alicloud.sslcertificatesservicepca.Certificate

Alibaba Cloud v3.102.0, May 10 26

Viewing docs for Alibaba Cloud v3.102.0
published on Sunday, May 10, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

Viewing docs for Alibaba Cloud v3.102.0
published on Sunday, May 10, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const _default = new alicloud.sslcertificatesservicepca.Certificate("default", {
    organization: "a",
    years: 1,
    locality: "a",
    organizationUnit: "a",
    state: "a",
    countryCode: "cn",
    commonName: "cbc.certqa.cn",
    algorithm: "RSA_2048",
});

import pulumi
import pulumi_alicloud as alicloud

default = alicloud.sslcertificatesservicepca.Certificate("default",
    organization="a",
    years=1,
    locality="a",
    organization_unit="a",
    state="a",
    country_code="cn",
    common_name="cbc.certqa.cn",
    algorithm="RSA_2048")

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/sslcertificatesservicepca"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := sslcertificatesservicepca.NewCertificate(ctx, "default", &sslcertificatesservicepca.CertificateArgs{
			Organization:     pulumi.String("a"),
			Years:            pulumi.Int(1),
			Locality:         pulumi.String("a"),
			OrganizationUnit: pulumi.String("a"),
			State:            pulumi.String("a"),
			CountryCode:      pulumi.String("cn"),
			CommonName:       pulumi.String("cbc.certqa.cn"),
			Algorithm:        pulumi.String("RSA_2048"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var @default = new AliCloud.SslCertificatesServicePca.Certificate("default", new()
    {
        Organization = "a",
        Years = 1,
        Locality = "a",
        OrganizationUnit = "a",
        State = "a",
        CountryCode = "cn",
        CommonName = "cbc.certqa.cn",
        Algorithm = "RSA_2048",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.sslcertificatesservicepca.Certificate;
import com.pulumi.alicloud.sslcertificatesservicepca.CertificateArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Certificate("default", CertificateArgs.builder()
            .organization("a")
            .years(1)
            .locality("a")
            .organizationUnit("a")
            .state("a")
            .countryCode("cn")
            .commonName("cbc.certqa.cn")
            .algorithm("RSA_2048")
            .build());

    }
}

resources:
  default:
    type: alicloud:sslcertificatesservicepca:Certificate
    properties:
      organization: a
      years: '1'
      locality: a
      organizationUnit: a
      state: a
      countryCode: cn
      commonName: cbc.certqa.cn
      algorithm: RSA_2048

Example coming soon!

📚 Need more examples? VIEW MORE EXAMPLES

Create Certificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);

@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                locality: Optional[str] = None,
                years: Optional[int] = None,
                state: Optional[str] = None,
                common_name: Optional[str] = None,
                organization_unit: Optional[str] = None,
                organization: Optional[str] = None,
                country_code: Optional[str] = None,
                extended_key_usages: Optional[Sequence[str]] = None,
                enable_crl: Optional[bool] = None,
                crl_day: Optional[int] = None,
                algorithm: Optional[str] = None,
                parent_identifier: Optional[str] = None,
                path_len_constraint: Optional[int] = None,
                resource_group_id: Optional[str] = None,
                certificate_type: Optional[str] = None,
                tags: Optional[Mapping[str, str]] = None,
                alias_name: Optional[str] = None)

func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)

public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)

public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)

type: alicloud:sslcertificatesservicepca:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "alicloud_sslcertificatesservicepca_certificate" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var alicloudCertificateResource = new AliCloud.SslCertificatesServicePca.Certificate("alicloudCertificateResource", new()
{
    Locality = "string",
    Years = 0,
    State = "string",
    CommonName = "string",
    OrganizationUnit = "string",
    Organization = "string",
    CountryCode = "string",
    ExtendedKeyUsages = new[]
    {
        "string",
    },
    EnableCrl = false,
    CrlDay = 0,
    Algorithm = "string",
    ParentIdentifier = "string",
    PathLenConstraint = 0,
    ResourceGroupId = "string",
    CertificateType = "string",
    Tags = 
    {
        { "string", "string" },
    },
    AliasName = "string",
});

