1. Answers
  2. Creating a TLS Certificate Request with Pulumi

How do I create a TLS certificate request with Pulumi?

In this guide, we will create a TLS certificate request using Pulumi. We will define the necessary properties for the certificate request such as the subject details, DNS names, IP addresses, and key algorithm. This will help you generate a certificate signing request (CSR) which can be submitted to a Certificate Authority (CA) to obtain a signed certificate.

The following Pulumi program demonstrates how to define a TLS certificate request:

import * as pulumi from "@pulumi/pulumi";
import * as tls from "@pulumi/tls";

// Define the subject details for the certificate request
const subject = {
    commonName: "example.com",
    organization: "Example Organization",
    organizationalUnit: "IT",
    country: "US",
    province: "California",
    locality: "San Francisco",
    streetAddresses: ["123 Example Street"],
    postalCode: "94105",
    serialNumber: "1234567890"
};

// Define the private key for the certificate request
const privateKey = new tls.PrivateKey("privateKey", {
    algorithm: "RSA",
    rsaBits: 2048,
});

// Create the certificate request
const certRequest = new tls.CertRequest("certRequest", {
    subject: subject,
    dnsNames: ["example.com", "www.example.com"],
    ipAddresses: ["192.168.1.1"],
    uris: ["spiffe://example.com"],
    keyAlgorithm: "RSA",
    privateKeyPem: privateKey.privateKeyPem,
});

// Export the certificate request PEM
export const certRequestPem = certRequest.certRequestPem;

Key Points:

  • Subject Details: The subject object contains the details about the entity requesting the certificate, such as the common name, organization, and location.
  • Private Key: A private key is generated using the tls.PrivateKey resource, specifying the algorithm and key size.
  • Certificate Request: The tls.CertRequest resource is used to create the certificate request, including the subject details, DNS names, IP addresses, URIs, key algorithm, and the private key PEM.
  • Export: The generated certificate request PEM is exported for use in obtaining a signed certificate from a Certificate Authority.

Summary:

We have created a TLS certificate request using Pulumi, defining the subject details, generating a private key, and creating the certificate request. This CSR can be submitted to a Certificate Authority to obtain a signed certificate.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up