TLS v5.2.0, Apr 24 25

TLS v5.2.0 published on Thursday, Apr 24, 2025 by Pulumi

tls.LocallySignedCert

Explore with Pulumi AI

TLS v5.2.0 published on Thursday, Apr 24, 2025 by Pulumi

Create LocallySignedCert Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LocallySignedCert(name: string, args: LocallySignedCertArgs, opts?: CustomResourceOptions);

@overload
def LocallySignedCert(resource_name: str,
                      args: LocallySignedCertArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def LocallySignedCert(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      allowed_uses: Optional[Sequence[str]] = None,
                      ca_cert_pem: Optional[str] = None,
                      ca_private_key_pem: Optional[str] = None,
                      cert_request_pem: Optional[str] = None,
                      validity_period_hours: Optional[int] = None,
                      early_renewal_hours: Optional[int] = None,
                      is_ca_certificate: Optional[bool] = None,
                      set_subject_key_id: Optional[bool] = None)

func NewLocallySignedCert(ctx *Context, name string, args LocallySignedCertArgs, opts ...ResourceOption) (*LocallySignedCert, error)

public LocallySignedCert(string name, LocallySignedCertArgs args, CustomResourceOptions? opts = null)

public LocallySignedCert(String name, LocallySignedCertArgs args)
public LocallySignedCert(String name, LocallySignedCertArgs args, CustomResourceOptions options)

type: tls:LocallySignedCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LocallySignedCertArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LocallySignedCertArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LocallySignedCertArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LocallySignedCertArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LocallySignedCertArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var locallySignedCertResource = new Tls.LocallySignedCert("locallySignedCertResource", new()
{
    AllowedUses = new[]
    {
        "string",
    },
    CaCertPem = "string",
    CaPrivateKeyPem = "string",
    CertRequestPem = "string",
    ValidityPeriodHours = 0,
    EarlyRenewalHours = 0,
    IsCaCertificate = false,
    SetSubjectKeyId = false,
});

example, err := tls.NewLocallySignedCert(ctx, "locallySignedCertResource", &tls.LocallySignedCertArgs{
	AllowedUses: pulumi.StringArray{
		pulumi.String("string"),
	},
	CaCertPem:           pulumi.String("string"),
	CaPrivateKeyPem:     pulumi.String("string"),
	CertRequestPem:      pulumi.String("string"),
	ValidityPeriodHours: pulumi.Int(0),
	EarlyRenewalHours:   pulumi.Int(0),
	IsCaCertificate:     pulumi.Bool(false),
	SetSubjectKeyId:     pulumi.Bool(false),
})

var locallySignedCertResource = new LocallySignedCert("locallySignedCertResource", LocallySignedCertArgs.builder()
    .allowedUses("string")
    .caCertPem("string")
    .caPrivateKeyPem("string")
    .certRequestPem("string")
    .validityPeriodHours(0)
    .earlyRenewalHours(0)
    .isCaCertificate(false)
    .setSubjectKeyId(false)
    .build());

locally_signed_cert_resource = tls.LocallySignedCert("locallySignedCertResource",
    allowed_uses=["string"],
    ca_cert_pem="string",
    ca_private_key_pem="string",
    cert_request_pem="string",
    validity_period_hours=0,
    early_renewal_hours=0,
    is_ca_certificate=False,
    set_subject_key_id=False)

const locallySignedCertResource = new tls.LocallySignedCert("locallySignedCertResource", {
    allowedUses: ["string"],
    caCertPem: "string",
    caPrivateKeyPem: "string",
    certRequestPem: "string",
    validityPeriodHours: 0,
    earlyRenewalHours: 0,
    isCaCertificate: false,
    setSubjectKeyId: false,
});

type: tls:LocallySignedCert
properties:
    allowedUses:
        - string
    caCertPem: string
    caPrivateKeyPem: string
    certRequestPem: string
    earlyRenewalHours: 0
    isCaCertificate: false
    setSubjectKeyId: false
    validityPeriodHours: 0

LocallySignedCert Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LocallySignedCert resource accepts the following input properties:

AllowedUses List<string>: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
CaCertPem string: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
CaPrivateKeyPem string: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
CertRequestPem string: Certificate request data in PEM (RFC 1421) format.
ValidityPeriodHours int: Number of hours, after initial issuing, that the certificate will remain valid for.
EarlyRenewalHours int
IsCaCertificate bool: Is the generated certificate representing a Certificate Authority (CA) (default: false).
SetSubjectKeyId bool: Should the generated certificate include a subject key identifier (default: false).

