alicloud.sslcertificatesservicepca.Cert

Alibaba Cloud v3.94.0, Feb 3 26

Alibaba Cloud v3.94.0 published on Tuesday, Feb 3, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

Alibaba Cloud v3.94.0 published on Tuesday, Feb 3, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const root = new alicloud.sslcertificatesservicepca.Certificate("root", {
    organization: "a",
    years: 1,
    locality: "a",
    organizationUnit: "a",
    state: "a",
    commonName: "cbc.certqa.cn",
});
const sub = new alicloud.sslcertificatesservicepca.Certificate("sub", {
    parentIdentifier: root.id,
    organization: "a",
    years: 1,
    locality: "a",
    organizationUnit: "a",
    state: "a",
    commonName: "cbc.certqa.cn",
    algorithm: "RSA_2048",
    certificateType: "SUB_ROOT",
    enableCrl: true,
});
const _default = new alicloud.sslcertificatesservicepca.Cert("default", {
    immediately: 0,
    organization: "terraform",
    years: 1,
    uploadFlag: 0,
    locality: "terraform",
    months: 1,
    customIdentifier: "181",
    algorithm: "RSA_2048",
    parentIdentifier: sub.id,
    sanValue: "somebody@example.com",
    enableCrl: 1,
    organizationUnit: "aliyun",
    state: "Beijing",
    beforeTime: 1767948807,
    days: 1,
    sanType: "1",
    afterTime: 1768035207,
    countryCode: "cn",
    commonName: "exampleTerraform",
    aliasName: "AliasName",
    status: "ISSUE",
});

import pulumi
import pulumi_alicloud as alicloud

root = alicloud.sslcertificatesservicepca.Certificate("root",
    organization="a",
    years=1,
    locality="a",
    organization_unit="a",
    state="a",
    common_name="cbc.certqa.cn")
sub = alicloud.sslcertificatesservicepca.Certificate("sub",
    parent_identifier=root.id,
    organization="a",
    years=1,
    locality="a",
    organization_unit="a",
    state="a",
    common_name="cbc.certqa.cn",
    algorithm="RSA_2048",
    certificate_type="SUB_ROOT",
    enable_crl=True)
default = alicloud.sslcertificatesservicepca.Cert("default",
    immediately=0,
    organization="terraform",
    years=1,
    upload_flag=0,
    locality="terraform",
    months=1,
    custom_identifier="181",
    algorithm="RSA_2048",
    parent_identifier=sub.id,
    san_value="somebody@example.com",
    enable_crl=1,
    organization_unit="aliyun",
    state="Beijing",
    before_time=1767948807,
    days=1,
    san_type="1",
    after_time=1768035207,
    country_code="cn",
    common_name="exampleTerraform",
    alias_name="AliasName",
    status="ISSUE")

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/sslcertificatesservicepca"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		root, err := sslcertificatesservicepca.NewCertificate(ctx, "root", &sslcertificatesservicepca.CertificateArgs{
			Organization:     pulumi.String("a"),
			Years:            pulumi.Int(1),
			Locality:         pulumi.String("a"),
			OrganizationUnit: pulumi.String("a"),
			State:            pulumi.String("a"),
			CommonName:       pulumi.String("cbc.certqa.cn"),
		})
		if err != nil {
			return err
		}
		sub, err := sslcertificatesservicepca.NewCertificate(ctx, "sub", &sslcertificatesservicepca.CertificateArgs{
			ParentIdentifier: root.ID(),
			Organization:     pulumi.String("a"),
			Years:            pulumi.Int(1),
			Locality:         pulumi.String("a"),
			OrganizationUnit: pulumi.String("a"),
			State:            pulumi.String("a"),
			CommonName:       pulumi.String("cbc.certqa.cn"),
			Algorithm:        pulumi.String("RSA_2048"),
			CertificateType:  pulumi.String("SUB_ROOT"),
			EnableCrl:        pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = sslcertificatesservicepca.NewCert(ctx, "default", &sslcertificatesservicepca.CertArgs{
			Immediately:      pulumi.Int(0),
			Organization:     pulumi.String("terraform"),
			Years:            pulumi.Int(1),
			UploadFlag:       pulumi.Int(0),
			Locality:         pulumi.String("terraform"),
			Months:           pulumi.Int(1),
			CustomIdentifier: pulumi.String("181"),
			Algorithm:        pulumi.String("RSA_2048"),
			ParentIdentifier: sub.ID(),
			SanValue:         pulumi.String("somebody@example.com"),
			EnableCrl:        pulumi.Int(1),
			OrganizationUnit: pulumi.String("aliyun"),
			State:            pulumi.String("Beijing"),
			BeforeTime:       pulumi.Int(1767948807),
			Days:             pulumi.Int(1),
			SanType:          pulumi.String("1"),
			AfterTime:        pulumi.Int(1768035207),
			CountryCode:      pulumi.String("cn"),
			CommonName:       pulumi.String("exampleTerraform"),
			AliasName:        pulumi.String("AliasName"),
			Status:           pulumi.String("ISSUE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var root = new AliCloud.SslCertificatesServicePca.Certificate("root", new()
    {
        Organization = "a",
        Years = 1,
        Locality = "a",
        OrganizationUnit = "a",
        State = "a",
        CommonName = "cbc.certqa.cn",
    });

