Ready to level-up your engineering skills? Join a Pulumi Workshop. Register Now

OriginCaCertificate

Provides a Cloudflare Origin CA certificate used to protect traffic to your origin without involving a third party Certificate Authority.

This resource requires you use your Origin CA Key as the api_user_service_key, in conjunction with an api_token or email and api_key.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
using Tls = Pulumi.Tls;

class MyStack : Stack
{
    public MyStack()
    {
        // Create a CSR and generate a CA certificate
        var examplePrivateKey = new Tls.PrivateKey("examplePrivateKey", new Tls.PrivateKeyArgs
        {
            Algorithm = "RSA",
        });
        var exampleCertRequest = new Tls.CertRequest("exampleCertRequest", new Tls.CertRequestArgs
        {
            KeyAlgorithm = examplePrivateKey.Algorithm,
            PrivateKeyPem = examplePrivateKey.PrivateKeyPem,
            Subjects = 
            {
                new Tls.Inputs.CertRequestSubjectArgs
                {
                    CommonName = "",
                    Organization = "Terraform Test",
                },
            },
        });
        var exampleOriginCaCertificate = new Cloudflare.OriginCaCertificate("exampleOriginCaCertificate", new Cloudflare.OriginCaCertificateArgs
        {
            Csr = exampleCertRequest.CertRequestPem,
            Hostnames = 
            {
                "example.com",
            },
            RequestType = "origin-rsa",
            RequestedValidity = 7,
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-cloudflare/sdk/v2/go/cloudflare"
    "github.com/pulumi/pulumi-tls/sdk/v2/go/tls"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        examplePrivateKey, err := tls.NewPrivateKey(ctx, "examplePrivateKey", &tls.PrivateKeyArgs{
            Algorithm: pulumi.String("RSA"),
        })
        if err != nil {
            return err
        }
        exampleCertRequest, err := tls.NewCertRequest(ctx, "exampleCertRequest", &tls.CertRequestArgs{
            KeyAlgorithm:  examplePrivateKey.Algorithm,
            PrivateKeyPem: examplePrivateKey.PrivateKeyPem,
            Subjects: tls.CertRequestSubjectArray{
                &tls.CertRequestSubjectArgs{
                    CommonName:   pulumi.String(""),
                    Organization: pulumi.String("Terraform Test"),
                },
            },
        })
        if err != nil {
            return err
        }
        _, err = cloudflare.NewOriginCaCertificate(ctx, "exampleOriginCaCertificate", &cloudflare.OriginCaCertificateArgs{
            Csr: exampleCertRequest.CertRequestPem,
            Hostnames: pulumi.StringArray{
                pulumi.String("example.com"),
            },
            RequestType:       pulumi.String("origin-rsa"),
            RequestedValidity: pulumi.Int(7),
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_cloudflare as cloudflare
import pulumi_tls as tls

# Create a CSR and generate a CA certificate
example_private_key = tls.PrivateKey("examplePrivateKey", algorithm="RSA")
example_cert_request = tls.CertRequest("exampleCertRequest",
    key_algorithm=example_private_key.algorithm,
    private_key_pem=example_private_key.private_key_pem,
    subjects=[tls.CertRequestSubjectArgs(
        common_name="",
        organization="Terraform Test",
    )])
example_origin_ca_certificate = cloudflare.OriginCaCertificate("exampleOriginCaCertificate",
    csr=example_cert_request.cert_request_pem,
    hostnames=["example.com"],
    request_type="origin-rsa",
    requested_validity=7)
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
import * as tls from "@pulumi/tls";

// Create a CSR and generate a CA certificate
const examplePrivateKey = new tls.PrivateKey("examplePrivateKey", {algorithm: "RSA"});
const exampleCertRequest = new tls.CertRequest("exampleCertRequest", {
    keyAlgorithm: examplePrivateKey.algorithm,
    privateKeyPem: examplePrivateKey.privateKeyPem,
    subjects: [{
        commonName: "",
        organization: "Terraform Test",
    }],
});
const exampleOriginCaCertificate = new cloudflare.OriginCaCertificate("exampleOriginCaCertificate", {
    csr: exampleCertRequest.certRequestPem,
    hostnames: ["example.com"],
    requestType: "origin-rsa",
    requestedValidity: 7,
});

Create a OriginCaCertificate Resource

new OriginCaCertificate(name: string, args: OriginCaCertificateArgs, opts?: CustomResourceOptions);
def OriginCaCertificate(resource_name: str, opts: Optional[ResourceOptions] = None, csr: Optional[str] = None, hostnames: Optional[Sequence[str]] = None, request_type: Optional[str] = None, requested_validity: Optional[int] = None)
func NewOriginCaCertificate(ctx *Context, name string, args OriginCaCertificateArgs, opts ...ResourceOption) (*OriginCaCertificate, error)
public OriginCaCertificate(string name, OriginCaCertificateArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args OriginCaCertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args OriginCaCertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args OriginCaCertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

OriginCaCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The OriginCaCertificate resource accepts the following input properties:

Csr string

The Certificate Signing Request. Must be newline-encoded.

