alicloud.sslcertificatesservice.PcaCertificate

Alibaba Cloud v3.94.0, Feb 3 26

Alibaba Cloud v3.94.0 published on Tuesday, Feb 3, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

Alibaba Cloud v3.94.0 published on Tuesday, Feb 3, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const _default = new alicloud.sslcertificatesservicepca.Certificate("default", {
    organization: "a",
    years: 1,
    locality: "a",
    organizationUnit: "a",
    state: "a",
    countryCode: "cn",
    commonName: "cbc.certqa.cn",
    algorithm: "RSA_2048",
});

import pulumi
import pulumi_alicloud as alicloud

default = alicloud.sslcertificatesservicepca.Certificate("default",
    organization="a",
    years=1,
    locality="a",
    organization_unit="a",
    state="a",
    country_code="cn",
    common_name="cbc.certqa.cn",
    algorithm="RSA_2048")

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/sslcertificatesservicepca"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sslcertificatesservicepca.NewCertificate(ctx, "default", &sslcertificatesservicepca.CertificateArgs{
			Organization:     pulumi.String("a"),
			Years:            pulumi.Int(1),
			Locality:         pulumi.String("a"),
			OrganizationUnit: pulumi.String("a"),
			State:            pulumi.String("a"),
			CountryCode:      pulumi.String("cn"),
			CommonName:       pulumi.String("cbc.certqa.cn"),
			Algorithm:        pulumi.String("RSA_2048"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var @default = new AliCloud.SslCertificatesServicePca.Certificate("default", new()
    {
        Organization = "a",
        Years = 1,
        Locality = "a",
        OrganizationUnit = "a",
        State = "a",
        CountryCode = "cn",
        CommonName = "cbc.certqa.cn",
        Algorithm = "RSA_2048",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.sslcertificatesservicepca.Certificate;
import com.pulumi.alicloud.sslcertificatesservicepca.CertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Certificate("default", CertificateArgs.builder()
            .organization("a")
            .years(1)
            .locality("a")
            .organizationUnit("a")
            .state("a")
            .countryCode("cn")
            .commonName("cbc.certqa.cn")
            .algorithm("RSA_2048")
            .build());

    }
}

resources:
  default:
    type: alicloud:sslcertificatesservicepca:Certificate
    properties:
      organization: a
      years: '1'
      locality: a
      organizationUnit: a
      state: a
      countryCode: cn
      commonName: cbc.certqa.cn
      algorithm: RSA_2048

📚 Need more examples? VIEW MORE EXAMPLES

Create PcaCertificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PcaCertificate(name: string, args: PcaCertificateArgs, opts?: CustomResourceOptions);

@overload
def PcaCertificate(resource_name: str,
                   args: PcaCertificateArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def PcaCertificate(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   algorithm: Optional[str] = None,
                   alias_name: Optional[str] = None,
                   certificate_type: Optional[str] = None,
                   common_name: Optional[str] = None,
                   country_code: Optional[str] = None,
                   crl_day: Optional[int] = None,
                   enable_crl: Optional[bool] = None,
                   extended_key_usages: Optional[Sequence[str]] = None,
                   locality: Optional[str] = None,
                   organization: Optional[str] = None,
                   organization_unit: Optional[str] = None,
                   parent_identifier: Optional[str] = None,
                   path_len_constraint: Optional[int] = None,
                   resource_group_id: Optional[str] = None,
                   state: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None,
                   years: Optional[int] = None)

func NewPcaCertificate(ctx *Context, name string, args PcaCertificateArgs, opts ...ResourceOption) (*PcaCertificate, error)

public PcaCertificate(string name, PcaCertificateArgs args, CustomResourceOptions? opts = null)

public PcaCertificate(String name, PcaCertificateArgs args)
public PcaCertificate(String name, PcaCertificateArgs args, CustomResourceOptions options)

type: alicloud:sslcertificatesservice:PcaCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PcaCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PcaCertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PcaCertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PcaCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PcaCertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

PcaCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PcaCertificate resource accepts the following input properties:

CommonName string

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

Locality string

Name of the city where the organization is located. Support the use of Chinese, English characters.

Organization string

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

OrganizationUnit string

The name of the department or branch under the organization. Support the use of Chinese, English characters.

State string

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

Years int

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

Algorithm string

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

AliasName string

CertificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

CountryCode string

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

CrlDay int

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

EnableCrl bool

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

ExtendedKeyUsages List<string>

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

ParentIdentifier string

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

PathLenConstraint int

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

ResourceGroupId string

A resource property field representing the resource group.

Tags Dictionary<string, string>

The tag of the resource.

CommonName string

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

Locality string

Name of the city where the organization is located. Support the use of Chinese, English characters.

Organization string

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

OrganizationUnit string

The name of the department or branch under the organization. Support the use of Chinese, English characters.

State string

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

Years int

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

Algorithm string

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

AliasName string

CertificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

CountryCode string

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

CrlDay int

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

EnableCrl bool

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

ExtendedKeyUsages []string

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

ParentIdentifier string

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

PathLenConstraint int

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

ResourceGroupId string

A resource property field representing the resource group.