    var sub = new AliCloud.SslCertificatesServicePca.Certificate("sub", new()
    {
        ParentIdentifier = root.Id,
        Organization = "a",
        Years = 1,
        Locality = "a",
        OrganizationUnit = "a",
        State = "a",
        CommonName = "cbc.certqa.cn",
        Algorithm = "RSA_2048",
        CertificateType = "SUB_ROOT",
        EnableCrl = true,
    });

    var @default = new AliCloud.SslCertificatesServicePca.Cert("default", new()
    {
        Immediately = 0,
        Organization = "terraform",
        Years = 1,
        UploadFlag = 0,
        Locality = "terraform",
        Months = 1,
        CustomIdentifier = "181",
        Algorithm = "RSA_2048",
        ParentIdentifier = sub.Id,
        SanValue = "somebody@example.com",
        EnableCrl = 1,
        OrganizationUnit = "aliyun",
        State = "Beijing",
        BeforeTime = 1767948807,
        Days = 1,
        SanType = "1",
        AfterTime = 1768035207,
        CountryCode = "cn",
        CommonName = "exampleTerraform",
        AliasName = "AliasName",
        Status = "ISSUE",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.sslcertificatesservicepca.Certificate;
import com.pulumi.alicloud.sslcertificatesservicepca.CertificateArgs;
import com.pulumi.alicloud.sslcertificatesservicepca.Cert;
import com.pulumi.alicloud.sslcertificatesservicepca.CertArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var root = new Certificate("root", CertificateArgs.builder()
            .organization("a")
            .years(1)
            .locality("a")
            .organizationUnit("a")
            .state("a")
            .commonName("cbc.certqa.cn")
            .build());

        var sub = new Certificate("sub", CertificateArgs.builder()
            .parentIdentifier(root.id())
            .organization("a")
            .years(1)
            .locality("a")
            .organizationUnit("a")
            .state("a")
            .commonName("cbc.certqa.cn")
            .algorithm("RSA_2048")
            .certificateType("SUB_ROOT")
            .enableCrl(true)
            .build());

        var default_ = new Cert("default", CertArgs.builder()
            .immediately(0)
            .organization("terraform")
            .years(1)
            .uploadFlag(0)
            .locality("terraform")
            .months(1)
            .customIdentifier("181")
            .algorithm("RSA_2048")
            .parentIdentifier(sub.id())
            .sanValue("somebody@example.com")
            .enableCrl(1)
            .organizationUnit("aliyun")
            .state("Beijing")
            .beforeTime(1767948807)
            .days(1)
            .sanType("1")
            .afterTime(1768035207)
            .countryCode("cn")
            .commonName("exampleTerraform")
            .aliasName("AliasName")
            .status("ISSUE")
            .build());