Hostnames List<string>

An array of hostnames or wildcard names bound to the certificate.

RequestType string

The signature type desired on the certificate.

RequestedValidity int

The number of days for which the certificate should be valid.

Csr string

The Certificate Signing Request. Must be newline-encoded.

Hostnames []string

An array of hostnames or wildcard names bound to the certificate.

RequestType string

The signature type desired on the certificate.

RequestedValidity int

The number of days for which the certificate should be valid.

csr string

The Certificate Signing Request. Must be newline-encoded.

hostnames string[]

An array of hostnames or wildcard names bound to the certificate.

requestType string

The signature type desired on the certificate.

requestedValidity number

The number of days for which the certificate should be valid.

csr str

The Certificate Signing Request. Must be newline-encoded.

hostnames Sequence[str]

An array of hostnames or wildcard names bound to the certificate.

request_type str

The signature type desired on the certificate.

requested_validity int

The number of days for which the certificate should be valid.

Outputs

All input properties are implicitly available as output properties. Additionally, the OriginCaCertificate resource produces the following output properties:

Certificate string

The Origin CA certificate

ExpiresOn string

The datetime when the certificate will expire.

Id string
The provider-assigned unique ID for this managed resource.
Certificate string

The Origin CA certificate

ExpiresOn string

The datetime when the certificate will expire.

Id string
The provider-assigned unique ID for this managed resource.
certificate string

The Origin CA certificate

expiresOn string

The datetime when the certificate will expire.

id string
The provider-assigned unique ID for this managed resource.
certificate str

The Origin CA certificate

expires_on str

The datetime when the certificate will expire.

id str
The provider-assigned unique ID for this managed resource.

Look up an Existing OriginCaCertificate Resource

Get an existing OriginCaCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OriginCaCertificateState, opts?: CustomResourceOptions): OriginCaCertificate
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, certificate: Optional[str] = None, csr: Optional[str] = None, expires_on: Optional[str] = None, hostnames: Optional[Sequence[str]] = None, request_type: Optional[str] = None, requested_validity: Optional[int] = None) -> OriginCaCertificate
func GetOriginCaCertificate(ctx *Context, name string, id IDInput, state *OriginCaCertificateState, opts ...ResourceOption) (*OriginCaCertificate, error)
public static OriginCaCertificate Get(string name, Input<string> id, OriginCaCertificateState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Certificate string

The Origin CA certificate

Csr string

The Certificate Signing Request. Must be newline-encoded.

ExpiresOn string

The datetime when the certificate will expire.

Hostnames List<string>

An array of hostnames or wildcard names bound to the certificate.

RequestType string

The signature type desired on the certificate.

RequestedValidity int

The number of days for which the certificate should be valid.

Certificate string

The Origin CA certificate

Csr string

The Certificate Signing Request. Must be newline-encoded.

ExpiresOn string

The datetime when the certificate will expire.

Hostnames []string

An array of hostnames or wildcard names bound to the certificate.

RequestType string

The signature type desired on the certificate.

RequestedValidity int

The number of days for which the certificate should be valid.

certificate string

The Origin CA certificate

csr string

The Certificate Signing Request. Must be newline-encoded.

expiresOn string

The datetime when the certificate will expire.

hostnames string[]

An array of hostnames or wildcard names bound to the certificate.

requestType string

The signature type desired on the certificate.

requestedValidity number

The number of days for which the certificate should be valid.

certificate str

The Origin CA certificate

csr str

The Certificate Signing Request. Must be newline-encoded.

expires_on str

The datetime when the certificate will expire.

hostnames Sequence[str]

An array of hostnames or wildcard names bound to the certificate.

request_type str

The signature type desired on the certificate.

requested_validity int

The number of days for which the certificate should be valid.

Import

Origin CA certificate resource can be imported using an ID, e.g.

 $ pulumi import cloudflare:index/originCaCertificate:OriginCaCertificate example 276266538771611802607153687288146423901027769273

Package Details

Repository
https://github.com/pulumi/pulumi-cloudflare
License
Apache-2.0
Notes
This Pulumi package is based on the cloudflare Terraform Provider.