Google Cloud (GCP) Classic
Certificate
A Certificate corresponds to a signed X.509 certificate issued by a Certificate.
Note: The Certificate Authority that is referenced by this resource must be
tier = "ENTERPRISE"
Example Usage
Privateca Certificate Config
using System;
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
private static string ReadFileBase64(string path) {
return Convert.ToBase64String(Encoding.UTF8.GetBytes(File.ReadAllText(path)))
}
public MyStack()
{
var test_ca = new Gcp.CertificateAuthority.Authority("test-ca", new Gcp.CertificateAuthority.AuthorityArgs
{
CertificateAuthorityId = "my-certificate-authority",
Location = "us-central1",
Pool = "",
IgnoreActiveCertificatesOnDeletion = true,
DeletionProtection = false,
Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
{
Organization = "HashiCorp",
CommonName = "my-certificate-authority",
},
SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
{
DnsNames =
{
"hashicorp.com",
},
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
{
IsCa = true,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
CertSign = true,
CrlSign = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = true,
},
},
},
},
KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
{
Algorithm = "RSA_PKCS1_4096_SHA256",
},
});
var @default = new Gcp.CertificateAuthority.Certificate("default", new Gcp.CertificateAuthority.CertificateArgs
{
Pool = "",
Location = "us-central1",
CertificateAuthority = test_ca.CertificateAuthorityId,
Lifetime = "860s",
Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs
{
CommonName = "san1.example.com",
CountryCode = "us",
Organization = "google",
OrganizationalUnit = "enterprise",
Locality = "mountain view",
Province = "california",
StreetAddress = "1600 amphitheatre parkway",
},
SubjectAltName = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectAltNameArgs
{
EmailAddresses =
{
"email@example.com",
},
IpAddresses =
{
"127.0.0.1",
},
Uris =
{
"http://www.ietf.org/rfc/rfc3986.txt",
},
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs
{
IsCa = false,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
CrlSign = false,
DecipherOnly = false,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = false,
},
},
},
PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs
{
Format = "PEM",
Key = ReadFileBase64("test-fixtures/rsa_public.pem"),
},
},
});
}
}
package main
import (
"encoding/base64"
"io/ioutil"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificateauthority"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func filebase64OrPanic(path string) pulumi.StringPtrInput {
if fileData, err := ioutil.ReadFile(path); err == nil {
return pulumi.String(base64.StdEncoding.EncodeToString(fileData[:]))
} else {
panic(err.Error())
}
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := certificateauthority.NewAuthority(ctx, "test-ca", &certificateauthority.AuthorityArgs{
CertificateAuthorityId: pulumi.String("my-certificate-authority"),
Location: pulumi.String("us-central1"),
Pool: pulumi.String(""),
IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
DeletionProtection: pulumi.Bool(false),
Config: &certificateauthority.AuthorityConfigArgs{
SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
Organization: pulumi.String("HashiCorp"),
CommonName: pulumi.String("my-certificate-authority"),
},
SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
DnsNames: pulumi.StringArray{
pulumi.String("hashicorp.com"),
},
},
},
X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(true),
},
KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(true),
CrlSign: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(true),
},
},
},
},
KeySpec: &certificateauthority.AuthorityKeySpecArgs{
Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
},
})
if err != nil {
return err
}
_, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
Pool: pulumi.String(""),
Location: pulumi.String("us-central1"),
CertificateAuthority: test_ca.CertificateAuthorityId,
Lifetime: pulumi.String("860s"),
Config: &certificateauthority.CertificateConfigArgs{
SubjectConfig: &certificateauthority.CertificateConfigSubjectConfigArgs{
Subject: &certificateauthority.CertificateConfigSubjectConfigSubjectArgs{
CommonName: pulumi.String("san1.example.com"),
CountryCode: pulumi.String("us"),
Organization: pulumi.String("google"),
OrganizationalUnit: pulumi.String("enterprise"),
Locality: pulumi.String("mountain view"),
Province: pulumi.String("california"),
StreetAddress: pulumi.String("1600 amphitheatre parkway"),
},
SubjectAltName: &certificateauthority.CertificateConfigSubjectConfigSubjectAltNameArgs{
EmailAddresses: pulumi.StringArray{
pulumi.String("email@example.com"),
},
IpAddresses: pulumi.StringArray{
pulumi.String("127.0.0.1"),
},
Uris: pulumi.StringArray{
pulumi.String("http://www.ietf.org/rfc/rfc3986.txt"),
},
},
},
X509Config: &certificateauthority.CertificateConfigX509ConfigArgs{
CaOptions: &certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(false),
},
KeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{
CrlSign: pulumi.Bool(false),
DecipherOnly: pulumi.Bool(false),
},
ExtendedKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(false),
},
},
},
PublicKey: &certificateauthority.CertificateConfigPublicKeyArgs{
Format: pulumi.String("PEM"),
Key: filebase64OrPanic("test-fixtures/rsa_public.pem"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test_ca = new Authority("test-ca", AuthorityArgs.builder()
.certificateAuthorityId("my-certificate-authority")
.location("us-central1")
.pool("")
.ignoreActiveCertificatesOnDeletion(true)
.deletionProtection(false)
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("HashiCorp")
.commonName("my-certificate-authority")
.build())
.subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
.dnsNames("hashicorp.com")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(true)
.build())
.build())
.build())
.build())
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.pool("")
.location("us-central1")
.certificateAuthority(test_ca.certificateAuthorityId())
.lifetime("860s")
.config(CertificateConfigArgs.builder()
.subjectConfig(CertificateConfigSubjectConfigArgs.builder()
.subject(CertificateConfigSubjectConfigSubjectArgs.builder()
.commonName("san1.example.com")
.countryCode("us")
.organization("google")
.organizationalUnit("enterprise")
.locality("mountain view")
.province("california")
.streetAddress("1600 amphitheatre parkway")
.build())
.subjectAltName(CertificateConfigSubjectConfigSubjectAltNameArgs.builder()
.emailAddresses("email@example.com")
.ipAddresses("127.0.0.1")
.uris("http://www.ietf.org/rfc/rfc3986.txt")
.build())
.build())
.x509Config(CertificateConfigX509ConfigArgs.builder()
.caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()
.isCa(false)
.build())
.keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.crlSign(false)
.decipherOnly(false)
.build())
.extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(false)
.build())
.build())
.build())
.publicKey(CertificateConfigPublicKeyArgs.builder()
.format("PEM")
.key(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("test-fixtures/rsa_public.pem"))))
.build())
.build())
.build());
}
}
import pulumi
import base64
import pulumi_gcp as gcp
test_ca = gcp.certificateauthority.Authority("test-ca",
certificate_authority_id="my-certificate-authority",
location="us-central1",
pool="",
ignore_active_certificates_on_deletion=True,
deletion_protection=False,
config=gcp.certificateauthority.AuthorityConfigArgs(
subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
organization="HashiCorp",
common_name="my-certificate-authority",
),
subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
dns_names=["hashicorp.com"],
),
),
x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
is_ca=True,
),
key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
cert_sign=True,
crl_sign=True,
),
extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
server_auth=True,
),
),
),
),
key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
algorithm="RSA_PKCS1_4096_SHA256",
))
default = gcp.certificateauthority.Certificate("default",
pool="",
location="us-central1",
certificate_authority=test_ca.certificate_authority_id,
lifetime="860s",
config=gcp.certificateauthority.CertificateConfigArgs(
subject_config=gcp.certificateauthority.CertificateConfigSubjectConfigArgs(
subject=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectArgs(
common_name="san1.example.com",
country_code="us",
organization="google",
organizational_unit="enterprise",
locality="mountain view",
province="california",
street_address="1600 amphitheatre parkway",
),
subject_alt_name=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectAltNameArgs(
email_addresses=["email@example.com"],
ip_addresses=["127.0.0.1"],
uris=["http://www.ietf.org/rfc/rfc3986.txt"],
),
),
x509_config=gcp.certificateauthority.CertificateConfigX509ConfigArgs(
ca_options=gcp.certificateauthority.CertificateConfigX509ConfigCaOptionsArgs(
is_ca=False,
),
key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageArgs(
base_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs(
crl_sign=False,
decipher_only=False,
),
extended_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
server_auth=False,
),
),
),
public_key=gcp.certificateauthority.CertificateConfigPublicKeyArgs(
format="PEM",
key=(lambda path: base64.b64encode(open(path).read().encode()).decode())("test-fixtures/rsa_public.pem"),
),
))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * from "fs";
const test_ca = new gcp.certificateauthority.Authority("test-ca", {
certificateAuthorityId: "my-certificate-authority",
location: "us-central1",
pool: "",
ignoreActiveCertificatesOnDeletion: true,
deletionProtection: false,
config: {
subjectConfig: {
subject: {
organization: "HashiCorp",
commonName: "my-certificate-authority",
},
subjectAltName: {
dnsNames: ["hashicorp.com"],
},
},
x509Config: {
caOptions: {
isCa: true,
},
keyUsage: {
baseKeyUsage: {
certSign: true,
crlSign: true,
},
extendedKeyUsage: {
serverAuth: true,
},
},
},
},
keySpec: {
algorithm: "RSA_PKCS1_4096_SHA256",
},
});
const _default = new gcp.certificateauthority.Certificate("default", {
pool: "",
location: "us-central1",
certificateAuthority: test_ca.certificateAuthorityId,
lifetime: "860s",
config: {
subjectConfig: {
subject: {
commonName: "san1.example.com",
countryCode: "us",
organization: "google",
organizationalUnit: "enterprise",
locality: "mountain view",
province: "california",
streetAddress: "1600 amphitheatre parkway",
},
subjectAltName: {
emailAddresses: ["email@example.com"],
ipAddresses: ["127.0.0.1"],
uris: ["http://www.ietf.org/rfc/rfc3986.txt"],
},
},
x509Config: {
caOptions: {
isCa: false,
},
keyUsage: {
baseKeyUsage: {
crlSign: false,
decipherOnly: false,
},
extendedKeyUsage: {
serverAuth: false,
},
},
},
publicKey: {
format: "PEM",
key: Buffer.from(fs.readFileSync("test-fixtures/rsa_public.pem"), 'binary').toString('base64'),
},
},
});
Coming soon!