AllowedUses []string: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
CaCertPem string: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
CaPrivateKeyPem string: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
CertRequestPem string: Certificate request data in PEM (RFC 1421) format.
ValidityPeriodHours int: Number of hours, after initial issuing, that the certificate will remain valid for.
EarlyRenewalHours int
IsCaCertificate bool: Is the generated certificate representing a Certificate Authority (CA) (default: false).
SetSubjectKeyId bool: Should the generated certificate include a subject key identifier (default: false).

allowedUses List<String>: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
caCertPem String: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
caPrivateKeyPem String: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
certRequestPem String: Certificate request data in PEM (RFC 1421) format.
validityPeriodHours Integer: Number of hours, after initial issuing, that the certificate will remain valid for.
earlyRenewalHours Integer
isCaCertificate Boolean: Is the generated certificate representing a Certificate Authority (CA) (default: false).
setSubjectKeyId Boolean: Should the generated certificate include a subject key identifier (default: false).

allowedUses string[]: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
caCertPem string: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
caPrivateKeyPem string: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
certRequestPem string: Certificate request data in PEM (RFC 1421) format.
validityPeriodHours number: Number of hours, after initial issuing, that the certificate will remain valid for.
earlyRenewalHours number
isCaCertificate boolean: Is the generated certificate representing a Certificate Authority (CA) (default: false).
setSubjectKeyId boolean: Should the generated certificate include a subject key identifier (default: false).

allowed_uses Sequence[str]: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
ca_cert_pem str: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
ca_private_key_pem str: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
cert_request_pem str: Certificate request data in PEM (RFC 1421) format.
validity_period_hours int: Number of hours, after initial issuing, that the certificate will remain valid for.
early_renewal_hours int
is_ca_certificate bool: Is the generated certificate representing a Certificate Authority (CA) (default: false).
set_subject_key_id bool: Should the generated certificate include a subject key identifier (default: false).

allowedUses List<String>: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
caCertPem String: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
caPrivateKeyPem String: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
certRequestPem String: Certificate request data in PEM (RFC 1421) format.
validityPeriodHours Number: Number of hours, after initial issuing, that the certificate will remain valid for.
earlyRenewalHours Number
isCaCertificate Boolean: Is the generated certificate representing a Certificate Authority (CA) (default: false).
setSubjectKeyId Boolean: Should the generated certificate include a subject key identifier (default: false).

Outputs

All input properties are implicitly available as output properties. Additionally, the LocallySignedCert resource produces the following output properties:

CaKeyAlgorithm string: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
CertPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
Id string: The provider-assigned unique ID for this managed resource.
ReadyForRenewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
ValidityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

CaKeyAlgorithm string: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
CertPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
Id string: The provider-assigned unique ID for this managed resource.
ReadyForRenewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
ValidityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

caKeyAlgorithm String: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
certPem String: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
id String: The provider-assigned unique ID for this managed resource.
readyForRenewal Boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime String: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime String: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

caKeyAlgorithm string: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
certPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
id string: The provider-assigned unique ID for this managed resource.
readyForRenewal boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

ca_key_algorithm str: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
cert_pem str: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
id str: The provider-assigned unique ID for this managed resource.
ready_for_renewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validity_end_time str: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validity_start_time str: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

caKeyAlgorithm String: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
certPem String: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
id String: The provider-assigned unique ID for this managed resource.
readyForRenewal Boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime String: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime String: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

Look up Existing LocallySignedCert Resource

Get an existing LocallySignedCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: LocallySignedCertState, opts?: CustomResourceOptions): LocallySignedCert

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_uses: Optional[Sequence[str]] = None,
        ca_cert_pem: Optional[str] = None,
        ca_key_algorithm: Optional[str] = None,
        ca_private_key_pem: Optional[str] = None,
        cert_pem: Optional[str] = None,
        cert_request_pem: Optional[str] = None,
        early_renewal_hours: Optional[int] = None,
        is_ca_certificate: Optional[bool] = None,
        ready_for_renewal: Optional[bool] = None,
        set_subject_key_id: Optional[bool] = None,
        validity_end_time: Optional[str] = None,
        validity_period_hours: Optional[int] = None,
        validity_start_time: Optional[str] = None) -> LocallySignedCert

func GetLocallySignedCert(ctx *Context, name string, id IDInput, state *LocallySignedCertState, opts ...ResourceOption) (*LocallySignedCert, error)

