ibm 1.78.0, Apr 30 25

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm.SmPrivateCertificateConfigurationIntermediateCa

Explore with Pulumi AI

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

Provides a resource for an intermediate certificate authority. This allows an intermediate CA to be created, updated and deleted. Note that an intermediate CA cannot be deleted if it contains one or more certificate templates. Therefore, arguments that are marked as Forces new resource should not be modified if certificate template configurations exist for the CA.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const intermediateCA = new ibm.SmPrivateCertificateConfigurationIntermediateCa("intermediateCA", {
    instanceId: ibm_resource_instance.sm_instance.guid,
    signingMethod: "internal",
    issuer: ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA.name,
    commonName: "ibm.com",
    altNames: [
        "alt-name-1",
        "alt-name-2",
    ],
    permittedDnsDomains: ["exampleString"],
    ous: ["example_ou"],
    organizations: ["example_organization"],
    countries: ["US"],
    localities: ["example_locality"],
    provinces: ["example_province"],
    streetAddresses: ["example street address"],
    postalCodes: ["example_postal_code"],
    ipSans: "127.0.0.1",
    uriSans: "https://www.example.com/test",
    otherSans: ["1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"],
    excludeCnFromSans: false,
    ttl: "2100h",
    maxTtl: "8760h",
    maxPathLength: -1,
    issuingCertificatesUrlsEncoded: true,
    keyType: "rsa",
    keyBits: 4096,
    format: "pem",
    privateKeyFormat: "der",
    crlExpiry: "72h",
    crlDisable: false,
    crlDistributionPointsEncoded: true,
}, {
    dependsOn: [ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA],
});

import pulumi
import pulumi_ibm as ibm

intermediate_ca = ibm.SmPrivateCertificateConfigurationIntermediateCa("intermediateCA",
    instance_id=ibm_resource_instance["sm_instance"]["guid"],
    signing_method="internal",
    issuer=ibm_sm_private_certificate_configuration_root_ca["private_certificate_root_CA"]["name"],
    common_name="ibm.com",
    alt_names=[
        "alt-name-1",
        "alt-name-2",
    ],
    permitted_dns_domains=["exampleString"],
    ous=["example_ou"],
    organizations=["example_organization"],
    countries=["US"],
    localities=["example_locality"],
    provinces=["example_province"],
    street_addresses=["example street address"],
    postal_codes=["example_postal_code"],
    ip_sans="127.0.0.1",
    uri_sans="https://www.example.com/test",
    other_sans=["1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"],
    exclude_cn_from_sans=False,
    ttl="2100h",
    max_ttl="8760h",
    max_path_length=-1,
    issuing_certificates_urls_encoded=True,
    key_type="rsa",
    key_bits=4096,
    format="pem",
    private_key_format="der",
    crl_expiry="72h",
    crl_disable=False,
    crl_distribution_points_encoded=True,
    opts = pulumi.ResourceOptions(depends_on=[ibm_sm_private_certificate_configuration_root_ca["private_certificate_root_CA"]]))