Privateca Certificate With Template
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var template = new Gcp.CertificateAuthority.CertificateTemplate("template", new Gcp.CertificateAuthority.CertificateTemplateArgs
{
Location = "us-central1",
Description = "An updated sample certificate template",
IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs
{
AllowSubjectAltNamesPassthrough = true,
AllowSubjectPassthrough = true,
CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs
{
Description = "Always true",
Expression = "true",
Location = "any.file.anywhere",
Title = "Sample expression",
},
},
PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs
{
AdditionalExtensions =
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
{
ObjectIdPaths =
{
1,
6,
},
},
},
KnownExtensions =
{
"EXTENDED_KEY_USAGE",
},
},
PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs
{
AdditionalExtensions =
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs
{
ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
{
ObjectIdPaths =
{
1,
6,
},
},
Value = "c3RyaW5nCg==",
Critical = true,
},
},
AiaOcspServers =
{
"string",
},
CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs
{
IsCa = false,
MaxIssuerPathLength = 6,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
{
CertSign = false,
ContentCommitment = true,
CrlSign = false,
DataEncipherment = true,
DecipherOnly = true,
DigitalSignature = true,
EncipherOnly = true,
KeyAgreement = true,
KeyEncipherment = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
{
ClientAuth = true,
CodeSigning = true,
EmailProtection = true,
OcspSigning = true,
ServerAuth = true,
TimeStamping = true,
},
UnknownExtendedKeyUsages =
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
{
ObjectIdPaths =
{
1,
6,
},
},
},
},
PolicyIds =
{
new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs
{
ObjectIdPaths =
{
1,
6,
},
},
},
},
});
var test_ca = new Gcp.CertificateAuthority.Authority("test-ca", new Gcp.CertificateAuthority.AuthorityArgs
{
Pool = "",
CertificateAuthorityId = "my-certificate-authority",
Location = "us-central1",
DeletionProtection = false,
Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
{
Organization = "HashiCorp",
CommonName = "my-certificate-authority",
},
SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
{
DnsNames =
{
"hashicorp.com",
},
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
{
IsCa = true,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
CertSign = true,
CrlSign = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = false,
},
},
},
},
KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
{
Algorithm = "RSA_PKCS1_4096_SHA256",
},
});
var @default = new Gcp.CertificateAuthority.Certificate("default", new Gcp.CertificateAuthority.CertificateArgs
{
Pool = "",
Location = "us-central1",
CertificateAuthority = test_ca.CertificateAuthorityId,
Lifetime = "860s",
PemCsr = File.ReadAllText("test-fixtures/rsa_csr.pem"),
CertificateTemplate = template.Id,
});
}
}
package main
import (
"io/ioutil"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificateauthority"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := ioutil.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
template, err := certificateauthority.NewCertificateTemplate(ctx, "template", &certificateauthority.CertificateTemplateArgs{
Location: pulumi.String("us-central1"),
Description: pulumi.String("An updated sample certificate template"),
IdentityConstraints: &certificateauthority.CertificateTemplateIdentityConstraintsArgs{
AllowSubjectAltNamesPassthrough: pulumi.Bool(true),
AllowSubjectPassthrough: pulumi.Bool(true),
CelExpression: &certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{
Description: pulumi.String("Always true"),
Expression: pulumi.String("true"),
Location: pulumi.String("any.file.anywhere"),
Title: pulumi.String("Sample expression"),
},
},
PassthroughExtensions: &certificateauthority.CertificateTemplatePassthroughExtensionsArgs{
AdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{
&certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(6),
},
},
},
KnownExtensions: pulumi.StringArray{
pulumi.String("EXTENDED_KEY_USAGE"),
},
},
PredefinedValues: &certificateauthority.CertificateTemplatePredefinedValuesArgs{
AdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{
&certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{
ObjectId: &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(6),
},
},
Value: pulumi.String("c3RyaW5nCg=="),
Critical: pulumi.Bool(true),
},
},
AiaOcspServers: pulumi.StringArray{
pulumi.String("string"),
},
CaOptions: &certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{
IsCa: pulumi.Bool(false),
MaxIssuerPathLength: pulumi.Int(6),
},
KeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{
BaseKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(false),
ContentCommitment: pulumi.Bool(true),
CrlSign: pulumi.Bool(false),
DataEncipherment: pulumi.Bool(true),
DecipherOnly: pulumi.Bool(true),
DigitalSignature: pulumi.Bool(true),
EncipherOnly: pulumi.Bool(true),
KeyAgreement: pulumi.Bool(true),
KeyEncipherment: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{
ClientAuth: pulumi.Bool(true),
CodeSigning: pulumi.Bool(true),
EmailProtection: pulumi.Bool(true),
OcspSigning: pulumi.Bool(true),
ServerAuth: pulumi.Bool(true),
TimeStamping: pulumi.Bool(true),
},
UnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{
&certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(6),
},
},
},
},
PolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{
&certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{
ObjectIdPaths: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(6),
},
},
},
},
})
if err != nil {
return err
}
_, err = certificateauthority.NewAuthority(ctx, "test-ca", &certificateauthority.AuthorityArgs{
Pool: pulumi.String(""),
CertificateAuthorityId: pulumi.String("my-certificate-authority"),
Location: pulumi.String("us-central1"),
DeletionProtection: pulumi.Bool(false),
Config: &certificateauthority.AuthorityConfigArgs{
SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
Organization: pulumi.String("HashiCorp"),
CommonName: pulumi.String("my-certificate-authority"),
},
SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
DnsNames: pulumi.StringArray{
pulumi.String("hashicorp.com"),
},
},
},
X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(true),
},
KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(true),
CrlSign: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(false),
},
},
},
},
KeySpec: &certificateauthority.AuthorityKeySpecArgs{
Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
},
})
if err != nil {
return err
}
_, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
Pool: pulumi.String(""),
Location: pulumi.String("us-central1"),
CertificateAuthority: test_ca.CertificateAuthorityId,
Lifetime: pulumi.String("860s"),
PemCsr: readFileOrPanic("test-fixtures/rsa_csr.pem"),
CertificateTemplate: template.ID(),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var template = new CertificateTemplate("template", CertificateTemplateArgs.builder()
.location("us-central1")
.description("An updated sample certificate template")
.identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
.allowSubjectAltNamesPassthrough(true)
.allowSubjectPassthrough(true)
.celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
.description("Always true")
.expression("true")
.location("any.file.anywhere")
.title("Sample expression")
.build())
.build())
.passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
.additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
.objectIdPaths(
1,
6)
.build())
.knownExtensions("EXTENDED_KEY_USAGE")
.build())
.predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
.additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
.objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
.objectIdPaths(
1,
6)
.build())
.value("c3RyaW5nCg==")
.critical(true)
.build())
.aiaOcspServers("string")
.caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
.isCa(false)
.maxIssuerPathLength(6)
.build())
.keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
.baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
.certSign(false)
.contentCommitment(true)
.crlSign(false)
.dataEncipherment(true)
.decipherOnly(true)
.digitalSignature(true)
.encipherOnly(true)
.keyAgreement(true)
.keyEncipherment(true)
.build())
.extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
.clientAuth(true)
.codeSigning(true)
.emailProtection(true)
.ocspSigning(true)
.serverAuth(true)
.timeStamping(true)
.build())
.unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
.objectIdPaths(
1,
6)
.build())
.build())
.policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
.objectIdPaths(
1,
6)
.build())
.build())
.build());
var test_ca = new Authority("test-ca", AuthorityArgs.builder()
.pool("")
.certificateAuthorityId("my-certificate-authority")
.location("us-central1")
.deletionProtection(false)
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("HashiCorp")
.commonName("my-certificate-authority")
.build())
.subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
.dnsNames("hashicorp.com")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(false)
.build())
.build())
.build())
.build())
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.pool("")
.location("us-central1")
.certificateAuthority(test_ca.certificateAuthorityId())
.lifetime("860s")
.pemCsr(Files.readString("test-fixtures/rsa_csr.pem"))
.certificateTemplate(template.id())
.build());
}
}
import pulumi
import pulumi_gcp as gcp
template = gcp.certificateauthority.CertificateTemplate("template",
location="us-central1",
description="An updated sample certificate template",
identity_constraints=gcp.certificateauthority.CertificateTemplateIdentityConstraintsArgs(
allow_subject_alt_names_passthrough=True,
allow_subject_passthrough=True,
cel_expression=gcp.certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs(
description="Always true",
expression="true",
location="any.file.anywhere",
title="Sample expression",
),
),
passthrough_extensions=gcp.certificateauthority.CertificateTemplatePassthroughExtensionsArgs(
additional_extensions=[gcp.certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs(
object_id_paths=[
1,
6,
],
)],
known_extensions=["EXTENDED_KEY_USAGE"],
),
predefined_values=gcp.certificateauthority.CertificateTemplatePredefinedValuesArgs(
additional_extensions=[gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs(
object_id=gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs(
object_id_paths=[
1,
6,
],
),
value="c3RyaW5nCg==",
critical=True,
)],
aia_ocsp_servers=["string"],
ca_options=gcp.certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs(
is_ca=False,
max_issuer_path_length=6,
),
key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs(
base_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs(
cert_sign=False,
content_commitment=True,
crl_sign=False,
data_encipherment=True,
decipher_only=True,
digital_signature=True,
encipher_only=True,
key_agreement=True,
key_encipherment=True,
),
extended_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs(
client_auth=True,
code_signing=True,
email_protection=True,
ocsp_signing=True,
server_auth=True,
time_stamping=True,
),
unknown_extended_key_usages=[gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs(
object_id_paths=[
1,
6,
],
)],
),
policy_ids=[gcp.certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs(
object_id_paths=[
1,
6,
],
)],
))
test_ca = gcp.certificateauthority.Authority("test-ca",
pool="",
certificate_authority_id="my-certificate-authority",
location="us-central1",
deletion_protection=False,
config=gcp.certificateauthority.AuthorityConfigArgs(
subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
organization="HashiCorp",
common_name="my-certificate-authority",
),
subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
dns_names=["hashicorp.com"],
),
),
x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
is_ca=True,
),
key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
cert_sign=True,
crl_sign=True,
),
extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
server_auth=False,
),
),
),
),
key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
algorithm="RSA_PKCS1_4096_SHA256",
))
default = gcp.certificateauthority.Certificate("default",
pool="",
location="us-central1",
certificate_authority=test_ca.certificate_authority_id,
lifetime="860s",
pem_csr=(lambda path: open(path).read())("test-fixtures/rsa_csr.pem"),
certificate_template=template.id)
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * from "fs";
const template = new gcp.certificateauthority.CertificateTemplate("template", {
location: "us-central1",
description: "An updated sample certificate template",
identityConstraints: {
allowSubjectAltNamesPassthrough: true,
allowSubjectPassthrough: true,
celExpression: {
description: "Always true",
expression: "true",
location: "any.file.anywhere",
title: "Sample expression",
},
},
passthroughExtensions: {
additionalExtensions: [{
objectIdPaths: [
1,
6,
],
}],
knownExtensions: ["EXTENDED_KEY_USAGE"],
},
predefinedValues: {
additionalExtensions: [{
objectId: {
objectIdPaths: [
1,
6,
],
},
value: "c3RyaW5nCg==",
critical: true,
}],
aiaOcspServers: ["string"],
caOptions: {
isCa: false,
maxIssuerPathLength: 6,
},
keyUsage: {
baseKeyUsage: {
certSign: false,
contentCommitment: true,
crlSign: false,
dataEncipherment: true,
decipherOnly: true,
digitalSignature: true,
encipherOnly: true,
keyAgreement: true,
keyEncipherment: true,
},
extendedKeyUsage: {
clientAuth: true,
codeSigning: true,
emailProtection: true,
ocspSigning: true,
serverAuth: true,
timeStamping: true,
},
unknownExtendedKeyUsages: [{
objectIdPaths: [
1,
6,
],
}],
},
policyIds: [{
objectIdPaths: [
1,
6,
],
}],
},
});
const test_ca = new gcp.certificateauthority.Authority("test-ca", {
pool: "",
certificateAuthorityId: "my-certificate-authority",
location: "us-central1",
deletionProtection: false,
config: {
subjectConfig: {
subject: {
organization: "HashiCorp",
commonName: "my-certificate-authority",
},
subjectAltName: {
dnsNames: ["hashicorp.com"],
},
},
x509Config: {
caOptions: {
isCa: true,
},
keyUsage: {
baseKeyUsage: {
certSign: true,
crlSign: true,
},
extendedKeyUsage: {
serverAuth: false,
},
},
},
},
keySpec: {
algorithm: "RSA_PKCS1_4096_SHA256",
},
});
const _default = new gcp.certificateauthority.Certificate("default", {
pool: "",
location: "us-central1",
certificateAuthority: test_ca.certificateAuthorityId,
lifetime: "860s",
pemCsr: fs.readFileSync("test-fixtures/rsa_csr.pem"),
certificateTemplate: template.id,
});
Coming soon!