public static LocallySignedCert Get(string name, Input<string> id, LocallySignedCertState? state, CustomResourceOptions? opts = null)

public static LocallySignedCert get(String name, Output<String> id, LocallySignedCertState state, CustomResourceOptions options)

resources:  _:    type: tls:LocallySignedCert    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedUses List<string>: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
CaCertPem string: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
CaKeyAlgorithm string: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
CaPrivateKeyPem string: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
CertPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
CertRequestPem string: Certificate request data in PEM (RFC 1421) format.
EarlyRenewalHours int
IsCaCertificate bool: Is the generated certificate representing a Certificate Authority (CA) (default: false).
ReadyForRenewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
SetSubjectKeyId bool: Should the generated certificate include a subject key identifier (default: false).
ValidityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityPeriodHours int: Number of hours, after initial issuing, that the certificate will remain valid for.
ValidityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

AllowedUses []string: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
CaCertPem string: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
CaKeyAlgorithm string: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
CaPrivateKeyPem string: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
CertPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
CertRequestPem string: Certificate request data in PEM (RFC 1421) format.
EarlyRenewalHours int
IsCaCertificate bool: Is the generated certificate representing a Certificate Authority (CA) (default: false).
ReadyForRenewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
SetSubjectKeyId bool: Should the generated certificate include a subject key identifier (default: false).
ValidityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityPeriodHours int: Number of hours, after initial issuing, that the certificate will remain valid for.
ValidityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses List<String>: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
caCertPem String: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
caKeyAlgorithm String: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
caPrivateKeyPem String: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
certPem String: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
certRequestPem String: Certificate request data in PEM (RFC 1421) format.
earlyRenewalHours Integer
isCaCertificate Boolean: Is the generated certificate representing a Certificate Authority (CA) (default: false).
readyForRenewal Boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
setSubjectKeyId Boolean: Should the generated certificate include a subject key identifier (default: false).
validityEndTime String: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityPeriodHours Integer: Number of hours, after initial issuing, that the certificate will remain valid for.
validityStartTime String: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses string[]: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
caCertPem string: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
caKeyAlgorithm string: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
caPrivateKeyPem string: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
certPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
certRequestPem string: Certificate request data in PEM (RFC 1421) format.
earlyRenewalHours number
isCaCertificate boolean: Is the generated certificate representing a Certificate Authority (CA) (default: false).
readyForRenewal boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
setSubjectKeyId boolean: Should the generated certificate include a subject key identifier (default: false).
validityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityPeriodHours number: Number of hours, after initial issuing, that the certificate will remain valid for.
validityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowed_uses Sequence[str]: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
ca_cert_pem str: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
ca_key_algorithm str: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
ca_private_key_pem str: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
cert_pem str: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
cert_request_pem str: Certificate request data in PEM (RFC 1421) format.
early_renewal_hours int
is_ca_certificate bool: Is the generated certificate representing a Certificate Authority (CA) (default: false).
ready_for_renewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
set_subject_key_id bool: Should the generated certificate include a subject key identifier (default: false).
validity_end_time str: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validity_period_hours int: Number of hours, after initial issuing, that the certificate will remain valid for.
validity_start_time str: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses List<String>: List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
caCertPem String: Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
caKeyAlgorithm String: Name of the algorithm used when generating the private key provided in ca_private_key_pem.
caPrivateKeyPem String: Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
certPem String: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
certRequestPem String: Certificate request data in PEM (RFC 1421) format.
earlyRenewalHours Number
isCaCertificate Boolean: Is the generated certificate representing a Certificate Authority (CA) (default: false).
readyForRenewal Boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
setSubjectKeyId Boolean: Should the generated certificate include a subject key identifier (default: false).
validityEndTime String: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityPeriodHours Number: Number of hours, after initial issuing, that the certificate will remain valid for.
validityStartTime String: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

Package Details

Repository: TLS pulumi/pulumi-tls
License: Apache-2.0
Notes: This Pulumi package is based on the tls Terraform Provider.

TLS v5.2.0 published on Thursday, Apr 24, 2025 by Pulumi

pulumi/pulumi-tls

tls.LocallySignedCert

On this page

On this page

Create LocallySignedCert Resource

Constructor syntax

Parameters

Constructor example

LocallySignedCert Resource Properties

Inputs

Outputs

Look up Existing LocallySignedCert Resource

Package Details

On this page

On this page