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewSmPrivateCertificateConfigurationIntermediateCa(ctx, "intermediateCA", &ibm.SmPrivateCertificateConfigurationIntermediateCaArgs{
			InstanceId:    pulumi.Any(ibm_resource_instance.Sm_instance.Guid),
			SigningMethod: pulumi.String("internal"),
			Issuer:        pulumi.Any(ibm_sm_private_certificate_configuration_root_ca.Private_certificate_root_CA.Name),
			CommonName:    pulumi.String("ibm.com"),
			AltNames: pulumi.StringArray{
				pulumi.String("alt-name-1"),
				pulumi.String("alt-name-2"),
			},
			PermittedDnsDomains: pulumi.StringArray{
				pulumi.String("exampleString"),
			},
			Ous: pulumi.StringArray{
				pulumi.String("example_ou"),
			},
			Organizations: pulumi.StringArray{
				pulumi.String("example_organization"),
			},
			Countries: pulumi.StringArray{
				pulumi.String("US"),
			},
			Localities: pulumi.StringArray{
				pulumi.String("example_locality"),
			},
			Provinces: pulumi.StringArray{
				pulumi.String("example_province"),
			},
			StreetAddresses: pulumi.StringArray{
				pulumi.String("example street address"),
			},
			PostalCodes: pulumi.StringArray{
				pulumi.String("example_postal_code"),
			},
			IpSans:  pulumi.String("127.0.0.1"),
			UriSans: pulumi.String("https://www.example.com/test"),
			OtherSans: pulumi.StringArray{
				pulumi.String("1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"),
			},
			ExcludeCnFromSans:              pulumi.Bool(false),
			Ttl:                            pulumi.String("2100h"),
			MaxTtl:                         pulumi.String("8760h"),
			MaxPathLength:                  pulumi.Float64(-1),
			IssuingCertificatesUrlsEncoded: pulumi.Bool(true),
			KeyType:                        pulumi.String("rsa"),
			KeyBits:                        pulumi.Float64(4096),
			Format:                         pulumi.String("pem"),
			PrivateKeyFormat:               pulumi.String("der"),
			CrlExpiry:                      pulumi.String("72h"),
			CrlDisable:                     pulumi.Bool(false),
			CrlDistributionPointsEncoded:   pulumi.Bool(true),
		}, pulumi.DependsOn([]pulumi.Resource{
			ibm_sm_private_certificate_configuration_root_ca.Private_certificate_root_CA,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var intermediateCA = new Ibm.SmPrivateCertificateConfigurationIntermediateCa("intermediateCA", new()
    {
        InstanceId = ibm_resource_instance.Sm_instance.Guid,
        SigningMethod = "internal",
        Issuer = ibm_sm_private_certificate_configuration_root_ca.Private_certificate_root_CA.Name,
        CommonName = "ibm.com",
        AltNames = new[]
        {
            "alt-name-1",
            "alt-name-2",
        },
        PermittedDnsDomains = new[]
        {
            "exampleString",
        },
        Ous = new[]
        {
            "example_ou",
        },
        Organizations = new[]
        {
            "example_organization",
        },
        Countries = new[]
        {
            "US",
        },
        Localities = new[]
        {
            "example_locality",
        },
        Provinces = new[]
        {
            "example_province",
        },
        StreetAddresses = new[]
        {
            "example street address",
        },
        PostalCodes = new[]
        {
            "example_postal_code",
        },
        IpSans = "127.0.0.1",
        UriSans = "https://www.example.com/test",
        OtherSans = new[]
        {
            "1.2.3.5.4.3.201.10.4.3;utf8:test@example.com",
        },
        ExcludeCnFromSans = false,
        Ttl = "2100h",
        MaxTtl = "8760h",
        MaxPathLength = -1,
        IssuingCertificatesUrlsEncoded = true,
        KeyType = "rsa",
        KeyBits = 4096,
        Format = "pem",
        PrivateKeyFormat = "der",
        CrlExpiry = "72h",
        CrlDisable = false,
        CrlDistributionPointsEncoded = true,
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            ibm_sm_private_certificate_configuration_root_ca.Private_certificate_root_CA,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.SmPrivateCertificateConfigurationIntermediateCa;
import com.pulumi.ibm.SmPrivateCertificateConfigurationIntermediateCaArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var intermediateCA = new SmPrivateCertificateConfigurationIntermediateCa("intermediateCA", SmPrivateCertificateConfigurationIntermediateCaArgs.builder()
            .instanceId(ibm_resource_instance.sm_instance().guid())
            .signingMethod("internal")
            .issuer(ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA().name())
            .commonName("ibm.com")
            .altNames(            
                "alt-name-1",
                "alt-name-2")
            .permittedDnsDomains("exampleString")
            .ous("example_ou")
            .organizations("example_organization")
            .countries("US")
            .localities("example_locality")
            .provinces("example_province")
            .streetAddresses("example street address")
            .postalCodes("example_postal_code")
            .ipSans("127.0.0.1")
            .uriSans("https://www.example.com/test")
            .otherSans("1.2.3.5.4.3.201.10.4.3;utf8:test@example.com")
            .excludeCnFromSans(false)
            .ttl("2100h")
            .maxTtl("8760h")
            .maxPathLength(-1)
            .issuingCertificatesUrlsEncoded(true)
            .keyType("rsa")
            .keyBits(4096)
            .format("pem")
            .privateKeyFormat("der")
            .crlExpiry("72h")
            .crlDisable(false)
            .crlDistributionPointsEncoded(true)
            .build(), CustomResourceOptions.builder()
                .dependsOn(ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA())
                .build());