Privateca Certificate Csr
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var test_ca = new Gcp.CertificateAuthority.Authority("test-ca", new Gcp.CertificateAuthority.AuthorityArgs
{
Pool = "",
CertificateAuthorityId = "my-certificate-authority",
Location = "us-central1",
DeletionProtection = false,
Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
{
Organization = "HashiCorp",
CommonName = "my-certificate-authority",
},
SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
{
DnsNames =
{
"hashicorp.com",
},
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
{
IsCa = true,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
CertSign = true,
CrlSign = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = false,
},
},
},
},
KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
{
Algorithm = "RSA_PKCS1_4096_SHA256",
},
});
var @default = new Gcp.CertificateAuthority.Certificate("default", new Gcp.CertificateAuthority.CertificateArgs
{
Pool = "",
Location = "us-central1",
CertificateAuthority = test_ca.CertificateAuthorityId,
Lifetime = "860s",
PemCsr = File.ReadAllText("test-fixtures/rsa_csr.pem"),
});
}
}
package main
import (
"io/ioutil"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificateauthority"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := ioutil.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := certificateauthority.NewAuthority(ctx, "test-ca", &certificateauthority.AuthorityArgs{
Pool: pulumi.String(""),
CertificateAuthorityId: pulumi.String("my-certificate-authority"),
Location: pulumi.String("us-central1"),
DeletionProtection: pulumi.Bool(false),
Config: &certificateauthority.AuthorityConfigArgs{
SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
Organization: pulumi.String("HashiCorp"),
CommonName: pulumi.String("my-certificate-authority"),
},
SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
DnsNames: pulumi.StringArray{
pulumi.String("hashicorp.com"),
},
},
},
X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(true),
},
KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(true),
CrlSign: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(false),
},
},
},
},
KeySpec: &certificateauthority.AuthorityKeySpecArgs{
Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
},
})
if err != nil {
return err
}
_, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
Pool: pulumi.String(""),
Location: pulumi.String("us-central1"),
CertificateAuthority: test_ca.CertificateAuthorityId,
Lifetime: pulumi.String("860s"),
PemCsr: readFileOrPanic("test-fixtures/rsa_csr.pem"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test_ca = new Authority("test-ca", AuthorityArgs.builder()
.pool("")
.certificateAuthorityId("my-certificate-authority")
.location("us-central1")
.deletionProtection(false)
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("HashiCorp")
.commonName("my-certificate-authority")
.build())
.subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
.dnsNames("hashicorp.com")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(false)
.build())
.build())
.build())
.build())
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.pool("")
.location("us-central1")
.certificateAuthority(test_ca.certificateAuthorityId())
.lifetime("860s")
.pemCsr(Files.readString("test-fixtures/rsa_csr.pem"))
.build());
}
}
import pulumi
import pulumi_gcp as gcp
test_ca = gcp.certificateauthority.Authority("test-ca",
pool="",
certificate_authority_id="my-certificate-authority",
location="us-central1",
deletion_protection=False,
config=gcp.certificateauthority.AuthorityConfigArgs(
subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
organization="HashiCorp",
common_name="my-certificate-authority",
),
subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
dns_names=["hashicorp.com"],
),
),
x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
is_ca=True,
),
key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
cert_sign=True,
crl_sign=True,
),
extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
server_auth=False,
),
),
),
),
key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
algorithm="RSA_PKCS1_4096_SHA256",
))
default = gcp.certificateauthority.Certificate("default",
pool="",
location="us-central1",
certificate_authority=test_ca.certificate_authority_id,
lifetime="860s",
pem_csr=(lambda path: open(path).read())("test-fixtures/rsa_csr.pem"))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * from "fs";
const test_ca = new gcp.certificateauthority.Authority("test-ca", {
pool: "",
certificateAuthorityId: "my-certificate-authority",
location: "us-central1",
deletionProtection: false,
config: {
subjectConfig: {
subject: {
organization: "HashiCorp",
commonName: "my-certificate-authority",
},
subjectAltName: {
dnsNames: ["hashicorp.com"],
},
},
x509Config: {
caOptions: {
isCa: true,
},
keyUsage: {
baseKeyUsage: {
certSign: true,
crlSign: true,
},
extendedKeyUsage: {
serverAuth: false,
},
},
},
},
keySpec: {
algorithm: "RSA_PKCS1_4096_SHA256",
},
});
const _default = new gcp.certificateauthority.Certificate("default", {
pool: "",
location: "us-central1",
certificateAuthority: test_ca.certificateAuthorityId,
lifetime: "860s",
pemCsr: fs.readFileSync("test-fixtures/rsa_csr.pem"),
});
Coming soon!
Privateca Certificate No Authority
using System;
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
private static string ReadFileBase64(string path) {
return Convert.ToBase64String(Encoding.UTF8.GetBytes(File.ReadAllText(path)))
}
public MyStack()
{
var authority = new Gcp.CertificateAuthority.Authority("authority", new Gcp.CertificateAuthority.AuthorityArgs
{
Pool = "",
CertificateAuthorityId = "my-authority",
Location = "us-central1",
DeletionProtection = false,
Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
{
Organization = "HashiCorp",
CommonName = "my-certificate-authority",
},
SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
{
DnsNames =
{
"hashicorp.com",
},
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
{
IsCa = true,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
DigitalSignature = true,
CertSign = true,
CrlSign = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = true,
},
},
},
},
Lifetime = "86400s",
KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
{
Algorithm = "RSA_PKCS1_4096_SHA256",
},
});
var @default = new Gcp.CertificateAuthority.Certificate("default", new Gcp.CertificateAuthority.CertificateArgs
{
Pool = "",
Location = "us-central1",
Lifetime = "860s",
Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs
{
CommonName = "san1.example.com",
CountryCode = "us",
Organization = "google",
OrganizationalUnit = "enterprise",
Locality = "mountain view",
Province = "california",
StreetAddress = "1600 amphitheatre parkway",
PostalCode = "94109",
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs
{
IsCa = false,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
CrlSign = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = true,
},
},
},
PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs
{
Format = "PEM",
Key = ReadFileBase64("test-fixtures/rsa_public.pem"),
},
},
}, new CustomResourceOptions
{
DependsOn =
{
authority,
},
});
}
}
package main
import (
"encoding/base64"
"io/ioutil"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/certificateauthority"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func filebase64OrPanic(path string) pulumi.StringPtrInput {
if fileData, err := ioutil.ReadFile(path); err == nil {
return pulumi.String(base64.StdEncoding.EncodeToString(fileData[:]))
} else {
panic(err.Error())
}
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
authority, err := certificateauthority.NewAuthority(ctx, "authority", &certificateauthority.AuthorityArgs{
Pool: pulumi.String(""),
CertificateAuthorityId: pulumi.String("my-authority"),
Location: pulumi.String("us-central1"),
DeletionProtection: pulumi.Bool(false),
Config: &certificateauthority.AuthorityConfigArgs{
SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
Organization: pulumi.String("HashiCorp"),
CommonName: pulumi.String("my-certificate-authority"),
},
SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
DnsNames: pulumi.StringArray{
pulumi.String("hashicorp.com"),
},
},
},
X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(true),
},
KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
DigitalSignature: pulumi.Bool(true),
CertSign: pulumi.Bool(true),
CrlSign: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(true),
},
},
},
},
Lifetime: pulumi.String("86400s"),
KeySpec: &certificateauthority.AuthorityKeySpecArgs{
Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
},
})
if err != nil {
return err
}
_, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
Pool: pulumi.String(""),
Location: pulumi.String("us-central1"),
Lifetime: pulumi.String("860s"),
Config: &certificateauthority.CertificateConfigArgs{
SubjectConfig: &certificateauthority.CertificateConfigSubjectConfigArgs{
Subject: &certificateauthority.CertificateConfigSubjectConfigSubjectArgs{
CommonName: pulumi.String("san1.example.com"),
CountryCode: pulumi.String("us"),
Organization: pulumi.String("google"),
OrganizationalUnit: pulumi.String("enterprise"),
Locality: pulumi.String("mountain view"),
Province: pulumi.String("california"),
StreetAddress: pulumi.String("1600 amphitheatre parkway"),
PostalCode: pulumi.String("94109"),
},
},
X509Config: &certificateauthority.CertificateConfigX509ConfigArgs{
CaOptions: &certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(false),
},
KeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{
CrlSign: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(true),
},
},
},
PublicKey: &certificateauthority.CertificateConfigPublicKeyArgs{
Format: pulumi.String("PEM"),
Key: filebase64OrPanic("test-fixtures/rsa_public.pem"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
authority,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
import com.pulumi.resources.CustomResourceOptions;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var authority = new Authority("authority", AuthorityArgs.builder()
.pool("")
.certificateAuthorityId("my-authority")
.location("us-central1")
.deletionProtection(false)
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("HashiCorp")
.commonName("my-certificate-authority")
.build())
.subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
.dnsNames("hashicorp.com")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.digitalSignature(true)
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(true)
.build())
.build())
.build())
.build())
.lifetime("86400s")
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.build());
var default_ = new Certificate("default", CertificateArgs.builder()
.pool("")
.location("us-central1")
.lifetime("860s")
.config(CertificateConfigArgs.builder()
.subjectConfig(CertificateConfigSubjectConfigArgs.builder()
.subject(CertificateConfigSubjectConfigSubjectArgs.builder()
.commonName("san1.example.com")
.countryCode("us")
.organization("google")
.organizationalUnit("enterprise")
.locality("mountain view")
.province("california")
.streetAddress("1600 amphitheatre parkway")
.postalCode("94109")
.build())
.build())
.x509Config(CertificateConfigX509ConfigArgs.builder()
.caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()
.isCa(false)
.build())
.keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.crlSign(true)
.build())
.extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(true)
.build())
.build())
.build())
.publicKey(CertificateConfigPublicKeyArgs.builder()
.format("PEM")
.key(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("test-fixtures/rsa_public.pem"))))
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(authority)
.build());
}
}
import pulumi
import base64
import pulumi_gcp as gcp
authority = gcp.certificateauthority.Authority("authority",
pool="",
certificate_authority_id="my-authority",
location="us-central1",
deletion_protection=False,
config=gcp.certificateauthority.AuthorityConfigArgs(
subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
organization="HashiCorp",
common_name="my-certificate-authority",
),
subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
dns_names=["hashicorp.com"],
),
),
x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
is_ca=True,
),
key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
digital_signature=True,
cert_sign=True,
crl_sign=True,
),
extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
server_auth=True,
),
),
),
),
lifetime="86400s",
key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
algorithm="RSA_PKCS1_4096_SHA256",
))
default = gcp.certificateauthority.Certificate("default",
pool="",
location="us-central1",
lifetime="860s",
config=gcp.certificateauthority.CertificateConfigArgs(
subject_config=gcp.certificateauthority.CertificateConfigSubjectConfigArgs(
subject=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectArgs(
common_name="san1.example.com",
country_code="us",
organization="google",
organizational_unit="enterprise",
locality="mountain view",
province="california",
street_address="1600 amphitheatre parkway",
postal_code="94109",
),
),
x509_config=gcp.certificateauthority.CertificateConfigX509ConfigArgs(
ca_options=gcp.certificateauthority.CertificateConfigX509ConfigCaOptionsArgs(
is_ca=False,
),
key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageArgs(
base_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs(
crl_sign=True,
),
extended_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
server_auth=True,
),
),
),
public_key=gcp.certificateauthority.CertificateConfigPublicKeyArgs(
format="PEM",
key=(lambda path: base64.b64encode(open(path).read().encode()).decode())("test-fixtures/rsa_public.pem"),
),
),
opts=pulumi.ResourceOptions(depends_on=[authority]))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * from "fs";
const authority = new gcp.certificateauthority.Authority("authority", {
pool: "",
certificateAuthorityId: "my-authority",
location: "us-central1",
deletionProtection: false,
config: {
subjectConfig: {
subject: {
organization: "HashiCorp",
commonName: "my-certificate-authority",
},
subjectAltName: {
dnsNames: ["hashicorp.com"],
},
},
x509Config: {
caOptions: {
isCa: true,
},
keyUsage: {
baseKeyUsage: {
digitalSignature: true,
certSign: true,
crlSign: true,
},
extendedKeyUsage: {
serverAuth: true,
},
},
},
},
lifetime: "86400s",
keySpec: {
algorithm: "RSA_PKCS1_4096_SHA256",
},