Tags map[string]string

The tag of the resource.

commonName String

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

locality String

Name of the city where the organization is located. Support the use of Chinese, English characters.

organization String

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

organizationUnit String

The name of the department or branch under the organization. Support the use of Chinese, English characters.

state String

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

years Integer

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

algorithm String

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

aliasName String

certificateType String

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

countryCode String

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

crlDay Integer

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

enableCrl Boolean

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

extendedKeyUsages List<String>

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

parentIdentifier String

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

pathLenConstraint Integer

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

resourceGroupId String

A resource property field representing the resource group.

tags Map<String,String>

The tag of the resource.

commonName string

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

locality string

Name of the city where the organization is located. Support the use of Chinese, English characters.

organization string

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

organizationUnit string

The name of the department or branch under the organization. Support the use of Chinese, English characters.

state string

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

years number

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

algorithm string

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

aliasName string

certificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

countryCode string

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

crlDay number

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

enableCrl boolean

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

extendedKeyUsages string[]

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

parentIdentifier string

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

pathLenConstraint number

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

resourceGroupId string

A resource property field representing the resource group.

tags {[key: string]: string}

The tag of the resource.

common_name str

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

locality str

Name of the city where the organization is located. Support the use of Chinese, English characters.

organization str

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

organization_unit str

The name of the department or branch under the organization. Support the use of Chinese, English characters.

state str

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

years int

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

algorithm str

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

alias_name str

certificate_type str

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

country_code str

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

crl_day int

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

enable_crl bool

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

extended_key_usages Sequence[str]

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

parent_identifier str

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

path_len_constraint int

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

resource_group_id str

A resource property field representing the resource group.

tags Mapping[str, str]

The tag of the resource.

commonName String

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

locality String

Name of the city where the organization is located. Support the use of Chinese, English characters.

organization String

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

organizationUnit String

The name of the department or branch under the organization. Support the use of Chinese, English characters.

state String

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

years Number

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

algorithm String

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

aliasName String

certificateType String

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

countryCode String

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

crlDay Number

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

enableCrl Boolean

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

extendedKeyUsages List<String>

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

parentIdentifier String

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

pathLenConstraint Number

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

resourceGroupId String

A resource property field representing the resource group.

tags Map<String>

The tag of the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the PcaCertificate resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Status string: The status of the CA certificate.

Id string: The provider-assigned unique ID for this managed resource.
Status string: The status of the CA certificate.

id String: The provider-assigned unique ID for this managed resource.
status String: The status of the CA certificate.

id string: The provider-assigned unique ID for this managed resource.
status string: The status of the CA certificate.

id str: The provider-assigned unique ID for this managed resource.
status str: The status of the CA certificate.

id String: The provider-assigned unique ID for this managed resource.
status String: The status of the CA certificate.

Look up Existing PcaCertificate Resource

Get an existing PcaCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PcaCertificateState, opts?: CustomResourceOptions): PcaCertificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        algorithm: Optional[str] = None,
        alias_name: Optional[str] = None,
        certificate_type: Optional[str] = None,
        common_name: Optional[str] = None,
        country_code: Optional[str] = None,
        crl_day: Optional[int] = None,
        enable_crl: Optional[bool] = None,
        extended_key_usages: Optional[Sequence[str]] = None,
        locality: Optional[str] = None,
        organization: Optional[str] = None,
        organization_unit: Optional[str] = None,
        parent_identifier: Optional[str] = None,
        path_len_constraint: Optional[int] = None,
        resource_group_id: Optional[str] = None,
        state: Optional[str] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        years: Optional[int] = None) -> PcaCertificate

func GetPcaCertificate(ctx *Context, name string, id IDInput, state *PcaCertificateState, opts ...ResourceOption) (*PcaCertificate, error)

public static PcaCertificate Get(string name, Input<string> id, PcaCertificateState? state, CustomResourceOptions? opts = null)

public static PcaCertificate get(String name, Output<String> id, PcaCertificateState state, CustomResourceOptions options)

resources:  _:    type: alicloud:sslcertificatesservice:PcaCertificate    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Algorithm string

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

AliasName string

CertificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

CommonName string

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

CountryCode string

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

CrlDay int

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

EnableCrl bool

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

ExtendedKeyUsages List<string>

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

Locality string

Name of the city where the organization is located. Support the use of Chinese, English characters.

Organization string

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

OrganizationUnit string

The name of the department or branch under the organization. Support the use of Chinese, English characters.

ParentIdentifier string

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

PathLenConstraint int

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

ResourceGroupId string

A resource property field representing the resource group.

State string

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

Status string

The status of the CA certificate.

Tags Dictionary<string, string>

The tag of the resource.

Years int

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

Algorithm string

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

AliasName string

CertificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

CommonName string

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

CountryCode string

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

CrlDay int

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

EnableCrl bool

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

ExtendedKeyUsages []string

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

Locality string

Name of the city where the organization is located. Support the use of Chinese, English characters.