    }
}

resources:
  intermediateCA:
    type: ibm:SmPrivateCertificateConfigurationIntermediateCa
    properties:
      instanceId: ${ibm_resource_instance.sm_instance.guid}
      signingMethod: internal
      issuer: ${ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA.name}
      commonName: ibm.com
      altNames:
        - alt-name-1
        - alt-name-2
      permittedDnsDomains:
        - exampleString
      ous:
        - example_ou
      organizations:
        - example_organization
      countries:
        - US
      localities:
        - example_locality
      provinces:
        - example_province
      streetAddresses:
        - example street address
      postalCodes:
        - example_postal_code
      ipSans: 127.0.0.1
      uriSans: https://www.example.com/test
      otherSans:
        - 1.2.3.5.4.3.201.10.4.3;utf8:test@example.com
      excludeCnFromSans: false
      ttl: 2100h
      maxTtl: 8760h
      maxPathLength: -1
      issuingCertificatesUrlsEncoded: true
      keyType: rsa
      keyBits: 4096
      format: pem
      privateKeyFormat: der
      crlExpiry: 72h
      crlDisable: false
      crlDistributionPointsEncoded: true
    options:
      dependsOn:
        - ${ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA}

Provider Configuration

The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below:

Static credentials
Environment variables

To find which credentials are required for this resource, see the service table here.

Static credentials

You can provide your static credentials by adding the ibmcloud_api_key, iaas_classic_username, and iaas_classic_api_key arguments in the IBM Cloud provider block.

Usage:

provider "ibm" {
    ibmcloud_api_key = ""
    iaas_classic_username = ""
    iaas_classic_api_key = ""
}

Environment variables

You can provide your credentials by exporting the IC_API_KEY, IAAS_CLASSIC_USERNAME, and IAAS_CLASSIC_API_KEY environment variables, representing your IBM Cloud platform API key, IBM Cloud Classic Infrastructure (SoftLayer) user name, and IBM Cloud infrastructure API key, respectively.

provider "ibm" {}

Usage:

export IC_API_KEY="ibmcloud_api_key"
export IAAS_CLASSIC_USERNAME="iaas_classic_username"
export IAAS_CLASSIC_API_KEY="iaas_classic_api_key"
pulumi preview

Note:

Create or find your ibmcloud_api_key and iaas_classic_api_key here.

Select My IBM Cloud API Keys option from view dropdown for ibmcloud_api_key
Select Classic Infrastructure API Keys option from view dropdown for iaas_classic_api_key

For iaas_classic_username

Go to Users
Click on user.
Find user name in the VPN password section under User Details tab

For more informaton, see here.

Create SmPrivateCertificateConfigurationIntermediateCa Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SmPrivateCertificateConfigurationIntermediateCa(name: string, args: SmPrivateCertificateConfigurationIntermediateCaArgs, opts?: CustomResourceOptions);

@overload
def SmPrivateCertificateConfigurationIntermediateCa(resource_name: str,
                                                    args: SmPrivateCertificateConfigurationIntermediateCaArgs,
                                                    opts: Optional[ResourceOptions] = None)

