Viewing docs for Cloudflare v6.16.0
published on Tuesday, May 19, 2026 by Pulumi
published on Tuesday, May 19, 2026 by Pulumi
Viewing docs for Cloudflare v6.16.0
published on Tuesday, May 19, 2026 by Pulumi
published on Tuesday, May 19, 2026 by Pulumi
Accepted Permissions
Access: Mutual TLS Certificates ReadAccess: Mutual TLS Certificates WriteSSL and Certificates ReadSSL and Certificates Write
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const exampleCustomSsl = cloudflare.getCustomSsl({
zoneId: "023e105f4ecef8ad9ca31a8372d0c353",
customCertificateId: "023e105f4ecef8ad9ca31a8372d0c353",
});
import pulumi
import pulumi_cloudflare as cloudflare
example_custom_ssl = cloudflare.get_custom_ssl(zone_id="023e105f4ecef8ad9ca31a8372d0c353",
custom_certificate_id="023e105f4ecef8ad9ca31a8372d0c353")
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudflare.GetCustomSsl(ctx, &cloudflare.LookupCustomSslArgs{
ZoneId: pulumi.StringRef("023e105f4ecef8ad9ca31a8372d0c353"),
CustomCertificateId: pulumi.StringRef("023e105f4ecef8ad9ca31a8372d0c353"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
var exampleCustomSsl = Cloudflare.GetCustomSsl.Invoke(new()
{
ZoneId = "023e105f4ecef8ad9ca31a8372d0c353",
CustomCertificateId = "023e105f4ecef8ad9ca31a8372d0c353",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetCustomSslArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleCustomSsl = CloudflareFunctions.getCustomSsl(GetCustomSslArgs.builder()
.zoneId("023e105f4ecef8ad9ca31a8372d0c353")
.customCertificateId("023e105f4ecef8ad9ca31a8372d0c353")
.build());
}
}
variables:
exampleCustomSsl:
fn::invoke:
function: cloudflare:getCustomSsl
arguments:
zoneId: 023e105f4ecef8ad9ca31a8372d0c353
customCertificateId: 023e105f4ecef8ad9ca31a8372d0c353
Example coming soon!
Using getCustomSsl
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCustomSsl(args: GetCustomSslArgs, opts?: InvokeOptions): Promise<GetCustomSslResult>
function getCustomSslOutput(args: GetCustomSslOutputArgs, opts?: InvokeOptions): Output<GetCustomSslResult>def get_custom_ssl(custom_certificate_id: Optional[str] = None,
filter: Optional[GetCustomSslFilter] = None,
zone_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCustomSslResult
def get_custom_ssl_output(custom_certificate_id: pulumi.Input[Optional[str]] = None,
filter: pulumi.Input[Optional[GetCustomSslFilterArgs]] = None,
zone_id: pulumi.Input[Optional[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCustomSslResult]func LookupCustomSsl(ctx *Context, args *LookupCustomSslArgs, opts ...InvokeOption) (*LookupCustomSslResult, error)
func LookupCustomSslOutput(ctx *Context, args *LookupCustomSslOutputArgs, opts ...InvokeOption) LookupCustomSslResultOutput> Note: This function is named LookupCustomSsl in the Go SDK.
public static class GetCustomSsl
{
public static Task<GetCustomSslResult> InvokeAsync(GetCustomSslArgs args, InvokeOptions? opts = null)
public static Output<GetCustomSslResult> Invoke(GetCustomSslInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetCustomSslResult> getCustomSsl(GetCustomSslArgs args, InvokeOptions options)
public static Output<GetCustomSslResult> getCustomSsl(GetCustomSslArgs args, InvokeOptions options)
fn::invoke:
function: cloudflare:index/getCustomSsl:getCustomSsl
arguments:
# arguments dictionarydata "cloudflare_getcustomssl" "name" {
# arguments
}The following arguments are supported:
- Custom
Certificate stringId - Identifier.
- Filter
Get
Custom Ssl Filter - Zone
Id string - Identifier.
- Custom
Certificate stringId - Identifier.
- Filter
Get
Custom Ssl Filter - Zone
Id string - Identifier.
- custom_
certificate_ stringid - Identifier.
- filter object
- zone_
id string - Identifier.
- custom
Certificate StringId - Identifier.
- filter
Get
Custom Ssl Filter - zone
Id String - Identifier.
- custom
Certificate stringId - Identifier.
- filter
Get
Custom Ssl Filter - zone
Id string - Identifier.
- custom_
certificate_ strid - Identifier.
- filter
Get
Custom Ssl Filter - zone_
id str - Identifier.
- custom
Certificate StringId - Identifier.
- filter Property Map
- zone
Id String - Identifier.
getCustomSsl Result
The following output properties are available:
- Bundle
Method string - A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
- Custom
Csr stringId - The identifier for the Custom CSR that was used.
- Expires
On string - When the certificate from the authority expires.
- Geo
Restrictions GetCustom Ssl Geo Restrictions - Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
- Hosts List<string>
- Id string
- Identifier.
- Issuer string
- The certificate authority that issued the certificate.
- Keyless
Server GetCustom Ssl Keyless Server - Modified
On string - When the certificate was last modified.
- Policy
Restrictions string - The policy restrictions returned by the API. This field is returned in responses when a policy has been set. The API accepts the "policy" field in requests but returns this field as "policyRestrictions" in responses.
- Priority double
- Signature string
- Status string
- Uploaded
On string - Custom
Certificate stringId - Identifier.
- Filter
Get
Custom Ssl Filter - Zone
Id string - Identifier.
- Bundle
Method string - A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
- Custom
Csr stringId - The identifier for the Custom CSR that was used.
- Expires
On string - When the certificate from the authority expires.
- Geo
Restrictions GetCustom Ssl Geo Restrictions - Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
- Hosts []string
- Id string
- Identifier.
- Issuer string
- The certificate authority that issued the certificate.
- Keyless
Server GetCustom Ssl Keyless Server - Modified
On string - When the certificate was last modified.
- Policy
Restrictions string - The policy restrictions returned by the API. This field is returned in responses when a policy has been set. The API accepts the "policy" field in requests but returns this field as "policyRestrictions" in responses.
- Priority float64
- Signature string
- Status string
- Uploaded
On string - Custom
Certificate stringId - Identifier.
- Filter
Get
Custom Ssl Filter - Zone
Id string - Identifier.
- bundle_
method string - A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
- custom_
csr_ stringid - The identifier for the Custom CSR that was used.
- expires_
on string - When the certificate from the authority expires.
- geo_
restrictions object - Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
- hosts list(string)
- id string
- Identifier.
- issuer string
- The certificate authority that issued the certificate.
- keyless_
server object - modified_
on string - When the certificate was last modified.
- policy_
restrictions string - The policy restrictions returned by the API. This field is returned in responses when a policy has been set. The API accepts the "policy" field in requests but returns this field as "policyRestrictions" in responses.
- priority number
- signature string
- status string
- uploaded_
on string - custom_
certificate_ stringid - Identifier.
- filter object
- zone_
id string - Identifier.
- bundle
Method String - A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
- custom
Csr StringId - The identifier for the Custom CSR that was used.
- expires
On String - When the certificate from the authority expires.
- geo
Restrictions GetCustom Ssl Geo Restrictions - Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
- hosts List<String>
- id String
- Identifier.
- issuer String
- The certificate authority that issued the certificate.
- keyless
Server GetCustom Ssl Keyless Server - modified
On String - When the certificate was last modified.
- policy
Restrictions String - The policy restrictions returned by the API. This field is returned in responses when a policy has been set. The API accepts the "policy" field in requests but returns this field as "policyRestrictions" in responses.
- priority Double
- signature String
- status String
- uploaded
On String - custom
Certificate StringId - Identifier.
- filter
Get
Custom Ssl Filter - zone
Id String - Identifier.
- bundle
Method string - A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
- custom
Csr stringId - The identifier for the Custom CSR that was used.
- expires
On string - When the certificate from the authority expires.
- geo
Restrictions GetCustom Ssl Geo Restrictions - Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
- hosts string[]
- id string
- Identifier.
- issuer string
- The certificate authority that issued the certificate.
- keyless
Server GetCustom Ssl Keyless Server - modified
On string - When the certificate was last modified.
- policy
Restrictions string - The policy restrictions returned by the API. This field is returned in responses when a policy has been set. The API accepts the "policy" field in requests but returns this field as "policyRestrictions" in responses.
- priority number
- signature string
- status string
- uploaded
On string - custom
Certificate stringId - Identifier.
- filter
Get
Custom Ssl Filter - zone
Id string - Identifier.
- bundle_
method str - A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
- custom_
csr_ strid - The identifier for the Custom CSR that was used.
- expires_
on str - When the certificate from the authority expires.
- geo_
restrictions GetCustom Ssl Geo Restrictions - Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
- hosts Sequence[str]
- id str
- Identifier.
- issuer str
- The certificate authority that issued the certificate.
- keyless_
server GetCustom Ssl Keyless Server - modified_
on str - When the certificate was last modified.
- policy_
restrictions str - The policy restrictions returned by the API. This field is returned in responses when a policy has been set. The API accepts the "policy" field in requests but returns this field as "policyRestrictions" in responses.
- priority float
- signature str
- status str
- uploaded_
on str - custom_
certificate_ strid - Identifier.
- filter
Get
Custom Ssl Filter - zone_
id str - Identifier.
- bundle
Method String - A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
- custom
Csr StringId - The identifier for the Custom CSR that was used.
- expires
On String - When the certificate from the authority expires.
- geo
Restrictions Property Map - Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
- hosts List<String>
- id String
- Identifier.
- issuer String
- The certificate authority that issued the certificate.
- keyless
Server Property Map - modified
On String - When the certificate was last modified.
- policy
Restrictions String - The policy restrictions returned by the API. This field is returned in responses when a policy has been set. The API accepts the "policy" field in requests but returns this field as "policyRestrictions" in responses.
- priority Number
- signature String
- status String
- uploaded
On String - custom
Certificate StringId - Identifier.
- filter Property Map
- zone
Id String - Identifier.
Supporting Types
GetCustomSslFilter
GetCustomSslGeoRestrictions
- Label string
- Available values: "us", "eu", "highestSecurity".
- Label string
- Available values: "us", "eu", "highestSecurity".
- label string
- Available values: "us", "eu", "highestSecurity".
- label String
- Available values: "us", "eu", "highestSecurity".
- label string
- Available values: "us", "eu", "highestSecurity".
- label str
- Available values: "us", "eu", "highestSecurity".
- label String
- Available values: "us", "eu", "highestSecurity".
GetCustomSslKeylessServer
- Created
On string - When the Keyless SSL was created.
- Enabled bool
- Whether or not the Keyless SSL is on or off.
- Host string
- The keyless SSL name.
- Id string
- Keyless certificate identifier tag.
- Modified
On string - When the Keyless SSL was last modified.
- Name string
- The keyless SSL name.
- Permissions List<string>
- Available permissions for the Keyless SSL for the current user requesting the item.
- Port double
- The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
- Status string
- Status of the Keyless SSL. Available values: "active", "deleted".
- Tunnel
Get
Custom Ssl Keyless Server Tunnel - Configuration for using Keyless SSL through a Cloudflare Tunnel
- Created
On string - When the Keyless SSL was created.
- Enabled bool
- Whether or not the Keyless SSL is on or off.
- Host string
- The keyless SSL name.
- Id string
- Keyless certificate identifier tag.
- Modified
On string - When the Keyless SSL was last modified.
- Name string
- The keyless SSL name.
- Permissions []string
- Available permissions for the Keyless SSL for the current user requesting the item.
- Port float64
- The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
- Status string
- Status of the Keyless SSL. Available values: "active", "deleted".
- Tunnel
Get
Custom Ssl Keyless Server Tunnel - Configuration for using Keyless SSL through a Cloudflare Tunnel
- created_
on string - When the Keyless SSL was created.
- enabled bool
- Whether or not the Keyless SSL is on or off.
- host string
- The keyless SSL name.
- id string
- Keyless certificate identifier tag.
- modified_
on string - When the Keyless SSL was last modified.
- name string
- The keyless SSL name.
- permissions list(string)
- Available permissions for the Keyless SSL for the current user requesting the item.
- port number
- The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
- status string
- Status of the Keyless SSL. Available values: "active", "deleted".
- tunnel object
- Configuration for using Keyless SSL through a Cloudflare Tunnel
- created
On String - When the Keyless SSL was created.
- enabled Boolean
- Whether or not the Keyless SSL is on or off.
- host String
- The keyless SSL name.
- id String
- Keyless certificate identifier tag.
- modified
On String - When the Keyless SSL was last modified.
- name String
- The keyless SSL name.
- permissions List<String>
- Available permissions for the Keyless SSL for the current user requesting the item.
- port Double
- The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
- status String
- Status of the Keyless SSL. Available values: "active", "deleted".
- tunnel
Get
Custom Ssl Keyless Server Tunnel - Configuration for using Keyless SSL through a Cloudflare Tunnel
- created
On string - When the Keyless SSL was created.
- enabled boolean
- Whether or not the Keyless SSL is on or off.
- host string
- The keyless SSL name.
- id string
- Keyless certificate identifier tag.
- modified
On string - When the Keyless SSL was last modified.
- name string
- The keyless SSL name.
- permissions string[]
- Available permissions for the Keyless SSL for the current user requesting the item.
- port number
- The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
- status string
- Status of the Keyless SSL. Available values: "active", "deleted".
- tunnel
Get
Custom Ssl Keyless Server Tunnel - Configuration for using Keyless SSL through a Cloudflare Tunnel
- created_
on str - When the Keyless SSL was created.
- enabled bool
- Whether or not the Keyless SSL is on or off.
- host str
- The keyless SSL name.
- id str
- Keyless certificate identifier tag.
- modified_
on str - When the Keyless SSL was last modified.
- name str
- The keyless SSL name.
- permissions Sequence[str]
- Available permissions for the Keyless SSL for the current user requesting the item.
- port float
- The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
- status str
- Status of the Keyless SSL. Available values: "active", "deleted".
- tunnel
Get
Custom Ssl Keyless Server Tunnel - Configuration for using Keyless SSL through a Cloudflare Tunnel
- created
On String - When the Keyless SSL was created.
- enabled Boolean
- Whether or not the Keyless SSL is on or off.
- host String
- The keyless SSL name.
- id String
- Keyless certificate identifier tag.
- modified
On String - When the Keyless SSL was last modified.
- name String
- The keyless SSL name.
- permissions List<String>
- Available permissions for the Keyless SSL for the current user requesting the item.
- port Number
- The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
- status String
- Status of the Keyless SSL. Available values: "active", "deleted".
- tunnel Property Map
- Configuration for using Keyless SSL through a Cloudflare Tunnel
GetCustomSslKeylessServerTunnel
- private_
ip string - Private IP of the Key Server Host
- vnet_
id string - Cloudflare Tunnel Virtual Network ID
- private_
ip str - Private IP of the Key Server Host
- vnet_
id str - Cloudflare Tunnel Virtual Network ID
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.
Viewing docs for Cloudflare v6.16.0
published on Tuesday, May 19, 2026 by Pulumi
published on Tuesday, May 19, 2026 by Pulumi