Organization string

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

OrganizationUnit string

The name of the department or branch under the organization. Support the use of Chinese, English characters.

ParentIdentifier string

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

PathLenConstraint int

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

ResourceGroupId string

A resource property field representing the resource group.

State string

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

Status string

The status of the CA certificate.

Tags map[string]string

The tag of the resource.

Years int

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

algorithm String

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

aliasName String

certificateType String

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

commonName String

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

countryCode String

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

crlDay Integer

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

enableCrl Boolean

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

extendedKeyUsages List<String>

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

locality String

Name of the city where the organization is located. Support the use of Chinese, English characters.

organization String

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

organizationUnit String

The name of the department or branch under the organization. Support the use of Chinese, English characters.

parentIdentifier String

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

pathLenConstraint Integer

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

resourceGroupId String

A resource property field representing the resource group.

state String

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

status String

The status of the CA certificate.

tags Map<String,String>

The tag of the resource.

years Integer

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

algorithm string

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

aliasName string

certificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

commonName string

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

countryCode string

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

crlDay number

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

enableCrl boolean

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

extendedKeyUsages string[]

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

locality string

Name of the city where the organization is located. Support the use of Chinese, English characters.

organization string

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

organizationUnit string

The name of the department or branch under the organization. Support the use of Chinese, English characters.

parentIdentifier string

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

pathLenConstraint number

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

resourceGroupId string

A resource property field representing the resource group.

state string

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

status string

The status of the CA certificate.

tags {[key: string]: string}

The tag of the resource.

years number

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

algorithm str

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

alias_name str

certificate_type str

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

common_name str

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

country_code str

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

crl_day int

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

enable_crl bool

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

extended_key_usages Sequence[str]

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

locality str

Name of the city where the organization is located. Support the use of Chinese, English characters.

organization str

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

organization_unit str

The name of the department or branch under the organization. Support the use of Chinese, English characters.

parent_identifier str

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

path_len_constraint int

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

resource_group_id str

A resource property field representing the resource group.

state str

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

status str

The status of the CA certificate.

tags Mapping[str, str]

The tag of the resource.

years int

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

algorithm String

The key algorithm type of the CA certificate. The key algorithm is in the _ format. Valid values:

RSA_1024: The corresponding signature algorithm is Sha256WithRSA.
RSA_2048: The corresponding signature algorithm is Sha256WithRSA.
RSA_4096: The corresponding signature algorithm is Sha256WithRSA.
ECC_256: The signature algorithm is Sha256WithECDSA.
ECC_384: The corresponding signature algorithm is Sha256WithECDSA.
ECC_512: The signature algorithm is Sha256WithECDSA.
SM2_256: The corresponding signature algorithm is SM3WithSM2.

NOTE: If certificate_type is set to SUB_ROOT, algorithm is required.

aliasName String

certificateType String

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

commonName String

The common name or abbreviation of the organization. Support the use of Chinese, English characters.

countryCode String

The code of the country or region in which the organization is located, using a two-digit capital abbreviation. For example, CN represents China and US represents the United States.

crlDay Number

The validity period for the CRL, in days. Valid values: 1 to 365. Note: crl_day takes effect only if certificate_type is set to SUB_ROOT.

enableCrl Boolean

This setting turns the Certificate Revocation List (CRL) service on or off. Valid values:

extendedKeyUsages List<String>

The extended key usages. Note: extended_key_usages takes effect only if certificate_type is set to SUB_ROOT.

locality String

Name of the city where the organization is located. Support the use of Chinese, English characters.

organization String

The name of the organization (corresponding to your enterprise or company) associated with the CA certificate. Support the use of Chinese, English characters.

organizationUnit String

The name of the department or branch under the organization. Support the use of Chinese, English characters.

parentIdentifier String

The unique identifier of the root CA certificate.

NOTE: If certificate_type is set to SUB_ROOT, parent_identifier is required.

pathLenConstraint Number

The certificate path length. Default value: 0. Note: path_len_constraint takes effect only if certificate_type is set to SUB_ROOT.

resourceGroupId String

A resource property field representing the resource group.

state String

The name of the province, municipality, or autonomous region in which the organization is located. Support the use of Chinese, English characters.

status String

The status of the CA certificate.

tags Map<String>

The tag of the resource.

years Number

The validity period of the CA certificate, in years.

NOTE: It is recommended to set to 5 to 10 years.

Import

SSL Certificates Pca Certificate can be imported using the id, e.g.

$ pulumi import alicloud:sslcertificatesservice/pcaCertificate:PcaCertificate example <id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.94.0 published on Tuesday, Feb 3, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

alicloud.sslcertificatesservice.PcaCertificate

On this page

On this page

Example Usage

Create PcaCertificate Resource

Constructor syntax

Parameters

PcaCertificate Resource Properties

Inputs

Outputs

Look up Existing PcaCertificate Resource

Import

Package Details

On this page

On this page