example, err := sslcertificatesservicepca.NewCertificate(ctx, "alicloudCertificateResource", &sslcertificatesservicepca.CertificateArgs{
	Locality:         pulumi.String("string"),
	Years:            pulumi.Int(0),
	State:            pulumi.String("string"),
	CommonName:       pulumi.String("string"),
	OrganizationUnit: pulumi.String("string"),
	Organization:     pulumi.String("string"),
	CountryCode:      pulumi.String("string"),
	ExtendedKeyUsages: pulumi.StringArray{
		pulumi.String("string"),
	},
	EnableCrl:         pulumi.Bool(false),
	CrlDay:            pulumi.Int(0),
	Algorithm:         pulumi.String("string"),
	ParentIdentifier:  pulumi.String("string"),
	PathLenConstraint: pulumi.Int(0),
	ResourceGroupId:   pulumi.String("string"),
	CertificateType:   pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	AliasName: pulumi.String("string"),
})

resource "alicloud_sslcertificatesservicepca_certificate" "alicloudCertificateResource" {
  locality            = "string"
  years               = 0
  state               = "string"
  common_name         = "string"
  organization_unit   = "string"
  organization        = "string"
  country_code        = "string"
  extended_key_usages = ["string"]
  enable_crl          = false
  crl_day             = 0
  algorithm           = "string"
  parent_identifier   = "string"
  path_len_constraint = 0
  resource_group_id   = "string"
  certificate_type    = "string"
  tags = {
    "string" = "string"
  }
  alias_name = "string"
}

var alicloudCertificateResource = new com.pulumi.alicloud.sslcertificatesservicepca.Certificate("alicloudCertificateResource", com.pulumi.alicloud.sslcertificatesservicepca.CertificateArgs.builder()
    .locality("string")
    .years(0)
    .state("string")
    .commonName("string")
    .organizationUnit("string")
    .organization("string")
    .countryCode("string")
    .extendedKeyUsages("string")
    .enableCrl(false)
    .crlDay(0)
    .algorithm("string")
    .parentIdentifier("string")
    .pathLenConstraint(0)
    .resourceGroupId("string")
    .certificateType("string")
    .tags(Map.of("string", "string"))
    .aliasName("string")
    .build());

alicloud_certificate_resource = alicloud.sslcertificatesservicepca.Certificate("alicloudCertificateResource",
    locality="string",
    years=0,
    state="string",
    common_name="string",
    organization_unit="string",
    organization="string",
    country_code="string",
    extended_key_usages=["string"],
    enable_crl=False,
    crl_day=0,
    algorithm="string",
    parent_identifier="string",
    path_len_constraint=0,
    resource_group_id="string",
    certificate_type="string",
    tags={
        "string": "string",
    },
    alias_name="string")

const alicloudCertificateResource = new alicloud.sslcertificatesservicepca.Certificate("alicloudCertificateResource", {
    locality: "string",
    years: 0,
    state: "string",
    commonName: "string",
    organizationUnit: "string",
    organization: "string",
    countryCode: "string",
    extendedKeyUsages: ["string"],
    enableCrl: false,
    crlDay: 0,
    algorithm: "string",
    parentIdentifier: "string",
    pathLenConstraint: 0,
    resourceGroupId: "string",
    certificateType: "string",
    tags: {
        string: "string",
    },
    aliasName: "string",
});

type: alicloud:sslcertificatesservicepca:Certificate
properties:
    algorithm: string
    aliasName: string
    certificateType: string
    commonName: string
    countryCode: string
    crlDay: 0
    enableCrl: false
    extendedKeyUsages:
        - string
    locality: string
    organization: string
    organizationUnit: string
    parentIdentifier: string
    pathLenConstraint: 0
    resourceGroupId: string
    state: string
    tags:
        string: string
    years: 0

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Certificate resource accepts the following input properties:

CommonName string

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

Locality string

The name of the city where the organization is located.