});
const _default = new gcp.certificateauthority.Certificate("default", {
pool: "",
location: "us-central1",
lifetime: "860s",
config: {
subjectConfig: {
subject: {
commonName: "san1.example.com",
countryCode: "us",
organization: "google",
organizationalUnit: "enterprise",
locality: "mountain view",
province: "california",
streetAddress: "1600 amphitheatre parkway",
postalCode: "94109",
},
},
x509Config: {
caOptions: {
isCa: false,
},
keyUsage: {
baseKeyUsage: {
crlSign: true,
},
extendedKeyUsage: {
serverAuth: true,
},
},
},
publicKey: {
format: "PEM",
key: Buffer.from(fs.readFileSync("test-fixtures/rsa_public.pem"), 'binary').toString('base64'),
},
},
}, {
dependsOn: [authority],
});
Coming soon!
Create a Certificate Resource
new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
@overload
def Certificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate_authority: Optional[str] = None,
certificate_template: Optional[str] = None,
config: Optional[CertificateConfigArgs] = None,
labels: Optional[Mapping[str, str]] = None,
lifetime: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
pem_csr: Optional[str] = None,
pool: Optional[str] = None,
project: Optional[str] = None)
@overload
def Certificate(resource_name: str,
args: CertificateArgs,
opts: Optional[ResourceOptions] = None)
func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: gcp:certificateauthority:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Certificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Certificate resource accepts the following input properties:
- Location string
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- Pool string
The name of the CaPool this Certificate belongs to.
- string
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- Certificate
Template string The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- Config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- Labels Dictionary<string, string>
Labels with user-defined metadata to apply to this resource.
- Lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- Name string
The name for this Certificate.
- Pem
Csr string Immutable. A pem-encoded X.509 certificate signing request (CSR).
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Location string
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- Pool string
The name of the CaPool this Certificate belongs to.
- string
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- Certificate
Template string The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- Config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- Labels map[string]string
Labels with user-defined metadata to apply to this resource.
- Lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- Name string
The name for this Certificate.
- Pem
Csr string Immutable. A pem-encoded X.509 certificate signing request (CSR).
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- location String
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- pool String
The name of the CaPool this Certificate belongs to.
- String
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- certificate
Template String The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- labels Map<String,String>
Labels with user-defined metadata to apply to this resource.
- lifetime String
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- name String
The name for this Certificate.
- pem
Csr String Immutable. A pem-encoded X.509 certificate signing request (CSR).
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- location string
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- pool string
The name of the CaPool this Certificate belongs to.
- string
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- certificate
Template string The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- labels {[key: string]: string}
Labels with user-defined metadata to apply to this resource.
- lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- name string
The name for this Certificate.
- pem
Csr string Immutable. A pem-encoded X.509 certificate signing request (CSR).
- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- location str
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- pool str
The name of the CaPool this Certificate belongs to.
- str
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- certificate_
template str The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- labels Mapping[str, str]
Labels with user-defined metadata to apply to this resource.
- lifetime str
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- name str
The name for this Certificate.
- pem_
csr str Immutable. A pem-encoded X.509 certificate signing request (CSR).
- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- location String
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- pool String
The name of the CaPool this Certificate belongs to.
- String
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- certificate
Template String The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- config Property Map
The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- labels Map<String>
Labels with user-defined metadata to apply to this resource.
- lifetime String
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- name String
The name for this Certificate.
- pem
Csr String Immutable. A pem-encoded X.509 certificate signing request (CSR).
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Outputs
All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:
- Certificate
Descriptions List<CertificateCertificate Description> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Create
Time string The time that this resource was created on the server. This is in RFC3339 text format.
- Id string
The provider-assigned unique ID for this managed resource.
- string
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- Pem
Certificate string Output only. The pem-encoded, signed X.509 certificate.
- Pem
Certificate List<string>Chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- Pem
Certificates List<string> Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- Revocation
Details List<CertificateRevocation Detail> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Update
Time string Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- Certificate
Descriptions []CertificateCertificate Description Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Create
Time string The time that this resource was created on the server. This is in RFC3339 text format.
- Id string
The provider-assigned unique ID for this managed resource.
- string
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- Pem
Certificate string Output only. The pem-encoded, signed X.509 certificate.
- Pem
Certificate []stringChains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- Pem
Certificates []string Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- Revocation
Details []CertificateRevocation Detail Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Update
Time string Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- certificate
Descriptions List<CertificateCertificate Description> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- create
Time String The time that this resource was created on the server. This is in RFC3339 text format.
- id String
The provider-assigned unique ID for this managed resource.
- String
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- pem
Certificate String Output only. The pem-encoded, signed X.509 certificate.
- pem
Certificate List<String>Chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Certificates List<String> Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- revocation
Details List<CertificateRevocation Detail> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- update
Time String Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- certificate
Descriptions CertificateCertificate Description[] Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- create
Time string The time that this resource was created on the server. This is in RFC3339 text format.
- id string
The provider-assigned unique ID for this managed resource.
- string
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- pem
Certificate string Output only. The pem-encoded, signed X.509 certificate.
- pem
Certificate string[]Chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Certificates string[] Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- revocation
Details CertificateRevocation Detail[] Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- update
Time string Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- certificate_
descriptions Sequence[CertificateCertificate Description] Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- create_
time str The time that this resource was created on the server. This is in RFC3339 text format.
- id str
The provider-assigned unique ID for this managed resource.
- str
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- pem_
certificate str Output only. The pem-encoded, signed X.509 certificate.
- pem_
certificate_ Sequence[str]chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem_
certificates Sequence[str] Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- revocation_
details Sequence[CertificateRevocation Detail] Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- update_
time str Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- certificate
Descriptions List<Property Map> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- create
Time String The time that this resource was created on the server. This is in RFC3339 text format.
- id String
The provider-assigned unique ID for this managed resource.
- String
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- pem
Certificate String Output only. The pem-encoded, signed X.509 certificate.
- pem
Certificate List<String>Chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Certificates List<String> Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- revocation
Details List<Property Map> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- update
Time String Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
Look up an Existing Certificate Resource
Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate_authority: Optional[str] = None,
certificate_descriptions: Optional[Sequence[CertificateCertificateDescriptionArgs]] = None,
certificate_template: Optional[str] = None,
config: Optional[CertificateConfigArgs] = None,
create_time: Optional[str] = None,
issuer_certificate_authority: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
lifetime: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
pem_certificate: Optional[str] = None,
pem_certificate_chains: Optional[Sequence[str]] = None,
pem_certificates: Optional[Sequence[str]] = None,
pem_csr: Optional[str] = None,
pool: Optional[str] = None,
project: Optional[str] = None,
revocation_details: Optional[Sequence[CertificateRevocationDetailArgs]] = None,
update_time: Optional[str] = None) -> Certificate
func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- string
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- Certificate
Descriptions List<CertificateCertificate Description Args> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Certificate
Template string The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- Config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- Create
Time string The time that this resource was created on the server. This is in RFC3339 text format.
- string
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- Labels Dictionary<string, string>
Labels with user-defined metadata to apply to this resource.
- Lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- Location string
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- Name string
The name for this Certificate.
- Pem
Certificate string Output only. The pem-encoded, signed X.509 certificate.
- Pem
Certificate List<string>Chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- Pem
Certificates List<string> Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- Pem
Csr string Immutable. A pem-encoded X.509 certificate signing request (CSR).
- Pool string
The name of the CaPool this Certificate belongs to.
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Revocation
Details List<CertificateRevocation Detail Args> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Update
Time string Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- string
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- Certificate
Descriptions []CertificateCertificate Description Args Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Certificate
Template string The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- Config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- Create
Time string The time that this resource was created on the server. This is in RFC3339 text format.
- string
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- Labels map[string]string
Labels with user-defined metadata to apply to this resource.
- Lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- Location string
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- Name string
The name for this Certificate.
- Pem
Certificate string Output only. The pem-encoded, signed X.509 certificate.
- Pem
Certificate []stringChains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- Pem
Certificates []string Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- Pem
Csr string Immutable. A pem-encoded X.509 certificate signing request (CSR).
- Pool string
The name of the CaPool this Certificate belongs to.
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Revocation
Details []CertificateRevocation Detail Args Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- Update
Time string Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- String
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- certificate
Descriptions List<CertificateCertificate Description Args> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- certificate
Template String The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- create
Time String The time that this resource was created on the server. This is in RFC3339 text format.
- String
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- labels Map<String,String>
Labels with user-defined metadata to apply to this resource.