    }
}

resources:
  root:
    type: alicloud:sslcertificatesservicepca:Certificate
    properties:
      organization: a
      years: '1'
      locality: a
      organizationUnit: a
      state: a
      commonName: cbc.certqa.cn
  sub:
    type: alicloud:sslcertificatesservicepca:Certificate
    properties:
      parentIdentifier: ${root.id}
      organization: a
      years: '1'
      locality: a
      organizationUnit: a
      state: a
      commonName: cbc.certqa.cn
      algorithm: RSA_2048
      certificateType: SUB_ROOT
      enableCrl: true
  default:
    type: alicloud:sslcertificatesservicepca:Cert
    properties:
      immediately: '0'
      organization: terraform
      years: '1'
      uploadFlag: '0'
      locality: terraform
      months: '1'
      customIdentifier: '181'
      algorithm: RSA_2048
      parentIdentifier: ${sub.id}
      sanValue: somebody@example.com
      enableCrl: '1'
      organizationUnit: aliyun
      state: Beijing
      beforeTime: '1767948807'
      days: '1'
      sanType: '1'
      afterTime: '1768035207'
      countryCode: cn
      commonName: exampleTerraform
      aliasName: AliasName
      status: ISSUE

📚 Need more examples? VIEW MORE EXAMPLES

Create Cert Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Cert(name: string, args: CertArgs, opts?: CustomResourceOptions);

@overload
def Cert(resource_name: str,
         args: CertArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def Cert(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         parent_identifier: Optional[str] = None,
         locality: Optional[str] = None,
         organization: Optional[str] = None,
         before_time: Optional[int] = None,
         common_name: Optional[str] = None,
         country_code: Optional[str] = None,
         custom_identifier: Optional[str] = None,
         days: Optional[int] = None,
         enable_crl: Optional[int] = None,
         immediately: Optional[int] = None,
         organization_unit: Optional[str] = None,
         alias_name: Optional[str] = None,
         months: Optional[int] = None,
         after_time: Optional[int] = None,
         algorithm: Optional[str] = None,
         resource_group_id: Optional[str] = None,
         san_type: Optional[str] = None,
         san_value: Optional[str] = None,
         state: Optional[str] = None,
         status: Optional[str] = None,
         tags: Optional[Mapping[str, str]] = None,
         upload_flag: Optional[int] = None,
         years: Optional[int] = None)

func NewCert(ctx *Context, name string, args CertArgs, opts ...ResourceOption) (*Cert, error)

public Cert(string name, CertArgs args, CustomResourceOptions? opts = null)

public Cert(String name, CertArgs args)
public Cert(String name, CertArgs args, CustomResourceOptions options)

type: alicloud:sslcertificatesservicepca:Cert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CertArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var certResource = new AliCloud.SslCertificatesServicePca.Cert("certResource", new()
{
    ParentIdentifier = "string",
    Locality = "string",
    Organization = "string",
    BeforeTime = 0,
    CommonName = "string",
    CountryCode = "string",
    CustomIdentifier = "string",
    Days = 0,
    EnableCrl = 0,
    Immediately = 0,
    OrganizationUnit = "string",
    AliasName = "string",
    Months = 0,
    AfterTime = 0,
    Algorithm = "string",
    ResourceGroupId = "string",
    SanType = "string",
    SanValue = "string",
    State = "string",
    Status = "string",
    Tags = 
    {
        { "string", "string" },
    },
    UploadFlag = 0,
    Years = 0,
});

example, err := sslcertificatesservicepca.NewCert(ctx, "certResource", &sslcertificatesservicepca.CertArgs{
	ParentIdentifier: pulumi.String("string"),
	Locality:         pulumi.String("string"),
	Organization:     pulumi.String("string"),
	BeforeTime:       pulumi.Int(0),
	CommonName:       pulumi.String("string"),
	CountryCode:      pulumi.String("string"),
	CustomIdentifier: pulumi.String("string"),
	Days:             pulumi.Int(0),
	EnableCrl:        pulumi.Int(0),
	Immediately:      pulumi.Int(0),
	OrganizationUnit: pulumi.String("string"),
	AliasName:        pulumi.String("string"),
	Months:           pulumi.Int(0),
	AfterTime:        pulumi.Int(0),
	Algorithm:        pulumi.String("string"),
	ResourceGroupId:  pulumi.String("string"),
	SanType:          pulumi.String("string"),
	SanValue:         pulumi.String("string"),
	State:            pulumi.String("string"),
	Status:           pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	UploadFlag: pulumi.Int(0),
	Years:      pulumi.Int(0),
})

var certResource = new Cert("certResource", CertArgs.builder()
    .parentIdentifier("string")
    .locality("string")
    .organization("string")
    .beforeTime(0)
    .commonName("string")
    .countryCode("string")
    .customIdentifier("string")
    .days(0)
    .enableCrl(0)
    .immediately(0)
    .organizationUnit("string")
    .aliasName("string")
    .months(0)
    .afterTime(0)
    .algorithm("string")
    .resourceGroupId("string")
    .sanType("string")
    .sanValue("string")
    .state("string")
    .status("string")
    .tags(Map.of("string", "string"))
    .uploadFlag(0)
    .years(0)
    .build());

