OriginCaCertificate

Provides a Cloudflare Origin CA certificate used to protect traffic to your origin without involving a third party Certificate Authority.

This resource requires you use your Origin CA Key as the api_user_service_key, in conjunction with an api_token or email and api_key.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
using Tls = Pulumi.Tls;

class MyStack : Stack
{
    public MyStack()
    {
        // Create a CSR and generate a CA certificate
        var examplePrivateKey = new Tls.PrivateKey("examplePrivateKey", new Tls.PrivateKeyArgs
        {
            Algorithm = "RSA",
        });
        var exampleCertRequest = new Tls.CertRequest("exampleCertRequest", new Tls.CertRequestArgs
        {
            KeyAlgorithm = examplePrivateKey.Algorithm,
            PrivateKeyPem = examplePrivateKey.PrivateKeyPem,
            Subjects = 
            {
                new Tls.Inputs.CertRequestSubjectArgs
                {
                    CommonName = "",
                    Organization = "Terraform Test",
                },
            },
        });
        var exampleOriginCaCertificate = new Cloudflare.OriginCaCertificate("exampleOriginCaCertificate", new Cloudflare.OriginCaCertificateArgs
        {
            Csr = exampleCertRequest.CertRequestPem,
            Hostnames = 
            {
                "example.com",
            },
            RequestType = "origin-rsa",
            RequestedValidity = 7,
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-cloudflare/sdk/v2/go/cloudflare"
    "github.com/pulumi/pulumi-tls/sdk/v2/go/tls"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        examplePrivateKey, err := tls.NewPrivateKey(ctx, "examplePrivateKey", &tls.PrivateKeyArgs{
            Algorithm: pulumi.String("RSA"),
        })
        if err != nil {
            return err
        }
        exampleCertRequest, err := tls.NewCertRequest(ctx, "exampleCertRequest", &tls.CertRequestArgs{
            KeyAlgorithm:  examplePrivateKey.Algorithm,
            PrivateKeyPem: examplePrivateKey.PrivateKeyPem,
            Subjects: tls.CertRequestSubjectArray{
                &tls.CertRequestSubjectArgs{
                    CommonName:   pulumi.String(""),
                    Organization: pulumi.String("Terraform Test"),
                },
            },
        })
        if err != nil {
            return err
        }
        _, err = cloudflare.NewOriginCaCertificate(ctx, "exampleOriginCaCertificate", &cloudflare.OriginCaCertificateArgs{
            Csr: exampleCertRequest.CertRequestPem,
            Hostnames: pulumi.StringArray{
                pulumi.String("example.com"),
            },
            RequestType:       pulumi.String("origin-rsa"),
            RequestedValidity: pulumi.Int(7),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_cloudflare as cloudflare
import pulumi_tls as tls

# Create a CSR and generate a CA certificate
example_private_key = tls.PrivateKey("examplePrivateKey", algorithm="RSA")
example_cert_request = tls.CertRequest("exampleCertRequest",
    key_algorithm=example_private_key.algorithm,
    private_key_pem=example_private_key.private_key_pem,
    subjects=[tls.CertRequestSubjectArgs(
        common_name="",
        organization="Terraform Test",
    )])
example_origin_ca_certificate = cloudflare.OriginCaCertificate("exampleOriginCaCertificate",
    csr=example_cert_request.cert_request_pem,
    hostnames=["example.com"],
    request_type="origin-rsa",
    requested_validity=7)

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
import * as tls from "@pulumi/tls";

// Create a CSR and generate a CA certificate
const examplePrivateKey = new tls.PrivateKey("examplePrivateKey", {algorithm: "RSA"});
const exampleCertRequest = new tls.CertRequest("exampleCertRequest", {
    keyAlgorithm: examplePrivateKey.algorithm,
    privateKeyPem: examplePrivateKey.privateKeyPem,
    subjects: [{
        commonName: "",
        organization: "Terraform Test",
    }],
});
const exampleOriginCaCertificate = new cloudflare.OriginCaCertificate("exampleOriginCaCertificate", {
    csr: exampleCertRequest.certRequestPem,
    hostnames: ["example.com"],
    requestType: "origin-rsa",
    requestedValidity: 7,
});

