:doc:`IoT <../../iot>` / Client / register_ca_certificate

***********************
register_ca_certificate
***********************



.. py:method:: IoT.Client.register_ca_certificate(**kwargs)

  

  Registers a CA certificate with Amazon Web Services IoT Core. There is no limit to the number of CA certificates you can register in your Amazon Web Services account. You can register up to 10 CA certificates with the same ``CA subject field`` per Amazon Web Services account.

   

  Requires permission to access the `RegisterCACertificate <https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions>`__ action.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iot-2015-05-28/RegisterCACertificate>`_  


  **Request Syntax**
  ::

    response = client.register_ca_certificate(
        caCertificate='string',
        verificationCertificate='string',
        setAsActive=True|False,
        allowAutoRegistration=True|False,
        registrationConfig={
            'templateBody': 'string',
            'roleArn': 'string',
            'templateName': 'string'
        },
        tags=[
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        certificateMode='DEFAULT'|'SNI_ONLY'
    )
    
  :type caCertificate: string
  :param caCertificate: **[REQUIRED]** 

    The CA certificate.

    

  
  :type verificationCertificate: string
  :param verificationCertificate: 

    The private key verification certificate. If ``certificateMode`` is ``SNI_ONLY``, the ``verificationCertificate`` field must be empty. If ``certificateMode`` is ``DEFAULT`` or not provided, the ``verificationCertificate`` field must not be empty.

    

  
  :type setAsActive: boolean
  :param setAsActive: 

    A boolean value that specifies if the CA certificate is set to active.

     

    Valid values: ``ACTIVE | INACTIVE``

    

  
  :type allowAutoRegistration: boolean
  :param allowAutoRegistration: 

    Allows this CA certificate to be used for auto registration of device certificates.

    

  
  :type registrationConfig: dict
  :param registrationConfig: 

    Information about the registration configuration.

    

  
    - **templateBody** *(string) --* 

      The template body.

      

    
    - **roleArn** *(string) --* 

      The ARN of the role.

      

    
    - **templateName** *(string) --* 

      The name of the provisioning template.

      

    
  
  :type tags: list
  :param tags: 

    Metadata which can be used to manage the CA certificate.

     

    .. note::

      

      For URI Request parameters use format: ...key1=value1&key2=value2...

       

      For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

       

      For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

      

    

  
    - *(dict) --* 

      A set of key/value pairs that are used to manage the resource.

      

    
      - **Key** *(string) --* **[REQUIRED]** 

        The tag's key.

        

      
      - **Value** *(string) --* 

        The tag's value.

        

      
    

  :type certificateMode: string
  :param certificateMode: 

    Describes the certificate mode in which the Certificate Authority (CA) will be registered. If the ``verificationCertificate`` field is not provided, set ``certificateMode`` to be ``SNI_ONLY``. If the ``verificationCertificate`` field is provided, set ``certificateMode`` to be ``DEFAULT``. When ``certificateMode`` is not provided, it defaults to ``DEFAULT``. All the device certificates that are registered using this CA will be registered in the same certificate mode as the CA. For more information about certificate mode for device certificates, see `certificate mode <https://docs.aws.amazon.com/iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode>`__.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'certificateArn': 'string',
          'certificateId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 

      The output from the RegisterCACertificateResponse operation.

      
      

      - **certificateArn** *(string) --* 

        The CA certificate ARN.

        
      

      - **certificateId** *(string) --* 

        The CA certificate identifier.

        
  
  **Exceptions**
  
  *   :py:class:`IoT.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`IoT.Client.exceptions.ResourceAlreadyExistsException`

  
  *   :py:class:`IoT.Client.exceptions.RegistrationCodeValidationException`

  
  *   :py:class:`IoT.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`IoT.Client.exceptions.CertificateValidationException`

  
  *   :py:class:`IoT.Client.exceptions.ThrottlingException`

  
  *   :py:class:`IoT.Client.exceptions.LimitExceededException`

  
  *   :py:class:`IoT.Client.exceptions.UnauthorizedException`

  
  *   :py:class:`IoT.Client.exceptions.ServiceUnavailableException`

  
  *   :py:class:`IoT.Client.exceptions.InternalFailureException`

  