cert_resource = alicloud.sslcertificatesservicepca.Cert("certResource",
    parent_identifier="string",
    locality="string",
    organization="string",
    before_time=0,
    common_name="string",
    country_code="string",
    custom_identifier="string",
    days=0,
    enable_crl=0,
    immediately=0,
    organization_unit="string",
    alias_name="string",
    months=0,
    after_time=0,
    algorithm="string",
    resource_group_id="string",
    san_type="string",
    san_value="string",
    state="string",
    status="string",
    tags={
        "string": "string",
    },
    upload_flag=0,
    years=0)

const certResource = new alicloud.sslcertificatesservicepca.Cert("certResource", {
    parentIdentifier: "string",
    locality: "string",
    organization: "string",
    beforeTime: 0,
    commonName: "string",
    countryCode: "string",
    customIdentifier: "string",
    days: 0,
    enableCrl: 0,
    immediately: 0,
    organizationUnit: "string",
    aliasName: "string",
    months: 0,
    afterTime: 0,
    algorithm: "string",
    resourceGroupId: "string",
    sanType: "string",
    sanValue: "string",
    state: "string",
    status: "string",
    tags: {
        string: "string",
    },
    uploadFlag: 0,
    years: 0,
});

type: alicloud:sslcertificatesservicepca:Cert
properties:
    afterTime: 0
    algorithm: string
    aliasName: string
    beforeTime: 0
    commonName: string
    countryCode: string
    customIdentifier: string
    days: 0
    enableCrl: 0
    immediately: 0
    locality: string
    months: 0
    organization: string
    organizationUnit: string
    parentIdentifier: string
    resourceGroupId: string
    sanType: string
    sanValue: string
    state: string
    status: string
    tags:
        string: string
    uploadFlag: 0
    years: 0

Cert Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Cert resource accepts the following input properties:

ParentIdentifier string

The unique identifier of the subordinate CA certificate that issued this certificate.

AfterTime int

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Algorithm string

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

The encryption algorithm of the client certificate must match that of the subordinate CA certificate, but the key length may differ. For example, if the key algorithm of the subordinate CA certificate is RSA_2048, the key algorithm of the client certificate must be one of RSA_1024, RSA_2048, or RSA_4096.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

AliasName string

The name assigned to the issued certificate.

BeforeTime int

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

CommonName string

Name of the certificate subject. For a Client Authentication (ClientAuth) certificate, the subject is typically an individual, company, organization, or application. We recommend using the common name of the subject—for example, Zhang San, Alibaba, Alibaba Cloud KMS, or Tmall Genie.

CountryCode string

Country code of the organization associated with the subordinate CA certificate that issued this certificate.
For the meanings of different country codes, see the International Codes section in Manage Company Information.

CustomIdentifier string

A user-defined unique identifier.

Days int

Validity period of the client certificate, in days.

The days, before_time, and after_time parameters cannot all be empty. Additionally, before_time and after_time must either both be set or both remain unset. The specific rules are as follows:

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

EnableCrl int

Whether to include the CRL URL. Valid values:

Immediately int

Specifies whether to return the digital certificate immediately. Valid values:

Locality string

The name of the city where the organization associated with the certificate is located. Chinese characters, English letters, and other characters are supported. By default, this value is the same as the city name of the organization associated with the issuing subordinate CA certificate.

Months int

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Organization string

Name of the organization associated with the subordinate CA certificate that issued this certificate.

OrganizationUnit string

Department name. Default: Aliyun CDN.

ResourceGroupId string

The resource group ID. You can obtain this ID by calling the ListResources operation.

SanType string

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

SanValue string

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

State string

The name of the province, municipality, or autonomous region where the certificate's organization is located. Chinese and English characters are supported. By default, this value is the same as the province, municipality, or autonomous region of the organization associated with the subordinate CA certificate that issued this certificate. The name of the state or province where the certificate's organization is located. Chinese and English characters are supported. By default, this value is the same as the state or province of the organization associated with the subordinate CA certificate that issued this certificate.

Status string

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

Tags Dictionary<string, string>

Information about the queried instances and their associated tags.