Create a OriginCaCertificate Resource

new OriginCaCertificate(name: string, args: OriginCaCertificateArgs, opts?: CustomResourceOptions);

def OriginCaCertificate(resource_name: str, opts: Optional[ResourceOptions] = None, csr: Optional[str] = None, hostnames: Optional[Sequence[str]] = None, request_type: Optional[str] = None, requested_validity: Optional[int] = None)

func NewOriginCaCertificate(ctx *Context, name string, args OriginCaCertificateArgs, opts ...ResourceOption) (*OriginCaCertificate, error)

public OriginCaCertificate(string name, OriginCaCertificateArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args OriginCaCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OriginCaCertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OriginCaCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

OriginCaCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The OriginCaCertificate resource accepts the following input properties:

Csr string: The Certificate Signing Request. Must be newline-encoded.
Hostnames List<string>: An array of hostnames or wildcard names bound to the certificate.
RequestType string: The signature type desired on the certificate.
RequestedValidity int: The number of days for which the certificate should be valid.

Csr string: The Certificate Signing Request. Must be newline-encoded.
Hostnames []string: An array of hostnames or wildcard names bound to the certificate.
RequestType string: The signature type desired on the certificate.
RequestedValidity int: The number of days for which the certificate should be valid.

csr string: The Certificate Signing Request. Must be newline-encoded.
hostnames string[]: An array of hostnames or wildcard names bound to the certificate.
requestType string: The signature type desired on the certificate.
requestedValidity number: The number of days for which the certificate should be valid.

csr str: The Certificate Signing Request. Must be newline-encoded.
hostnames Sequence[str]: An array of hostnames or wildcard names bound to the certificate.
request_type str: The signature type desired on the certificate.
requested_validity int: The number of days for which the certificate should be valid.

Outputs

All input properties are implicitly available as output properties. Additionally, the OriginCaCertificate resource produces the following output properties:

Certificate string: The Origin CA certificate
ExpiresOn string: The datetime when the certificate will expire.
Id string: The provider-assigned unique ID for this managed resource.

Certificate string: The Origin CA certificate
ExpiresOn string: The datetime when the certificate will expire.
Id string: The provider-assigned unique ID for this managed resource.

certificate string: The Origin CA certificate
expiresOn string: The datetime when the certificate will expire.
id string: The provider-assigned unique ID for this managed resource.

certificate str: The Origin CA certificate
expires_on str: The datetime when the certificate will expire.
id str: The provider-assigned unique ID for this managed resource.

Look up an Existing OriginCaCertificate Resource

Get an existing OriginCaCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OriginCaCertificateState, opts?: CustomResourceOptions): OriginCaCertificate

@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, certificate: Optional[str] = None, csr: Optional[str] = None, expires_on: Optional[str] = None, hostnames: Optional[Sequence[str]] = None, request_type: Optional[str] = None, requested_validity: Optional[int] = None) -> OriginCaCertificate

func GetOriginCaCertificate(ctx *Context, name string, id IDInput, state *OriginCaCertificateState, opts ...ResourceOption) (*OriginCaCertificate, error)

public static OriginCaCertificate Get(string name, Input<string> id, OriginCaCertificateState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Certificate string: The Origin CA certificate
Csr string: The Certificate Signing Request. Must be newline-encoded.
ExpiresOn string: The datetime when the certificate will expire.
Hostnames List<string>: An array of hostnames or wildcard names bound to the certificate.
RequestType string: The signature type desired on the certificate.
RequestedValidity int: The number of days for which the certificate should be valid.

Certificate string: The Origin CA certificate
Csr string: The Certificate Signing Request. Must be newline-encoded.
ExpiresOn string: The datetime when the certificate will expire.
Hostnames []string: An array of hostnames or wildcard names bound to the certificate.
RequestType string: The signature type desired on the certificate.
RequestedValidity int: The number of days for which the certificate should be valid.

certificate string: The Origin CA certificate
csr string: The Certificate Signing Request. Must be newline-encoded.
expiresOn string: The datetime when the certificate will expire.
hostnames string[]: An array of hostnames or wildcard names bound to the certificate.
requestType string: The signature type desired on the certificate.
requestedValidity number: The number of days for which the certificate should be valid.

certificate str: The Origin CA certificate
csr str: The Certificate Signing Request. Must be newline-encoded.
expires_on str: The datetime when the certificate will expire.
hostnames Sequence[str]: An array of hostnames or wildcard names bound to the certificate.
request_type str: The signature type desired on the certificate.
requested_validity int: The number of days for which the certificate should be valid.

Import

Origin CA certificate resource can be imported using an ID, e.g.

 $ pulumi import cloudflare:index/originCaCertificate:OriginCaCertificate example 276266538771611802607153687288146423901027769273

Package Details

Repository: https://github.com/pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud