:doc:`Transfer <../../transfer>` / Client / import_certificate

******************
import_certificate
******************



.. py:method:: Transfer.Client.import_certificate(**kwargs)

  

  Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles.

   

  You can import both the certificate and its chain in the ``Certificate`` parameter.

   

  After importing a certificate, Transfer Family automatically creates a Amazon CloudWatch metric called ``DaysUntilExpiry`` that tracks the number of days until the certificate expires. The metric is based on the ``InactiveDate`` parameter and is published daily in the ``AWS/Transfer`` namespace.

   

  .. warning::

     

    It can take up to a full day after importing a certificate for Transfer Family to emit the ``DaysUntilExpiry`` metric to your account.

     

   

  .. note::

    

    If you use the ``Certificate`` parameter to upload both the certificate and its chain, don't use the ``CertificateChain`` parameter.

    

   

  **CloudWatch monitoring**

   

  The ``DaysUntilExpiry`` metric includes the following specifications:

   

  
  * **Units:** Count (days)
   
  * **Dimensions:** ``CertificateId`` (always present), ``Description`` (if provided during certificate import)
   
  * **Statistics:** Minimum, Maximum, Average
   
  * **Frequency:** Published daily
  

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/transfer-2018-11-05/ImportCertificate>`_  


  **Request Syntax**
  ::

    response = client.import_certificate(
        Usage='SIGNING'|'ENCRYPTION'|'TLS',
        Certificate='string',
        CertificateChain='string',
        PrivateKey='string',
        ActiveDate=datetime(2015, 1, 1),
        InactiveDate=datetime(2015, 1, 1),
        Description='string',
        Tags=[
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    )
    
  :type Usage: string
  :param Usage: **[REQUIRED]** 

    Specifies how this certificate is used. It can be used in the following ways:

     

    
    * ``SIGNING``: For signing AS2 messages
     
    * ``ENCRYPTION``: For encrypting AS2 messages
     
    * ``TLS``: For securing AS2 communications sent over HTTPS
    

    

  
  :type Certificate: string
  :param Certificate: **[REQUIRED]** 

    
    * For the CLI, provide a file path for a certificate in URI format. For example, ``--certificate file://encryption-cert.pem``. Alternatively, you can provide the raw content.
     
    * For the SDK, specify the raw content of a certificate file. For example, ``--certificate "`cat encryption-cert.pem`"``.
    

     

    .. note::

      

      You can provide both the certificate and its chain in this parameter, without needing to use the ``CertificateChain`` parameter. If you use this parameter for both the certificate and its chain, do not use the ``CertificateChain`` parameter.

      

    

  
  :type CertificateChain: string
  :param CertificateChain: 

    An optional list of certificates that make up the chain for the certificate that's being imported.

    

  
  :type PrivateKey: string
  :param PrivateKey: 

    
    * For the CLI, provide a file path for a private key in URI format. For example, ``--private-key file://encryption-key.pem``. Alternatively, you can provide the raw content of the private key file.
     
    * For the SDK, specify the raw content of a private key file. For example, ``--private-key "`cat encryption-key.pem`"``
    

    

  
  :type ActiveDate: datetime
  :param ActiveDate: 

    An optional date that specifies when the certificate becomes active. If you do not specify a value, ``ActiveDate`` takes the same value as ``NotBeforeDate``, which is specified by the CA.

    

  
  :type InactiveDate: datetime
  :param InactiveDate: 

    An optional date that specifies when the certificate becomes inactive. If you do not specify a value, ``InactiveDate`` takes the same value as ``NotAfterDate``, which is specified by the CA.

    

  
  :type Description: string
  :param Description: 

    A short description that helps identify the certificate.

    

  
  :type Tags: list
  :param Tags: 

    Key-value pairs that can be used to group and search for certificates.

    

  
    - *(dict) --* 

      Creates a key-value pair for a specific resource. Tags are metadata that you can use to search for and group a resource for various purposes. You can apply tags to servers, users, and roles. A tag key can take more than one value. For example, to group servers for accounting purposes, you might create a tag called ``Group`` and assign the values ``Research`` and ``Accounting`` to that group.

      

    
      - **Key** *(string) --* **[REQUIRED]** 

        The name assigned to the tag that you create.

        

      
      - **Value** *(string) --* **[REQUIRED]** 

        Contains one or more values that you assigned to the key name you create.

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'CertificateId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **CertificateId** *(string) --* 

        An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.

        
  
  **Exceptions**
  
  *   :py:class:`Transfer.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`Transfer.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`Transfer.Client.exceptions.InternalServiceError`

  
  *   :py:class:`Transfer.Client.exceptions.ServiceUnavailableException`

  