UploadFlag int

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

Years int

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ParentIdentifier string

The unique identifier of the subordinate CA certificate that issued this certificate.

AfterTime int

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Algorithm string

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

AliasName string

The name assigned to the issued certificate.

BeforeTime int

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

CommonName string

CountryCode string

CustomIdentifier string

A user-defined unique identifier.

Days int

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

EnableCrl int

Whether to include the CRL URL. Valid values:

Immediately int

Specifies whether to return the digital certificate immediately. Valid values:

Locality string

Months int

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Organization string

Name of the organization associated with the subordinate CA certificate that issued this certificate.

OrganizationUnit string

Department name. Default: Aliyun CDN.

ResourceGroupId string

The resource group ID. You can obtain this ID by calling the ListResources operation.

SanType string

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

SanValue string

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

State string

Status string

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

Tags map[string]string

Information about the queried instances and their associated tags.

UploadFlag int

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

Years int

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parentIdentifier String

The unique identifier of the subordinate CA certificate that issued this certificate.

afterTime Integer

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

algorithm String

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

aliasName String

The name assigned to the issued certificate.

beforeTime Integer

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

commonName String

countryCode String

customIdentifier String

A user-defined unique identifier.

days Integer

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

enableCrl Integer

Whether to include the CRL URL. Valid values:

immediately Integer

Specifies whether to return the digital certificate immediately. Valid values:

locality String

months Integer

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

organization String

Name of the organization associated with the subordinate CA certificate that issued this certificate.

organizationUnit String

Department name. Default: Aliyun CDN.

resourceGroupId String

The resource group ID. You can obtain this ID by calling the ListResources operation.

sanType String

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

sanValue String

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

state String

status String

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

tags Map<String,String>

Information about the queried instances and their associated tags.

uploadFlag Integer

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

years Integer

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parentIdentifier string

The unique identifier of the subordinate CA certificate that issued this certificate.

afterTime number

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

algorithm string

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

aliasName string

The name assigned to the issued certificate.

beforeTime number

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

commonName string

countryCode string

customIdentifier string

A user-defined unique identifier.

days number

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

enableCrl number

Whether to include the CRL URL. Valid values:

immediately number

Specifies whether to return the digital certificate immediately. Valid values:

locality string

months number

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

organization string

Name of the organization associated with the subordinate CA certificate that issued this certificate.

organizationUnit string

Department name. Default: Aliyun CDN.

resourceGroupId string

The resource group ID. You can obtain this ID by calling the ListResources operation.

sanType string

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

sanValue string

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

state string

status string

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

tags {[key: string]: string}

Information about the queried instances and their associated tags.

uploadFlag number

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

years number

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parent_identifier str

The unique identifier of the subordinate CA certificate that issued this certificate.

after_time int

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

algorithm str

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

alias_name str

The name assigned to the issued certificate.

before_time int

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

common_name str

country_code str

custom_identifier str

A user-defined unique identifier.

days int

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

enable_crl int

Whether to include the CRL URL. Valid values:

immediately int

Specifies whether to return the digital certificate immediately. Valid values:

locality str

months int

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

organization str

Name of the organization associated with the subordinate CA certificate that issued this certificate.

organization_unit str

Department name. Default: Aliyun CDN.

resource_group_id str

The resource group ID. You can obtain this ID by calling the ListResources operation.

san_type str

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

san_value str

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

state str

status str

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

tags Mapping[str, str]

Information about the queried instances and their associated tags.

upload_flag int

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

years int

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parentIdentifier String

The unique identifier of the subordinate CA certificate that issued this certificate.

afterTime Number

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

algorithm String

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

aliasName String

The name assigned to the issued certificate.

beforeTime Number

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

commonName String

countryCode String

customIdentifier String

A user-defined unique identifier.

days Number

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

enableCrl Number

Whether to include the CRL URL. Valid values:

immediately Number

Specifies whether to return the digital certificate immediately. Valid values:

locality String

months Number

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

organization String

Name of the organization associated with the subordinate CA certificate that issued this certificate.

organizationUnit String

Department name. Default: Aliyun CDN.

resourceGroupId String

The resource group ID. You can obtain this ID by calling the ListResources operation.

sanType String

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

sanValue String

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

state String

status String

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

tags Map<String>

Information about the queried instances and their associated tags.

