  <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

  If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>

  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>

  You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>

  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>

  For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Parameters:

certificate - Include one of these values to specify the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.

• If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.

• If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

You must specify one (and only one) of the three values. Do not specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

• If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:

  • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

  • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

  If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

  If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution ( https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

  • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.

  • sni-only: CloudFront drops the connection with the browser without returning the object.

• If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

  <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

  If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>

  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>

  You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>

  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>

  For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

getCertificate

@Deprecated
public String getCertificate()

Deprecated.

Include one of these values to specify the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.

• If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.

• If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

You must specify one (and only one) of the three values. Do not specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

• If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:

  • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

  • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

  If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

  If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution ( https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

  • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.

  • sni-only: CloudFront drops the connection with the browser without returning the object.

• If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

  <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

  If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>

  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>

  You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>

  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>

  For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Returns:

Include one of these values to specify the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.

• If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.

• If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

You must specify one (and only one) of the three values. Do not specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

• If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:

  • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

  • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

  If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

  If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution ( https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

  • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.

  • sni-only: CloudFront drops the connection with the browser without returning the object.

• If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

  <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

  If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>

  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>

  You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>

  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>

  For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

withCertificate

@Deprecated
public ViewerCertificate withCertificate(String certificate)

Deprecated.

Include one of these values to specify the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.

• If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.

• If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

You must specify one (and only one) of the three values. Do not specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

• If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:

  • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

  • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

  If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

  If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution ( https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

  • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.

  • sni-only: CloudFront drops the connection with the browser without returning the object.

• If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

  <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

  If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>

  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>

  You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>

  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>

  For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Parameters:

certificate - Include one of these values to specify the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.

• If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.

• If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

You must specify one (and only one) of the three values. Do not specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

• If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:

  • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

  • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

  If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

  If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution ( https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

  • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.

  • sni-only: CloudFront drops the connection with the browser without returning the object.

• If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

  <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

  If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>

  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>

  You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>

  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>

  For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Returns:

Returns a reference to this object so that method calls can be chained together.

setCertificateSource

@Deprecated
public void setCertificateSource(String certificateSource)

Deprecated.

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

Parameters:

certificateSource -

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

See Also:

CertificateSource

getCertificateSource

@Deprecated
public String getCertificateSource()

Deprecated.

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

Returns:

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

See Also:

CertificateSource

withCertificateSource

@Deprecated
public ViewerCertificate withCertificateSource(String certificateSource)

Deprecated.

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

Parameters:

certificateSource -

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

CertificateSource

setCertificateSource

@Deprecated
public void setCertificateSource(CertificateSource certificateSource)

Deprecated.

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

Parameters:

certificateSource -

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

See Also:

CertificateSource

withCertificateSource

@Deprecated
public ViewerCertificate withCertificateSource(CertificateSource certificateSource)

Deprecated.

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

Parameters:

certificateSource -

This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

CertificateSource

toString

public String toString()

Returns a string representation of this object; useful for testing and debugging.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

clone

public ViewerCertificate clone()

Overrides:

clone in class Object