- lifetime String
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- location String
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- name String
The name for this Certificate.
- pem
Certificate String Output only. The pem-encoded, signed X.509 certificate.
- pem
Certificate List<String>Chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Certificates List<String> Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- pem
Csr String Immutable. A pem-encoded X.509 certificate signing request (CSR).
- pool String
The name of the CaPool this Certificate belongs to.
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- revocation
Details List<CertificateRevocation Detail Args> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- update
Time String Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- string
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- certificate
Descriptions CertificateCertificate Description Args[] Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- certificate
Template string The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- create
Time string The time that this resource was created on the server. This is in RFC3339 text format.
- string
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- labels {[key: string]: string}
Labels with user-defined metadata to apply to this resource.
- lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- location string
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- name string
The name for this Certificate.
- pem
Certificate string Output only. The pem-encoded, signed X.509 certificate.
- pem
Certificate string[]Chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Certificates string[] Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- pem
Csr string Immutable. A pem-encoded X.509 certificate signing request (CSR).
- pool string
The name of the CaPool this Certificate belongs to.
- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- revocation
Details CertificateRevocation Detail Args[] Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- update
Time string Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- str
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- certificate_
descriptions Sequence[CertificateCertificate Description Args] Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- certificate_
template str The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- config
Certificate
Config Args The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- create_
time str The time that this resource was created on the server. This is in RFC3339 text format.
- str
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- labels Mapping[str, str]
Labels with user-defined metadata to apply to this resource.
- lifetime str
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- location str
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- name str
The name for this Certificate.
- pem_
certificate str Output only. The pem-encoded, signed X.509 certificate.
- pem_
certificate_ Sequence[str]chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem_
certificates Sequence[str] Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- pem_
csr str Immutable. A pem-encoded X.509 certificate signing request (CSR).
- pool str
The name of the CaPool this Certificate belongs to.
- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- revocation_
details Sequence[CertificateRevocation Detail Args] Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- update_
time str Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
- String
The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from a Certificate Authority with resource name
projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca
, argumentpool
should be set toprojects/my-project/locations/us-central1/caPools/my-pool
, argumentcertificate_authority
should be set tomy-ca
.- certificate
Descriptions List<Property Map> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- certificate
Template String The resource name for a CertificateTemplate used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*
. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.- config Property Map
The config used to create a self-signed X.509 certificate or CSR. Structure is documented below.
- create
Time String The time that this resource was created on the server. This is in RFC3339 text format.
- String
The resource name of the issuing CertificateAuthority in the format 'projects//locations//caPools//certificateAuthorities/'.
- labels Map<String>
Labels with user-defined metadata to apply to this resource.
- lifetime String
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- location String
Location of the Certificate. A full list of valid locations can be found by running
gcloud privateca locations list
.- name String
The name for this Certificate.
- pem
Certificate String Output only. The pem-encoded, signed X.509 certificate.
- pem
Certificate List<String>Chains The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.
- pem
Certificates List<String> Required. Expected to be in leaf-to-root order according to RFC 5246.
Deprecated in favor of
pem_certificate_chain
.- pem
Csr String Immutable. A pem-encoded X.509 certificate signing request (CSR).
- pool String
The name of the CaPool this Certificate belongs to.
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- revocation
Details List<Property Map> Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.
- update
Time String Output only. The time at which this CertificateAuthority was updated. This is in RFC3339 text format.
Supporting Types
CertificateCertificateDescription
- Aia
Issuing List<string>Certificate Urls - List<Certificate
Certificate Description Authority Key Id> - Cert
Fingerprints List<CertificateCertificate Description Cert Fingerprint> - Config
Values List<CertificateCertificate Description Config Value> Deprecated in favor of
x509_description
.- Crl
Distribution List<string>Points - Public
Keys List<CertificateCertificate Description Public Key> A PublicKey describes a public key. Structure is documented below.
- Subject
Descriptions List<CertificateCertificate Description Subject Description> - Subject
Key List<CertificateIds Certificate Description Subject Key Id> - X509Descriptions
List<Certificate
Certificate Description X509Description>
- Aia
Issuing []stringCertificate Urls - []Certificate
Certificate Description Authority Key Id - Cert
Fingerprints []CertificateCertificate Description Cert Fingerprint - Config
Values []CertificateCertificate Description Config Value Deprecated in favor of
x509_description
.- Crl
Distribution []stringPoints - Public
Keys []CertificateCertificate Description Public Key A PublicKey describes a public key. Structure is documented below.
- Subject
Descriptions []CertificateCertificate Description Subject Description - Subject
Key []CertificateIds Certificate Description Subject Key Id - X509Descriptions
[]Certificate
Certificate Description X509Description
- aia
Issuing List<String>Certificate Urls - List<Certificate
Certificate Description Authority Key Id> - cert
Fingerprints List<CertificateCertificate Description Cert Fingerprint> - config
Values List<CertificateCertificate Description Config Value> Deprecated in favor of
x509_description
.- crl
Distribution List<String>Points - public
Keys List<CertificateCertificate Description Public Key> A PublicKey describes a public key. Structure is documented below.
- subject
Descriptions List<CertificateCertificate Description Subject Description> - subject
Key List<CertificateIds Certificate Description Subject Key Id> - x509Descriptions
List<Certificate
Certificate Description X509Description>
- aia
Issuing string[]Certificate Urls - Certificate
Certificate Description Authority Key Id[] - cert
Fingerprints CertificateCertificate Description Cert Fingerprint[] - config
Values CertificateCertificate Description Config Value[] Deprecated in favor of
x509_description
.- crl
Distribution string[]Points - public
Keys CertificateCertificate Description Public Key[] A PublicKey describes a public key. Structure is documented below.
- subject
Descriptions CertificateCertificate Description Subject Description[] - subject
Key CertificateIds Certificate Description Subject Key Id[] - x509Descriptions
Certificate
Certificate Description X509Description[]
- aia_
issuing_ Sequence[str]certificate_ urls - Sequence[Certificate
Certificate Description Authority Key Id] - cert_
fingerprints Sequence[CertificateCertificate Description Cert Fingerprint] - config_
values Sequence[CertificateCertificate Description Config Value] Deprecated in favor of
x509_description
.- crl_
distribution_ Sequence[str]points - public_
keys Sequence[CertificateCertificate Description Public Key] A PublicKey describes a public key. Structure is documented below.
- subject_
descriptions Sequence[CertificateCertificate Description Subject Description] - subject_
key_ Sequence[Certificateids Certificate Description Subject Key Id] - x509_
descriptions Sequence[CertificateCertificate Description X509Description]
- aia
Issuing List<String>Certificate Urls - List<Property Map>
- cert
Fingerprints List<Property Map> - config
Values List<Property Map> Deprecated in favor of
x509_description
.- crl
Distribution List<String>Points - public
Keys List<Property Map> A PublicKey describes a public key. Structure is documented below.
- subject
Descriptions List<Property Map> - subject
Key List<Property Map>Ids - x509Descriptions List<Property Map>
CertificateCertificateDescriptionAuthorityKeyId
- Key
Id string
- Key
Id string
- key
Id String
- key
Id string
- key_
id str
- key
Id String
CertificateCertificateDescriptionCertFingerprint
- Sha256Hash string
- Sha256Hash string
- sha256Hash String
- sha256Hash string
- sha256_
hash str
- sha256Hash String
CertificateCertificateDescriptionConfigValue
- Key
Usages List<CertificateCertificate Description Config Value Key Usage> Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- Key
Usages []CertificateCertificate Description Config Value Key Usage Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- key
Usages List<CertificateCertificate Description Config Value Key Usage> Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- key
Usages CertificateCertificate Description Config Value Key Usage[] Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- key_
usages Sequence[CertificateCertificate Description Config Value Key Usage] Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- key
Usages List<Property Map> Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
CertificateCertificateDescriptionConfigValueKeyUsage
- Base
Key List<CertificateUsages Certificate Description Config Value Key Usage Base Key Usage> Describes high-level ways in which a key may be used. Structure is documented below.
- Extended
Key List<CertificateUsages Certificate Description Config Value Key Usage Extended Key Usage> Describes high-level ways in which a key may be used. Structure is documented below.
- Unknown
Extended List<CertificateKey Usages Certificate Description Config Value Key Usage Unknown Extended Key Usage> An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- Base
Key []CertificateUsages Certificate Description Config Value Key Usage Base Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- Extended
Key []CertificateUsages Certificate Description Config Value Key Usage Extended Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- Unknown
Extended []CertificateKey Usages Certificate Description Config Value Key Usage Unknown Extended Key Usage An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key List<CertificateUsages Certificate Description Config Value Key Usage Base Key Usage> Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key List<CertificateUsages Certificate Description Config Value Key Usage Extended Key Usage> Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended List<CertificateKey Usages Certificate Description Config Value Key Usage Unknown Extended Key Usage> An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key CertificateUsages Certificate Description Config Value Key Usage Base Key Usage[] Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key CertificateUsages Certificate Description Config Value Key Usage Extended Key Usage[] Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended CertificateKey Usages Certificate Description Config Value Key Usage Unknown Extended Key Usage[] An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base_
key_ Sequence[Certificateusages Certificate Description Config Value Key Usage Base Key Usage] Describes high-level ways in which a key may be used. Structure is documented below.
- extended_
key_ Sequence[Certificateusages Certificate Description Config Value Key Usage Extended Key Usage] Describes high-level ways in which a key may be used. Structure is documented below.
- unknown_
extended_ Sequence[Certificatekey_ usages Certificate Description Config Value Key Usage Unknown Extended Key Usage] An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key List<Property Map>Usages Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key List<Property Map>Usages Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended List<Property Map>Key Usages An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
CertificateCertificateDescriptionConfigValueKeyUsageBaseKeyUsage
CertificateCertificateDescriptionConfigValueKeyUsageBaseKeyUsageKeyUsageOption
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
- cert
Sign boolean The key may be used to sign certificates.
- content
Commitment boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean The key may be used sign certificate revocation lists.
- data
Encipherment boolean The key may be used to encipher data.
- decipher
Only boolean The key may be used to decipher only.
- digital
Signature boolean The key may be used for digital signatures.
- encipher
Only boolean The key may be used to encipher only.
- key
Agreement boolean The key may be used in a key agreement protocol.
- key
Encipherment boolean The key may be used to encipher other keys.
- cert_
sign bool The key may be used to sign certificates.
- content_
commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool The key may be used sign certificate revocation lists.
- data_
encipherment bool The key may be used to encipher data.
- decipher_
only bool The key may be used to decipher only.
- digital_
signature bool The key may be used for digital signatures.
- encipher_
only bool The key may be used to encipher only.
- key_
agreement bool The key may be used in a key agreement protocol.