uploadFlag Number

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

years Number

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Outputs

All input properties are implicitly available as output properties. Additionally, the Cert resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Cert Resource

Get an existing Cert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertState, opts?: CustomResourceOptions): Cert

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        after_time: Optional[int] = None,
        algorithm: Optional[str] = None,
        alias_name: Optional[str] = None,
        before_time: Optional[int] = None,
        common_name: Optional[str] = None,
        country_code: Optional[str] = None,
        custom_identifier: Optional[str] = None,
        days: Optional[int] = None,
        enable_crl: Optional[int] = None,
        immediately: Optional[int] = None,
        locality: Optional[str] = None,
        months: Optional[int] = None,
        organization: Optional[str] = None,
        organization_unit: Optional[str] = None,
        parent_identifier: Optional[str] = None,
        resource_group_id: Optional[str] = None,
        san_type: Optional[str] = None,
        san_value: Optional[str] = None,
        state: Optional[str] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        upload_flag: Optional[int] = None,
        years: Optional[int] = None) -> Cert

func GetCert(ctx *Context, name string, id IDInput, state *CertState, opts ...ResourceOption) (*Cert, error)

public static Cert Get(string name, Input<string> id, CertState? state, CustomResourceOptions? opts = null)

public static Cert get(String name, Output<String> id, CertState state, CustomResourceOptions options)

resources:  _:    type: alicloud:sslcertificatesservicepca:Cert    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AfterTime int

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Algorithm string

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

AliasName string

The name assigned to the issued certificate.

BeforeTime int

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

CommonName string

CountryCode string

CustomIdentifier string

A user-defined unique identifier.

Days int

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

EnableCrl int

Whether to include the CRL URL. Valid values:

Immediately int

Specifies whether to return the digital certificate immediately. Valid values:

Locality string

Months int

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Organization string

Name of the organization associated with the subordinate CA certificate that issued this certificate.

OrganizationUnit string

Department name. Default: Aliyun CDN.

ParentIdentifier string

The unique identifier of the subordinate CA certificate that issued this certificate.

ResourceGroupId string

The resource group ID. You can obtain this ID by calling the ListResources operation.

SanType string

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

SanValue string

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

State string

Status string

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

Tags Dictionary<string, string>

Information about the queried instances and their associated tags.

UploadFlag int

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

Years int

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

AfterTime int

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Algorithm string

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

AliasName string

The name assigned to the issued certificate.

BeforeTime int

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

CommonName string

CountryCode string

CustomIdentifier string

A user-defined unique identifier.

Days int

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

EnableCrl int

Whether to include the CRL URL. Valid values:

Immediately int

Specifies whether to return the digital certificate immediately. Valid values:

Locality string

Months int

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Organization string

Name of the organization associated with the subordinate CA certificate that issued this certificate.

OrganizationUnit string

Department name. Default: Aliyun CDN.

ParentIdentifier string

The unique identifier of the subordinate CA certificate that issued this certificate.

ResourceGroupId string

The resource group ID. You can obtain this ID by calling the ListResources operation.

SanType string

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

SanValue string

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

State string

Status string

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

Tags map[string]string

Information about the queried instances and their associated tags.

UploadFlag int

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

Years int

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

afterTime Integer

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

algorithm String

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

aliasName String

The name assigned to the issued certificate.

beforeTime Integer

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

commonName String

countryCode String

customIdentifier String

A user-defined unique identifier.

days Integer

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

enableCrl Integer

Whether to include the CRL URL. Valid values:

immediately Integer

Specifies whether to return the digital certificate immediately. Valid values:

locality String

months Integer

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

organization String

Name of the organization associated with the subordinate CA certificate that issued this certificate.

organizationUnit String

Department name. Default: Aliyun CDN.

parentIdentifier String

The unique identifier of the subordinate CA certificate that issued this certificate.

resourceGroupId String

The resource group ID. You can obtain this ID by calling the ListResources operation.

sanType String

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

sanValue String

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

state String

status String

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

tags Map<String,String>

Information about the queried instances and their associated tags.

uploadFlag Integer

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

years Integer

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

afterTime number

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

algorithm string

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

aliasName string

The name assigned to the issued certificate.

beforeTime number

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

commonName string

countryCode string

customIdentifier string

A user-defined unique identifier.