@overload
def SmPrivateCertificateConfigurationIntermediateCa(resource_name: str,
                                                    opts: Optional[ResourceOptions] = None,
                                                    instance_id: Optional[str] = None,
                                                    common_name: Optional[str] = None,
                                                    signing_method: Optional[str] = None,
                                                    max_ttl: Optional[str] = None,
                                                    localities: Optional[Sequence[str]] = None,
                                                    name: Optional[str] = None,
                                                    crypto_key: Optional[SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs] = None,
                                                    endpoint_type: Optional[str] = None,
                                                    exclude_cn_from_sans: Optional[bool] = None,
                                                    format: Optional[str] = None,
                                                    crl_distribution_points_encoded: Optional[bool] = None,
                                                    ip_sans: Optional[str] = None,
                                                    issuer: Optional[str] = None,
                                                    issuing_certificates_urls_encoded: Optional[bool] = None,
                                                    key_bits: Optional[float] = None,
                                                    key_type: Optional[str] = None,
                                                    alt_names: Optional[Sequence[str]] = None,
                                                    max_path_length: Optional[float] = None,
                                                    crl_disable: Optional[bool] = None,
                                                    crl_expiry: Optional[str] = None,
                                                    organizations: Optional[Sequence[str]] = None,
                                                    other_sans: Optional[Sequence[str]] = None,
                                                    ous: Optional[Sequence[str]] = None,
                                                    permitted_dns_domains: Optional[Sequence[str]] = None,
                                                    postal_codes: Optional[Sequence[str]] = None,
                                                    private_key_format: Optional[str] = None,
                                                    provinces: Optional[Sequence[str]] = None,
                                                    region: Optional[str] = None,
                                                    countries: Optional[Sequence[str]] = None,
                                                    sm_private_certificate_configuration_intermediate_ca_id: Optional[str] = None,
                                                    street_addresses: Optional[Sequence[str]] = None,
                                                    ttl: Optional[str] = None,
                                                    uri_sans: Optional[str] = None,
                                                    use_csr_values: Optional[bool] = None)

func NewSmPrivateCertificateConfigurationIntermediateCa(ctx *Context, name string, args SmPrivateCertificateConfigurationIntermediateCaArgs, opts ...ResourceOption) (*SmPrivateCertificateConfigurationIntermediateCa, error)

public SmPrivateCertificateConfigurationIntermediateCa(string name, SmPrivateCertificateConfigurationIntermediateCaArgs args, CustomResourceOptions? opts = null)

public SmPrivateCertificateConfigurationIntermediateCa(String name, SmPrivateCertificateConfigurationIntermediateCaArgs args)
public SmPrivateCertificateConfigurationIntermediateCa(String name, SmPrivateCertificateConfigurationIntermediateCaArgs args, CustomResourceOptions options)

type: ibm:SmPrivateCertificateConfigurationIntermediateCa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SmPrivateCertificateConfigurationIntermediateCaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SmPrivateCertificateConfigurationIntermediateCaArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SmPrivateCertificateConfigurationIntermediateCaArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SmPrivateCertificateConfigurationIntermediateCaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SmPrivateCertificateConfigurationIntermediateCaArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var smPrivateCertificateConfigurationIntermediateCaResource = new Ibm.SmPrivateCertificateConfigurationIntermediateCa("smPrivateCertificateConfigurationIntermediateCaResource", new()
{
    InstanceId = "string",
    CommonName = "string",
    SigningMethod = "string",
    MaxTtl = "string",
    Localities = new[]
    {
        "string",
    },
    Name = "string",
    CryptoKey = new Ibm.Inputs.SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs
    {
        AllowGenerateKey = false,
        Id = "string",
        Label = "string",
        Provider = new Ibm.Inputs.SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs
        {
            InstanceCrn = "string",
            PinIamCredentialsSecretId = "string",
            PrivateKeystoreId = "string",
            Type = "string",
        },
    },
    EndpointType = "string",
    ExcludeCnFromSans = false,
    Format = "string",
    CrlDistributionPointsEncoded = false,
    IpSans = "string",
    Issuer = "string",
    IssuingCertificatesUrlsEncoded = false,
    KeyBits = 0,
    KeyType = "string",
    AltNames = new[]
    {
        "string",
    },
    MaxPathLength = 0,
    CrlDisable = false,
    CrlExpiry = "string",
    Organizations = new[]
    {
        "string",
    },
    OtherSans = new[]
    {
        "string",
    },
    Ous = new[]
    {
        "string",
    },
    PermittedDnsDomains = new[]
    {
        "string",
    },
    PostalCodes = new[]
    {
        "string",
    },
    PrivateKeyFormat = "string",
    Provinces = new[]
    {
        "string",
    },
    Region = "string",
    Countries = new[]
    {
        "string",
    },
    SmPrivateCertificateConfigurationIntermediateCaId = "string",
    StreetAddresses = new[]
    {
        "string",
    },
    Ttl = "string",
    UriSans = "string",
    UseCsrValues = false,
});