- key_
encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
CertificateCertificateDescriptionConfigValueKeyUsageExtendedKeyUsage
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
CertificateCertificateDescriptionConfigValueKeyUsageUnknownExtendedKeyUsage
CertificateCertificateDescriptionConfigValueKeyUsageUnknownExtendedKeyUsageObectId
- Object
Id List<int>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
CertificateCertificateDescriptionPublicKey
- Format string
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- Key string
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- Format string
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- Key string
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- format String
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- key String
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- format string
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- key string
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- format str
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- key str
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- format String
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- key String
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
CertificateCertificateDescriptionSubjectDescription
- Hex
Serial stringNumber - Lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- Not
After stringTime - Not
Before stringTime - Subject
Alt List<CertificateNames Certificate Description Subject Description Subject Alt Name> The subject alternative name fields. Structure is documented below.
- Subjects
List<Certificate
Certificate Description Subject Description Subject> Contains distinguished name fields such as the location and organization. Structure is documented below.
- Hex
Serial stringNumber - Lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- Not
After stringTime - Not
Before stringTime - Subject
Alt []CertificateNames Certificate Description Subject Description Subject Alt Name The subject alternative name fields. Structure is documented below.
- Subjects
[]Certificate
Certificate Description Subject Description Subject Contains distinguished name fields such as the location and organization. Structure is documented below.
- hex
Serial StringNumber - lifetime String
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- not
After StringTime - not
Before StringTime - subject
Alt List<CertificateNames Certificate Description Subject Description Subject Alt Name> The subject alternative name fields. Structure is documented below.
- subjects
List<Certificate
Certificate Description Subject Description Subject> Contains distinguished name fields such as the location and organization. Structure is documented below.
- hex
Serial stringNumber - lifetime string
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- not
After stringTime - not
Before stringTime - subject
Alt CertificateNames Certificate Description Subject Description Subject Alt Name[] The subject alternative name fields. Structure is documented below.
- subjects
Certificate
Certificate Description Subject Description Subject[] Contains distinguished name fields such as the location and organization. Structure is documented below.
- hex_
serial_ strnumber - lifetime str
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- not_
after_ strtime - not_
before_ strtime - subject_
alt_ Sequence[Certificatenames Certificate Description Subject Description Subject Alt Name] The subject alternative name fields. Structure is documented below.
- subjects
Sequence[Certificate
Certificate Description Subject Description Subject] Contains distinguished name fields such as the location and organization. Structure is documented below.
- hex
Serial StringNumber - lifetime String
The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
- not
After StringTime - not
Before StringTime - subject
Alt List<Property Map>Names The subject alternative name fields. Structure is documented below.
- subjects List<Property Map>
Contains distinguished name fields such as the location and organization. Structure is documented below.
CertificateCertificateDescriptionSubjectDescriptionSubject
- Common
Name string The common name of the distinguished name.
- Country
Code string The country code of the subject.
- Locality string
The locality or city of the subject.
- Organization string
The organization of the subject.
- Organizational
Unit string The organizational unit of the subject.
- Postal
Code string The postal code of the subject.
- Province string
The province, territory, or regional state of the subject.
- Street
Address string The street address of the subject.
- Common
Name string The common name of the distinguished name.
- Country
Code string The country code of the subject.
- Locality string
The locality or city of the subject.
- Organization string
The organization of the subject.
- Organizational
Unit string The organizational unit of the subject.
- Postal
Code string The postal code of the subject.
- Province string
The province, territory, or regional state of the subject.
- Street
Address string The street address of the subject.
- common
Name String The common name of the distinguished name.
- country
Code String The country code of the subject.
- locality String
The locality or city of the subject.
- organization String
The organization of the subject.
- organizational
Unit String The organizational unit of the subject.
- postal
Code String The postal code of the subject.
- province String
The province, territory, or regional state of the subject.
- street
Address String The street address of the subject.
- common
Name string The common name of the distinguished name.
- country
Code string The country code of the subject.
- locality string
The locality or city of the subject.
- organization string
The organization of the subject.
- organizational
Unit string The organizational unit of the subject.
- postal
Code string The postal code of the subject.
- province string
The province, territory, or regional state of the subject.
- street
Address string The street address of the subject.
- common_
name str The common name of the distinguished name.
- country_
code str The country code of the subject.
- locality str
The locality or city of the subject.
- organization str
The organization of the subject.
- organizational_
unit str The organizational unit of the subject.
- postal_
code str The postal code of the subject.
- province str
The province, territory, or regional state of the subject.
- street_
address str The street address of the subject.
- common
Name String The common name of the distinguished name.
- country
Code String The country code of the subject.
- locality String
The locality or city of the subject.
- organization String
The organization of the subject.
- organizational
Unit String The organizational unit of the subject.
- postal
Code String The postal code of the subject.
- province String
The province, territory, or regional state of the subject.
- street
Address String The street address of the subject.
CertificateCertificateDescriptionSubjectDescriptionSubjectAltName
- Custom
Sans List<CertificateCertificate Description Subject Description Subject Alt Name Custom San> - Dns
Names List<string> Contains only valid, fully-qualified host names.
- Email
Addresses List<string> Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses List<string> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris List<string>
Contains only valid RFC 3986 URIs.
- Custom
Sans []CertificateCertificate Description Subject Description Subject Alt Name Custom San - Dns
Names []string Contains only valid, fully-qualified host names.
- Email
Addresses []string Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses []string Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris []string
Contains only valid RFC 3986 URIs.
- custom
Sans List<CertificateCertificate Description Subject Description Subject Alt Name Custom San> - dns
Names List<String> Contains only valid, fully-qualified host names.
- email
Addresses List<String> Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
Contains only valid RFC 3986 URIs.
- custom
Sans CertificateCertificate Description Subject Description Subject Alt Name Custom San[] - dns
Names string[] Contains only valid, fully-qualified host names.
- email
Addresses string[] Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses string[] Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris string[]
Contains only valid RFC 3986 URIs.
- custom_
sans Sequence[CertificateCertificate Description Subject Description Subject Alt Name Custom San] - dns_
names Sequence[str] Contains only valid, fully-qualified host names.
- email_
addresses Sequence[str] Contains only valid RFC 2822 E-mail addresses.
- ip_
addresses Sequence[str] Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris Sequence[str]
Contains only valid RFC 3986 URIs.
- custom
Sans List<Property Map> - dns
Names List<String> Contains only valid, fully-qualified host names.
- email
Addresses List<String> Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
Contains only valid RFC 3986 URIs.
CertificateCertificateDescriptionSubjectDescriptionSubjectAltNameCustomSan
- Critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Obect
Ids List<CertificateCertificate Description Subject Description Subject Alt Name Custom San Obect Id> - Value string
The value of this X.509 extension. A base64-encoded string.
- Critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Obect
Ids []CertificateCertificate Description Subject Description Subject Alt Name Custom San Obect Id - Value string
The value of this X.509 extension. A base64-encoded string.
- critical Boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- obect
Ids List<CertificateCertificate Description Subject Description Subject Alt Name Custom San Obect Id> - value String
The value of this X.509 extension. A base64-encoded string.
- critical boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- obect
Ids CertificateCertificate Description Subject Description Subject Alt Name Custom San Obect Id[] - value string
The value of this X.509 extension. A base64-encoded string.
- critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- obect_
ids Sequence[CertificateCertificate Description Subject Description Subject Alt Name Custom San Obect Id] - value str
The value of this X.509 extension. A base64-encoded string.
- critical Boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- obect
Ids List<Property Map> - value String
The value of this X.509 extension. A base64-encoded string.
CertificateCertificateDescriptionSubjectDescriptionSubjectAltNameCustomSanObectId
- Object
Id List<int>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
CertificateCertificateDescriptionSubjectKeyId
- Key
Id string
- Key
Id string
- key
Id String
- key
Id string
- key_
id str
- key
Id String
CertificateCertificateDescriptionX509Description
- Additional
Extensions List<CertificateCertificate Description X509Description Additional Extension> Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- Aia
Ocsp List<string>Servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options List<CertificateCertificate Description X509Description Ca Option> Describes values that are relevant in a CA certificate. Structure is documented below.
- Key
Usages List<CertificateCertificate Description X509Description Key Usage> Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- Policy
Ids List<CertificateCertificate Description X509Description Policy Id> Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- Additional
Extensions []CertificateCertificate Description X509Description Additional Extension Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- Aia
Ocsp []stringServers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options []CertificateCertificate Description X509Description Ca Option Describes values that are relevant in a CA certificate. Structure is documented below.
- Key
Usages []CertificateCertificate Description X509Description Key Usage Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- Policy
Ids []CertificateCertificate Description X509Description Policy Id Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- additional
Extensions List<CertificateCertificate Description X509Description Additional Extension> Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- aia
Ocsp List<String>Servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options List<CertificateCertificate Description X509Description Ca Option> Describes values that are relevant in a CA certificate. Structure is documented below.
- key
Usages List<CertificateCertificate Description X509Description Key Usage> Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- policy
Ids List<CertificateCertificate Description X509Description Policy Id> Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- additional
Extensions CertificateCertificate Description X509Description Additional Extension[] Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- aia
Ocsp string[]Servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CertificateCertificate Description X509Description Ca Option[] Describes values that are relevant in a CA certificate. Structure is documented below.
- key
Usages CertificateCertificate Description X509Description Key Usage[] Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- policy
Ids CertificateCertificate Description X509Description Policy Id[] Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- additional_
extensions Sequence[CertificateCertificate Description X509Description Additional Extension] Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- aia_
ocsp_ Sequence[str]servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options Sequence[CertificateCertificate Description X509Description Ca Option] Describes values that are relevant in a CA certificate. Structure is documented below.
- key_
usages Sequence[CertificateCertificate Description X509Description Key Usage] Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- policy_
ids Sequence[CertificateCertificate Description X509Description Policy Id] Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- additional
Extensions List<Property Map> Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- aia
Ocsp List<String>Servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options List<Property Map> Describes values that are relevant in a CA certificate. Structure is documented below.
- key
Usages List<Property Map> Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- policy
Ids List<Property Map> Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
CertificateCertificateDescriptionX509DescriptionAdditionalExtension
- Critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Ids List<CertificateCertificate Description X509Description Additional Extension Object Id> Describes values that are relevant in a CA certificate. Structure is documented below.
- Value string
The value of this X.509 extension. A base64-encoded string.
- Critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Ids []CertificateCertificate Description X509Description Additional Extension Object Id Describes values that are relevant in a CA certificate. Structure is documented below.
- Value string
The value of this X.509 extension. A base64-encoded string.
- critical Boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Ids List<CertificateCertificate Description X509Description Additional Extension Object Id> Describes values that are relevant in a CA certificate. Structure is documented below.
- value String
The value of this X.509 extension. A base64-encoded string.
- critical boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Ids CertificateCertificate Description X509Description Additional Extension Object Id[] Describes values that are relevant in a CA certificate. Structure is documented below.
- value string
The value of this X.509 extension. A base64-encoded string.
- critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
ids Sequence[CertificateCertificate Description X509Description Additional Extension Object Id] Describes values that are relevant in a CA certificate. Structure is documented below.
- value str
The value of this X.509 extension. A base64-encoded string.
- critical Boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Ids List<Property Map> Describes values that are relevant in a CA certificate. Structure is documented below.
- value String
The value of this X.509 extension. A base64-encoded string.