Organization string

The name of the organization associated with the CA certificate.

OrganizationUnit string

The name of the department or branch within the organization

State string

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

Years int

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

Algorithm string

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

The encryption algorithm of the root CA certificate must match the certificate algorithm of the private root CA you purchased. For example, if you selected RSA as the certificate algorithm when purchasing the private root CA, the key algorithm of the root CA certificate must be RSA_1024, RSA_2048, or RSA_4096.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

AliasName string

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

CertificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

CountryCode string

The two-letter uppercase alphabetic code representing the country or region where the organization is located. For example, CN represents China and US represents the United States. For country codes, see the International Codes section in Managing Company Information.

CrlDay int

The interval (in days) for updating the Certificate Revocation List (CRL).

EnableCrl bool

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ExtendedKeyUsages List<string>

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ParentIdentifier string

Parent node identifier.

PathLenConstraint int

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ResourceGroupId string

A resource property field representing the resource group.

Tags Dictionary<string, string>

Tags

CommonName string

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

Locality string

The name of the city where the organization is located.

Organization string

The name of the organization associated with the CA certificate.

OrganizationUnit string

The name of the department or branch within the organization

State string

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

Years int

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

Algorithm string

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

AliasName string

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

CertificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

CountryCode string

CrlDay int

The interval (in days) for updating the Certificate Revocation List (CRL).

EnableCrl bool

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ExtendedKeyUsages []string

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ParentIdentifier string

Parent node identifier.

PathLenConstraint int

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ResourceGroupId string

A resource property field representing the resource group.

Tags map[string]string

Tags

common_name string

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

locality string

The name of the city where the organization is located.

organization string

The name of the organization associated with the CA certificate.

organization_unit string

The name of the department or branch within the organization

state string

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

years number

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm string

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

alias_name string

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificate_type string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

country_code string

crl_day number

The interval (in days) for updating the Certificate Revocation List (CRL).

enable_crl bool

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extended_key_usages list(string)

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parent_identifier string

Parent node identifier.

path_len_constraint number

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resource_group_id string

A resource property field representing the resource group.

tags map(string)

Tags

commonName String

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

locality String

The name of the city where the organization is located.

organization String

The name of the organization associated with the CA certificate.

organizationUnit String

The name of the department or branch within the organization

state String

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

years Integer

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm String

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

aliasName String

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificateType String

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

countryCode String

crlDay Integer

The interval (in days) for updating the Certificate Revocation List (CRL).

enableCrl Boolean

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extendedKeyUsages List<String>

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parentIdentifier String

Parent node identifier.

pathLenConstraint Integer

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resourceGroupId String

A resource property field representing the resource group.

tags Map<String,String>

Tags

commonName string

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

locality string

The name of the city where the organization is located.

organization string

The name of the organization associated with the CA certificate.

organizationUnit string

The name of the department or branch within the organization

state string

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

years number

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm string

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

aliasName string

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

countryCode string

crlDay number

The interval (in days) for updating the Certificate Revocation List (CRL).

enableCrl boolean

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extendedKeyUsages string[]

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parentIdentifier string

Parent node identifier.

pathLenConstraint number

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resourceGroupId string

A resource property field representing the resource group.

tags {[key: string]: string}

Tags

common_name str

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

locality str

The name of the city where the organization is located.

organization str

The name of the organization associated with the CA certificate.

organization_unit str

The name of the department or branch within the organization

state str

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

years int

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm str

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

alias_name str

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificate_type str

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

country_code str

crl_day int

The interval (in days) for updating the Certificate Revocation List (CRL).

enable_crl bool

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extended_key_usages Sequence[str]

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parent_identifier str

Parent node identifier.

path_len_constraint int

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resource_group_id str

A resource property field representing the resource group.

tags Mapping[str, str]

Tags

commonName String

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

locality String

The name of the city where the organization is located.

organization String

The name of the organization associated with the CA certificate.

organizationUnit String

The name of the department or branch within the organization

state String

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

years Number

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm String

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

aliasName String

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificateType String

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

countryCode String

crlDay Number

The interval (in days) for updating the Certificate Revocation List (CRL).

enableCrl Boolean

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extendedKeyUsages List<String>

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

parentIdentifier String

Parent node identifier.

pathLenConstraint Number

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resourceGroupId String

A resource property field representing the resource group.

tags Map<String>

Tags

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Status string: The current CA status.