days number

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

enableCrl number

Whether to include the CRL URL. Valid values:

immediately number

Specifies whether to return the digital certificate immediately. Valid values:

locality string

months number

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

organization string

Name of the organization associated with the subordinate CA certificate that issued this certificate.

organizationUnit string

Department name. Default: Aliyun CDN.

parentIdentifier string

The unique identifier of the subordinate CA certificate that issued this certificate.

resourceGroupId string

The resource group ID. You can obtain this ID by calling the ListResources operation.

sanType string

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

sanValue string

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

state string

status string

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

tags {[key: string]: string}

Information about the queried instances and their associated tags.

uploadFlag number

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

years number

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

after_time int

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

algorithm str

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

alias_name str

The name assigned to the issued certificate.

before_time int

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

common_name str

country_code str

custom_identifier str

A user-defined unique identifier.

days int

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

enable_crl int

Whether to include the CRL URL. Valid values:

immediately int

Specifies whether to return the digital certificate immediately. Valid values:

locality str

months int

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

organization str

Name of the organization associated with the subordinate CA certificate that issued this certificate.

organization_unit str

Department name. Default: Aliyun CDN.

parent_identifier str

The unique identifier of the subordinate CA certificate that issued this certificate.

resource_group_id str

The resource group ID. You can obtain this ID by calling the ListResources operation.

san_type str

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

san_value str

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

state str

status str

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

tags Mapping[str, str]

Information about the queried instances and their associated tags.

upload_flag int

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

years int

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

afterTime Number

The service expiration time of the client certificate, specified as a Unix timestamp in seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

algorithm String

The key algorithm of the client certificate. The key algorithm is specified in the format _. Valid values:

RSA_1024: corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: corresponds to the signature algorithm Sha256WithRSA.
ECC_256: corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: corresponds to the signature algorithm SM3WithSM2.

NOTE: You can call DescribeCACertificate to query the key algorithm of the subordinate CA certificate.

aliasName String

The name assigned to the issued certificate.

beforeTime Number

The issuance time of the client certificate, in timestamp format. By default, it is set to the time when you call this API. Unit: seconds.

NOTE: The before_time and after_time parameters must either both be empty or both be specified.

commonName String

countryCode String

customIdentifier String

A user-defined unique identifier.

days Number

Validity period of the client certificate, in days.

If you set the days parameter, you may optionally also set before_time and after_time.
If you do not set the days parameter, you must set both before_time and after_time.

NOTE: - If you set days, before_time, and after_time simultaneously, the validity period of the client certificate is determined by the value of days.

The validity period of the client certificate cannot exceed that of the issuing subordinate CA certificate. You can call DescribeCACertificate to check the validity period of the subordinate CA certificate.

enableCrl Number

Whether to include the CRL URL. Valid values:

immediately Number

Specifies whether to return the digital certificate immediately. Valid values:

locality String

months Number

The duration for which the certificate is purchased, in months.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

organization String

Name of the organization associated with the subordinate CA certificate that issued this certificate.

organizationUnit String

Department name. Default: Aliyun CDN.

parentIdentifier String

The unique identifier of the subordinate CA certificate that issued this certificate.

resourceGroupId String

The resource group ID. You can obtain this ID by calling the ListResources operation.

sanType String

The Subject Alternative Name (SAN) type supported by the client certificate. Valid values:

sanValue String

Specific extension information for the client certificate. You can enter multiple extensions. If you need to specify multiple extensions, separate them with commas (,).

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

state String

status String

The status of the certificate. Valid values:

REVOKE: indicates that the certificate has been revoked.

NOTE: If you want to destroy alicloud.sslcertificatesservicepca.Cert, status must be set to REVOKE

tags Map<String>

Information about the queried instances and their associated tags.

uploadFlag Number

Indicates whether the certificate has been uploaded to the SSL certificate management platform.

years Number

The duration for which the certificate is purchased, in years.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Import

SSL Certificates Pca Cert can be imported using the id, e.g.

$ pulumi import alicloud:sslcertificatesservicepca/cert:Cert example <id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.94.0 published on Tuesday, Feb 3, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

alicloud.sslcertificatesservicepca.Cert

On this page

On this page

Example Usage

Create Cert Resource

Constructor syntax

Parameters

Constructor example

Cert Resource Properties

Inputs

Outputs

Look up Existing Cert Resource

Import

Package Details

On this page

On this page