CertificateCertificateDescriptionX509DescriptionAdditionalExtensionObjectId
- Object
Id List<int>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
CertificateCertificateDescriptionX509DescriptionCaOption
- Is
Ca bool When true, the "CA" in Basic Constraints extension will be set to true.
- Max
Issuer intPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- Is
Ca bool When true, the "CA" in Basic Constraints extension will be set to true.
- Max
Issuer intPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- is
Ca Boolean When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer IntegerPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- is
Ca boolean When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer numberPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- is_
ca bool When true, the "CA" in Basic Constraints extension will be set to true.
- max_
issuer_ intpath_ length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- is
Ca Boolean When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer NumberPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
CertificateCertificateDescriptionX509DescriptionKeyUsage
- Base
Key List<CertificateUsages Certificate Description X509Description Key Usage Base Key Usage> Describes high-level ways in which a key may be used. Structure is documented below.
- Extended
Key List<CertificateUsages Certificate Description X509Description Key Usage Extended Key Usage> Describes high-level ways in which a key may be used. Structure is documented below.
- Unknown
Extended List<CertificateKey Usages Certificate Description X509Description Key Usage Unknown Extended Key Usage> An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- Base
Key []CertificateUsages Certificate Description X509Description Key Usage Base Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- Extended
Key []CertificateUsages Certificate Description X509Description Key Usage Extended Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- Unknown
Extended []CertificateKey Usages Certificate Description X509Description Key Usage Unknown Extended Key Usage An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key List<CertificateUsages Certificate Description X509Description Key Usage Base Key Usage> Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key List<CertificateUsages Certificate Description X509Description Key Usage Extended Key Usage> Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended List<CertificateKey Usages Certificate Description X509Description Key Usage Unknown Extended Key Usage> An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key CertificateUsages Certificate Description X509Description Key Usage Base Key Usage[] Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key CertificateUsages Certificate Description X509Description Key Usage Extended Key Usage[] Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended CertificateKey Usages Certificate Description X509Description Key Usage Unknown Extended Key Usage[] An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base_
key_ Sequence[Certificateusages Certificate Description X509Description Key Usage Base Key Usage] Describes high-level ways in which a key may be used. Structure is documented below.
- extended_
key_ Sequence[Certificateusages Certificate Description X509Description Key Usage Extended Key Usage] Describes high-level ways in which a key may be used. Structure is documented below.
- unknown_
extended_ Sequence[Certificatekey_ usages Certificate Description X509Description Key Usage Unknown Extended Key Usage] An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key List<Property Map>Usages Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key List<Property Map>Usages Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended List<Property Map>Key Usages An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
CertificateCertificateDescriptionX509DescriptionKeyUsageBaseKeyUsage
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
- cert
Sign boolean The key may be used to sign certificates.
- content
Commitment boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean The key may be used sign certificate revocation lists.
- data
Encipherment boolean The key may be used to encipher data.
- decipher
Only boolean The key may be used to decipher only.
- digital
Signature boolean The key may be used for digital signatures.
- encipher
Only boolean The key may be used to encipher only.
- key
Agreement boolean The key may be used in a key agreement protocol.
- key
Encipherment boolean The key may be used to encipher other keys.
- cert_
sign bool The key may be used to sign certificates.
- content_
commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool The key may be used sign certificate revocation lists.
- data_
encipherment bool The key may be used to encipher data.
- decipher_
only bool The key may be used to decipher only.
- digital_
signature bool The key may be used for digital signatures.
- encipher_
only bool The key may be used to encipher only.
- key_
agreement bool The key may be used in a key agreement protocol.
- key_
encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
CertificateCertificateDescriptionX509DescriptionKeyUsageExtendedKeyUsage
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
CertificateCertificateDescriptionX509DescriptionKeyUsageUnknownExtendedKeyUsage
- Object
Id List<int>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
CertificateCertificateDescriptionX509DescriptionPolicyId
- Object
Id List<int>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
CertificateConfig
- Public
Key CertificateConfig Public Key A PublicKey describes a public key. Structure is documented below.
- Subject
Config CertificateConfig Subject Config Specifies some of the values in a certificate that are related to the subject. Structure is documented below.
- X509Config
Certificate
Config X509Config Describes how some of the technical X.509 fields in a certificate should be populated. Structure is documented below.
- Public
Key CertificateConfig Public Key A PublicKey describes a public key. Structure is documented below.
- Subject
Config CertificateConfig Subject Config Specifies some of the values in a certificate that are related to the subject. Structure is documented below.
- X509Config
Certificate
Config X509Config Describes how some of the technical X.509 fields in a certificate should be populated. Structure is documented below.
- public
Key CertificateConfig Public Key A PublicKey describes a public key. Structure is documented below.
- subject
Config CertificateConfig Subject Config Specifies some of the values in a certificate that are related to the subject. Structure is documented below.
- x509Config
Certificate
Config X509Config Describes how some of the technical X.509 fields in a certificate should be populated. Structure is documented below.
- public
Key CertificateConfig Public Key A PublicKey describes a public key. Structure is documented below.
- subject
Config CertificateConfig Subject Config Specifies some of the values in a certificate that are related to the subject. Structure is documented below.
- x509Config
Certificate
Config X509Config Describes how some of the technical X.509 fields in a certificate should be populated. Structure is documented below.
- public_
key CertificateConfig Public Key A PublicKey describes a public key. Structure is documented below.
- subject_
config CertificateConfig Subject Config Specifies some of the values in a certificate that are related to the subject. Structure is documented below.
- x509_
config CertificateConfig X509Config Describes how some of the technical X.509 fields in a certificate should be populated. Structure is documented below.
- public
Key Property Map A PublicKey describes a public key. Structure is documented below.
- subject
Config Property Map Specifies some of the values in a certificate that are related to the subject. Structure is documented below.
- x509Config Property Map
Describes how some of the technical X.509 fields in a certificate should be populated. Structure is documented below.
CertificateConfigPublicKey
- Format string
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- Key string
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- Format string
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- Key string
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- format String
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- key String
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- format string
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- key string
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- format str
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- key str
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
- format String
The format of the public key. Currently, only PEM format is supported. Possible values are
KEY_TYPE_UNSPECIFIED
andPEM
.- key String
Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.
CertificateConfigSubjectConfig
- Subject
Certificate
Config Subject Config Subject Contains distinguished name fields such as the location and organization. Structure is documented below.
- Subject
Alt CertificateName Config Subject Config Subject Alt Name The subject alternative name fields. Structure is documented below.
- Subject
Certificate
Config Subject Config Subject Contains distinguished name fields such as the location and organization. Structure is documented below.
- Subject
Alt CertificateName Config Subject Config Subject Alt Name The subject alternative name fields. Structure is documented below.
- subject
Certificate
Config Subject Config Subject Contains distinguished name fields such as the location and organization. Structure is documented below.
- subject
Alt CertificateName Config Subject Config Subject Alt Name The subject alternative name fields. Structure is documented below.
- subject
Certificate
Config Subject Config Subject Contains distinguished name fields such as the location and organization. Structure is documented below.
- subject
Alt CertificateName Config Subject Config Subject Alt Name The subject alternative name fields. Structure is documented below.
- subject
Certificate
Config Subject Config Subject Contains distinguished name fields such as the location and organization. Structure is documented below.
- subject_
alt_ Certificatename Config Subject Config Subject Alt Name The subject alternative name fields. Structure is documented below.
- subject Property Map
Contains distinguished name fields such as the location and organization. Structure is documented below.
- subject
Alt Property MapName The subject alternative name fields. Structure is documented below.
CertificateConfigSubjectConfigSubject
- Common
Name string The common name of the distinguished name.
- Organization string
The organization of the subject.
- Country
Code string The country code of the subject.
- Locality string
The locality or city of the subject.
- Organizational
Unit string The organizational unit of the subject.
- Postal
Code string The postal code of the subject.
- Province string
The province, territory, or regional state of the subject.
- Street
Address string The street address of the subject.
- Common
Name string The common name of the distinguished name.
- Organization string
The organization of the subject.
- Country
Code string The country code of the subject.
- Locality string
The locality or city of the subject.
- Organizational
Unit string The organizational unit of the subject.
- Postal
Code string The postal code of the subject.
- Province string
The province, territory, or regional state of the subject.
- Street
Address string The street address of the subject.
- common
Name String The common name of the distinguished name.
- organization String
The organization of the subject.
- country
Code String The country code of the subject.
- locality String
The locality or city of the subject.
- organizational
Unit String The organizational unit of the subject.
- postal
Code String The postal code of the subject.
- province String
The province, territory, or regional state of the subject.
- street
Address String The street address of the subject.
- common
Name string The common name of the distinguished name.
- organization string
The organization of the subject.
- country
Code string The country code of the subject.
- locality string
The locality or city of the subject.
- organizational
Unit string The organizational unit of the subject.
- postal
Code string The postal code of the subject.
- province string
The province, territory, or regional state of the subject.
- street
Address string The street address of the subject.
- common_
name str The common name of the distinguished name.
- organization str
The organization of the subject.
- country_
code str The country code of the subject.
- locality str
The locality or city of the subject.
- organizational_
unit str The organizational unit of the subject.
- postal_
code str The postal code of the subject.
- province str
The province, territory, or regional state of the subject.
- street_
address str The street address of the subject.
- common
Name String The common name of the distinguished name.
- organization String
The organization of the subject.
- country
Code String The country code of the subject.
- locality String
The locality or city of the subject.
- organizational
Unit String The organizational unit of the subject.
- postal
Code String The postal code of the subject.
- province String
The province, territory, or regional state of the subject.
- street
Address String The street address of the subject.
CertificateConfigSubjectConfigSubjectAltName
- Dns
Names List<string> Contains only valid, fully-qualified host names.
- Email
Addresses List<string> Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses List<string> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris List<string>
Contains only valid RFC 3986 URIs.
- Dns
Names []string Contains only valid, fully-qualified host names.
- Email
Addresses []string Contains only valid RFC 2822 E-mail addresses.
- Ip
Addresses []string Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- Uris []string
Contains only valid RFC 3986 URIs.
- dns
Names List<String> Contains only valid, fully-qualified host names.
- email
Addresses List<String> Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
Contains only valid RFC 3986 URIs.
- dns
Names string[] Contains only valid, fully-qualified host names.
- email
Addresses string[] Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses string[] Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris string[]
Contains only valid RFC 3986 URIs.
- dns_
names Sequence[str] Contains only valid, fully-qualified host names.
- email_
addresses Sequence[str] Contains only valid RFC 2822 E-mail addresses.
- ip_
addresses Sequence[str] Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris Sequence[str]
Contains only valid RFC 3986 URIs.
- dns
Names List<String> Contains only valid, fully-qualified host names.
- email
Addresses List<String> Contains only valid RFC 2822 E-mail addresses.
- ip
Addresses List<String> Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
- uris List<String>
Contains only valid RFC 3986 URIs.
CertificateConfigX509Config
- Key
Usage CertificateConfig X509Config Key Usage Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- Additional
Extensions List<CertificateConfig X509Config Additional Extension> Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- Aia
Ocsp List<string>Servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CertificateConfig X509Config Ca Options Describes values that are relevant in a CA certificate. Structure is documented below.