Id string: The provider-assigned unique ID for this managed resource.
Status string: The current CA status.

id string: The provider-assigned unique ID for this managed resource.
status string: The current CA status.

id String: The provider-assigned unique ID for this managed resource.
status String: The current CA status.

id string: The provider-assigned unique ID for this managed resource.
status string: The current CA status.

id str: The provider-assigned unique ID for this managed resource.
status str: The current CA status.

id String: The provider-assigned unique ID for this managed resource.
status String: The current CA status.

Look up Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        algorithm: Optional[str] = None,
        alias_name: Optional[str] = None,
        certificate_type: Optional[str] = None,
        common_name: Optional[str] = None,
        country_code: Optional[str] = None,
        crl_day: Optional[int] = None,
        enable_crl: Optional[bool] = None,
        extended_key_usages: Optional[Sequence[str]] = None,
        locality: Optional[str] = None,
        organization: Optional[str] = None,
        organization_unit: Optional[str] = None,
        parent_identifier: Optional[str] = None,
        path_len_constraint: Optional[int] = None,
        resource_group_id: Optional[str] = None,
        state: Optional[str] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        years: Optional[int] = None) -> Certificate

func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)

public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)

public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)

resources:  _:    type: alicloud:sslcertificatesservicepca:Certificate    get:      id: ${id}

import {
  to = alicloud_sslcertificatesservicepca_certificate.example
  id = "${id}"
}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Algorithm string

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

AliasName string

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

CertificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

CommonName string

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

CountryCode string

CrlDay int

The interval (in days) for updating the Certificate Revocation List (CRL).

EnableCrl bool

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ExtendedKeyUsages List<string>

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Locality string

The name of the city where the organization is located.

Organization string

The name of the organization associated with the CA certificate.

OrganizationUnit string

The name of the department or branch within the organization

ParentIdentifier string

Parent node identifier.

PathLenConstraint int

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ResourceGroupId string

A resource property field representing the resource group.

State string

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

Status string

The current CA status.

Tags Dictionary<string, string>

Tags

Years int

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

Algorithm string

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

AliasName string

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

CertificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

CommonName string

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

CountryCode string

CrlDay int

The interval (in days) for updating the Certificate Revocation List (CRL).

EnableCrl bool

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ExtendedKeyUsages []string

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

Locality string

The name of the city where the organization is located.

Organization string

The name of the organization associated with the CA certificate.

OrganizationUnit string

The name of the department or branch within the organization

ParentIdentifier string

Parent node identifier.

PathLenConstraint int

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

ResourceGroupId string

A resource property field representing the resource group.

State string

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

Status string

The current CA status.

Tags map[string]string

Tags

Years int

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm string

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

alias_name string

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificate_type string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

common_name string

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

country_code string

crl_day number

The interval (in days) for updating the Certificate Revocation List (CRL).

enable_crl bool

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extended_key_usages list(string)

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

locality string

The name of the city where the organization is located.

organization string

The name of the organization associated with the CA certificate.

organization_unit string

The name of the department or branch within the organization

parent_identifier string

Parent node identifier.

path_len_constraint number

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resource_group_id string

A resource property field representing the resource group.

state string

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

status string

The current CA status.

tags map(string)

Tags

years number

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm String

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

aliasName String

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificateType String

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

commonName String

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

countryCode String

crlDay Integer

The interval (in days) for updating the Certificate Revocation List (CRL).

enableCrl Boolean

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extendedKeyUsages List<String>

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

locality String

The name of the city where the organization is located.

organization String

The name of the organization associated with the CA certificate.

