{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-private-ca/refs/heads/main/json-schema/amazon-private-ca-ocsp-configuration-schema.json",
  "title": "OcspConfiguration",
  "description": "<p>Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.</p> <p>When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.</p>",
  "type": "object",
  "properties": {
    "Enabled": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Boolean"
        },
        {
          "description": "Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status."
        }
      ]
    },
    "OcspCustomCname": {
      "allOf": [
        {
          "$ref": "#/components/schemas/CnameString"
        },
        {
          "description": "<p>By default, Amazon Web Services Private CA injects an Amazon Web Services domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.</p> <note> <p>The content of a Canonical Name (CNAME) record must conform to <a href=\"https://www.ietf.org/rfc/rfc2396.txt\">RFC2396</a> restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as \"http://\" or \"https://\".</p> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/privateca/latest/userguide/ocsp-customize.html\">Customizing Online Certificate Status Protocol (OCSP) </a> in the <i>Amazon Web Services Private Certificate Authority User Guide</i>.</p>"
        }
      ]
    }
  },
  "required": [
    "Enabled"
  ]
}