- Policy
Ids List<CertificateConfig X509Config Policy Id> Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- Key
Usage CertificateConfig X509Config Key Usage Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- Additional
Extensions []CertificateConfig X509Config Additional Extension Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- Aia
Ocsp []stringServers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- Ca
Options CertificateConfig X509Config Ca Options Describes values that are relevant in a CA certificate. Structure is documented below.
- Policy
Ids []CertificateConfig X509Config Policy Id Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- key
Usage CertificateConfig X509Config Key Usage Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- additional
Extensions List<CertificateConfig X509Config Additional Extension> Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- aia
Ocsp List<String>Servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CertificateConfig X509Config Ca Options Describes values that are relevant in a CA certificate. Structure is documented below.
- policy
Ids List<CertificateConfig X509Config Policy Id> Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- key
Usage CertificateConfig X509Config Key Usage Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- additional
Extensions CertificateConfig X509Config Additional Extension[] Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- aia
Ocsp string[]Servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options CertificateConfig X509Config Ca Options Describes values that are relevant in a CA certificate. Structure is documented below.
- policy
Ids CertificateConfig X509Config Policy Id[] Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- key_
usage CertificateConfig X509Config Key Usage Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- additional_
extensions Sequence[CertificateConfig X509Config Additional Extension] Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- aia_
ocsp_ Sequence[str]servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca_
options CertificateConfig X509Config Ca Options Describes values that are relevant in a CA certificate. Structure is documented below.
- policy_
ids Sequence[CertificateConfig X509Config Policy Id] Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
- key
Usage Property Map Indicates the intended use for keys that correspond to a certificate. Structure is documented below.
- additional
Extensions List<Property Map> Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. Structure is documented below.
- aia
Ocsp List<String>Servers Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the "Authority Information Access" extension in the certificate.
- ca
Options Property Map Describes values that are relevant in a CA certificate. Structure is documented below.
- policy
Ids List<Property Map> Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. Structure is documented below.
CertificateConfigX509ConfigAdditionalExtension
- Critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id CertificateConfig X509Config Additional Extension Object Id Describes values that are relevant in a CA certificate. Structure is documented below.
- Value string
The value of this X.509 extension. A base64-encoded string.
- Critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- Object
Id CertificateConfig X509Config Additional Extension Object Id Describes values that are relevant in a CA certificate. Structure is documented below.
- Value string
The value of this X.509 extension. A base64-encoded string.
- critical Boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id CertificateConfig X509Config Additional Extension Object Id Describes values that are relevant in a CA certificate. Structure is documented below.
- value String
The value of this X.509 extension. A base64-encoded string.
- critical boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id CertificateConfig X509Config Additional Extension Object Id Describes values that are relevant in a CA certificate. Structure is documented below.
- value string
The value of this X.509 extension. A base64-encoded string.
- critical bool
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object_
id CertificateConfig X509Config Additional Extension Object Id Describes values that are relevant in a CA certificate. Structure is documented below.
- value str
The value of this X.509 extension. A base64-encoded string.
- critical Boolean
Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).
- object
Id Property Map Describes values that are relevant in a CA certificate. Structure is documented below.
- value String
The value of this X.509 extension. A base64-encoded string.
CertificateConfigX509ConfigAdditionalExtensionObjectId
- Object
Id List<int>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
CertificateConfigX509ConfigCaOptions
- Is
Ca bool When true, the "CA" in Basic Constraints extension will be set to true.
- Max
Issuer intPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- Non
Ca bool When true, the "CA" in Basic Constraints extension will be set to false. If both
is_ca
andnon_ca
are unset, the extension will be omitted from the CA certificate.- Zero
Max boolIssuer Path Length When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both
max_issuer_path_length
andzero_max_issuer_path_length
are unset, the max path length will be omitted from the CA certificate.
- Is
Ca bool When true, the "CA" in Basic Constraints extension will be set to true.
- Max
Issuer intPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- Non
Ca bool When true, the "CA" in Basic Constraints extension will be set to false. If both
is_ca
andnon_ca
are unset, the extension will be omitted from the CA certificate.- Zero
Max boolIssuer Path Length When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both
max_issuer_path_length
andzero_max_issuer_path_length
are unset, the max path length will be omitted from the CA certificate.
- is
Ca Boolean When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer IntegerPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- non
Ca Boolean When true, the "CA" in Basic Constraints extension will be set to false. If both
is_ca
andnon_ca
are unset, the extension will be omitted from the CA certificate.- zero
Max BooleanIssuer Path Length When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both
max_issuer_path_length
andzero_max_issuer_path_length
are unset, the max path length will be omitted from the CA certificate.
- is
Ca boolean When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer numberPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- non
Ca boolean When true, the "CA" in Basic Constraints extension will be set to false. If both
is_ca
andnon_ca
are unset, the extension will be omitted from the CA certificate.- zero
Max booleanIssuer Path Length When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both
max_issuer_path_length
andzero_max_issuer_path_length
are unset, the max path length will be omitted from the CA certificate.
- is_
ca bool When true, the "CA" in Basic Constraints extension will be set to true.
- max_
issuer_ intpath_ length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- non_
ca bool When true, the "CA" in Basic Constraints extension will be set to false. If both
is_ca
andnon_ca
are unset, the extension will be omitted from the CA certificate.- zero_
max_ boolissuer_ path_ length When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both
max_issuer_path_length
andzero_max_issuer_path_length
are unset, the max path length will be omitted from the CA certificate.
- is
Ca Boolean When true, the "CA" in Basic Constraints extension will be set to true.
- max
Issuer NumberPath Length Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.
- non
Ca Boolean When true, the "CA" in Basic Constraints extension will be set to false. If both
is_ca
andnon_ca
are unset, the extension will be omitted from the CA certificate.- zero
Max BooleanIssuer Path Length When true, the "path length constraint" in Basic Constraints extension will be set to 0. if both
max_issuer_path_length
andzero_max_issuer_path_length
are unset, the max path length will be omitted from the CA certificate.
CertificateConfigX509ConfigKeyUsage
- Base
Key CertificateUsage Config X509Config Key Usage Base Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- Extended
Key CertificateUsage Config X509Config Key Usage Extended Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- Unknown
Extended List<CertificateKey Usages Config X509Config Key Usage Unknown Extended Key Usage> An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- Base
Key CertificateUsage Config X509Config Key Usage Base Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- Extended
Key CertificateUsage Config X509Config Key Usage Extended Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- Unknown
Extended []CertificateKey Usages Config X509Config Key Usage Unknown Extended Key Usage An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key CertificateUsage Config X509Config Key Usage Base Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key CertificateUsage Config X509Config Key Usage Extended Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended List<CertificateKey Usages Config X509Config Key Usage Unknown Extended Key Usage> An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key CertificateUsage Config X509Config Key Usage Base Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key CertificateUsage Config X509Config Key Usage Extended Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended CertificateKey Usages Config X509Config Key Usage Unknown Extended Key Usage[] An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base_
key_ Certificateusage Config X509Config Key Usage Base Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- extended_
key_ Certificateusage Config X509Config Key Usage Extended Key Usage Describes high-level ways in which a key may be used. Structure is documented below.
- unknown_
extended_ Sequence[Certificatekey_ usages Config X509Config Key Usage Unknown Extended Key Usage] An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
- base
Key Property MapUsage Describes high-level ways in which a key may be used. Structure is documented below.
- extended
Key Property MapUsage Describes high-level ways in which a key may be used. Structure is documented below.
- unknown
Extended List<Property Map>Key Usages An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. Structure is documented below.
CertificateConfigX509ConfigKeyUsageBaseKeyUsage
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- Cert
Sign bool The key may be used to sign certificates.
- Content
Commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- Crl
Sign bool The key may be used sign certificate revocation lists.
- Data
Encipherment bool The key may be used to encipher data.
- Decipher
Only bool The key may be used to decipher only.
- Digital
Signature bool The key may be used for digital signatures.
- Encipher
Only bool The key may be used to encipher only.
- Key
Agreement bool The key may be used in a key agreement protocol.
- Key
Encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
- cert
Sign boolean The key may be used to sign certificates.
- content
Commitment boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign boolean The key may be used sign certificate revocation lists.
- data
Encipherment boolean The key may be used to encipher data.
- decipher
Only boolean The key may be used to decipher only.
- digital
Signature boolean The key may be used for digital signatures.
- encipher
Only boolean The key may be used to encipher only.
- key
Agreement boolean The key may be used in a key agreement protocol.
- key
Encipherment boolean The key may be used to encipher other keys.
- cert_
sign bool The key may be used to sign certificates.
- content_
commitment bool The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl_
sign bool The key may be used sign certificate revocation lists.
- data_
encipherment bool The key may be used to encipher data.
- decipher_
only bool The key may be used to decipher only.
- digital_
signature bool The key may be used for digital signatures.
- encipher_
only bool The key may be used to encipher only.
- key_
agreement bool The key may be used in a key agreement protocol.
- key_
encipherment bool The key may be used to encipher other keys.
- cert
Sign Boolean The key may be used to sign certificates.
- content
Commitment Boolean The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation".
- crl
Sign Boolean The key may be used sign certificate revocation lists.
- data
Encipherment Boolean The key may be used to encipher data.
- decipher
Only Boolean The key may be used to decipher only.
- digital
Signature Boolean The key may be used for digital signatures.
- encipher
Only Boolean The key may be used to encipher only.
- key
Agreement Boolean The key may be used in a key agreement protocol.
- key
Encipherment Boolean The key may be used to encipher other keys.
CertificateConfigX509ConfigKeyUsageExtendedKeyUsage
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- Client
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- Code
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- Email
Protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- Ocsp
Signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- Server
Auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- Time
Stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email_
protection bool Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp_
signing bool Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server_
auth bool Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time_
stamping bool Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
- client
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS.
- code
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication".
- email
Protection Boolean Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection".
- ocsp
Signing Boolean Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses".
- server
Auth Boolean Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS.
- time
Stamping Boolean Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time".
CertificateConfigX509ConfigKeyUsageUnknownExtendedKeyUsage
- Object
Id List<int>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
CertificateConfigX509ConfigPolicyId
- Object
Id List<int>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- Object
Id []intPaths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Integer>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id number[]Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object_
id_ Sequence[int]paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
- object
Id List<Number>Paths An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.
CertificateRevocationDetail
- Revocation
State string - Revocation
Time string
- Revocation
State string - Revocation
Time string
- revocation
State String - revocation
Time String
- revocation
State string - revocation
Time string
- revocation_
state str - revocation_
time str
- revocation
State String - revocation
Time String
Import
Certificate can be imported using any of these accepted formats
$ pulumi import gcp:certificateauthority/certificate:Certificate default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}
$ pulumi import gcp:certificateauthority/certificate:Certificate default {{project}}/{{location}}/{{pool}}/{{name}}
$ pulumi import gcp:certificateauthority/certificate:Certificate default {{location}}/{{pool}}/{{name}}
Package Details
- Repository
- https://github.com/pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-beta
Terraform Provider.