organizationUnit String

The name of the department or branch within the organization

parentIdentifier String

Parent node identifier.

pathLenConstraint Integer

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resourceGroupId String

A resource property field representing the resource group.

state String

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

status String

The current CA status.

tags Map<String,String>

Tags

years Integer

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm string

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

aliasName string

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificateType string

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

commonName string

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

countryCode string

crlDay number

The interval (in days) for updating the Certificate Revocation List (CRL).

enableCrl boolean

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extendedKeyUsages string[]

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

locality string

The name of the city where the organization is located.

organization string

The name of the organization associated with the CA certificate.

organizationUnit string

The name of the department or branch within the organization

parentIdentifier string

Parent node identifier.

pathLenConstraint number

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resourceGroupId string

A resource property field representing the resource group.

state string

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

status string

The current CA status.

tags {[key: string]: string}

Tags

years number

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm str

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

alias_name str

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificate_type str

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

common_name str

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

country_code str

crl_day int

The interval (in days) for updating the Certificate Revocation List (CRL).

enable_crl bool

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extended_key_usages Sequence[str]

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

locality str

The name of the city where the organization is located.

organization str

The name of the organization associated with the CA certificate.

organization_unit str

The name of the department or branch within the organization

parent_identifier str

Parent node identifier.

path_len_constraint int

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resource_group_id str

A resource property field representing the resource group.

state str

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

status str

The current CA status.

tags Mapping[str, str]

Tags

years int

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

algorithm String

The key algorithm type of the root CA certificate. The key algorithm is expressed in the format _. Valid values:

RSA_1024: Corresponds to the signature algorithm Sha256WithRSA.
RSA_2048: Corresponds to the signature algorithm Sha256WithRSA.
RSA_4096: Corresponds to the signature algorithm Sha256WithRSA.
ECC_256: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_384: Corresponds to the signature algorithm Sha256WithECDSA.
ECC_512: Corresponds to the signature algorithm Sha256WithECDSA.
SM2_256: Corresponds to the signature algorithm SM3WithSM2.

NOTE: If certificateType is set to SUB_ROOT, algorithm is required.

aliasName String

A custom alias for the certificate, used to define a user-friendly name.

NOTE: This parameter only applies during resource creation, update. If modified in isolation without other property changes, Terraform will not trigger any action.

certificateType String

The type of the CA certificate. Default value: ROOT. Valid values:

ROOT: A root CA certificate.
SUB_ROOT: A subordinate CA certificate.

commonName String

The common name or short name of the organization. Chinese characters, English letters, and other characters are supported.

countryCode String

crlDay Number

The interval (in days) for updating the Certificate Revocation List (CRL).

enableCrl Boolean

Specifies whether to enable CRL.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

extendedKeyUsages List<String>

Extended attributes of the certificate, used to define extended key usages.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

locality String

The name of the city where the organization is located.

organization String

The name of the organization associated with the CA certificate.

organizationUnit String

The name of the department or branch within the organization

parentIdentifier String

Parent node identifier.

pathLenConstraint Number

The maximum depth of subordinate CA levels allowed under this CA.

NOTE: The parameter is immutable after resource creation. It only applies during resource creation and has no effect when modified post-creation.

resourceGroupId String

A resource property field representing the resource group.

state String

The name of the province, municipality directly under the central government, or autonomous region where the organization is located

status String

The current CA status.

tags Map<String>

Tags

years Number

The validity period of the root CA certificate, in years.

NOTE: We recommend setting it to 5–10 years.

Import

SSL Certificates Pca Certificate can be imported using the id, e.g.

$ pulumi import alicloud:sslcertificatesservicepca/certificate:Certificate example <identifier>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Viewing docs for Alibaba Cloud v3.102.0
published on Sunday, May 10, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

alicloud.sslcertificatesservicepca.Certificate

On this page

On this page

Example Usage

Create Certificate Resource

Constructor syntax

Parameters

Constructor example

Certificate Resource Properties

Inputs

Outputs

Look up Existing Certificate Resource

Import

Package Details

On this page

On this page