example, err := ibm.NewSmPrivateCertificateConfigurationIntermediateCa(ctx, "smPrivateCertificateConfigurationIntermediateCaResource", &ibm.SmPrivateCertificateConfigurationIntermediateCaArgs{
	InstanceId:    pulumi.String("string"),
	CommonName:    pulumi.String("string"),
	SigningMethod: pulumi.String("string"),
	MaxTtl:        pulumi.String("string"),
	Localities: pulumi.StringArray{
		pulumi.String("string"),
	},
	Name: pulumi.String("string"),
	CryptoKey: &ibm.SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs{
		AllowGenerateKey: pulumi.Bool(false),
		Id:               pulumi.String("string"),
		Label:            pulumi.String("string"),
		Provider: &ibm.SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs{
			InstanceCrn:               pulumi.String("string"),
			PinIamCredentialsSecretId: pulumi.String("string"),
			PrivateKeystoreId:         pulumi.String("string"),
			Type:                      pulumi.String("string"),
		},
	},
	EndpointType:                   pulumi.String("string"),
	ExcludeCnFromSans:              pulumi.Bool(false),
	Format:                         pulumi.String("string"),
	CrlDistributionPointsEncoded:   pulumi.Bool(false),
	IpSans:                         pulumi.String("string"),
	Issuer:                         pulumi.String("string"),
	IssuingCertificatesUrlsEncoded: pulumi.Bool(false),
	KeyBits:                        pulumi.Float64(0),
	KeyType:                        pulumi.String("string"),
	AltNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	MaxPathLength: pulumi.Float64(0),
	CrlDisable:    pulumi.Bool(false),
	CrlExpiry:     pulumi.String("string"),
	Organizations: pulumi.StringArray{
		pulumi.String("string"),
	},
	OtherSans: pulumi.StringArray{
		pulumi.String("string"),
	},
	Ous: pulumi.StringArray{
		pulumi.String("string"),
	},
	PermittedDnsDomains: pulumi.StringArray{
		pulumi.String("string"),
	},
	PostalCodes: pulumi.StringArray{
		pulumi.String("string"),
	},
	PrivateKeyFormat: pulumi.String("string"),
	Provinces: pulumi.StringArray{
		pulumi.String("string"),
	},
	Region: pulumi.String("string"),
	Countries: pulumi.StringArray{
		pulumi.String("string"),
	},
	SmPrivateCertificateConfigurationIntermediateCaId: pulumi.String("string"),
	StreetAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	Ttl:          pulumi.String("string"),
	UriSans:      pulumi.String("string"),
	UseCsrValues: pulumi.Bool(false),
})

var smPrivateCertificateConfigurationIntermediateCaResource = new SmPrivateCertificateConfigurationIntermediateCa("smPrivateCertificateConfigurationIntermediateCaResource", SmPrivateCertificateConfigurationIntermediateCaArgs.builder()
    .instanceId("string")
    .commonName("string")
    .signingMethod("string")
    .maxTtl("string")
    .localities("string")
    .name("string")
    .cryptoKey(SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs.builder()
        .allowGenerateKey(false)
        .id("string")
        .label("string")
        .provider(SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs.builder()
            .instanceCrn("string")
            .pinIamCredentialsSecretId("string")
            .privateKeystoreId("string")
            .type("string")
            .build())
        .build())
    .endpointType("string")
    .excludeCnFromSans(false)
    .format("string")
    .crlDistributionPointsEncoded(false)
    .ipSans("string")
    .issuer("string")
    .issuingCertificatesUrlsEncoded(false)
    .keyBits(0)
    .keyType("string")
    .altNames("string")
    .maxPathLength(0)
    .crlDisable(false)
    .crlExpiry("string")
    .organizations("string")
    .otherSans("string")
    .ous("string")
    .permittedDnsDomains("string")
    .postalCodes("string")
    .privateKeyFormat("string")
    .provinces("string")
    .region("string")
    .countries("string")
    .smPrivateCertificateConfigurationIntermediateCaId("string")
    .streetAddresses("string")
    .ttl("string")
    .uriSans("string")
    .useCsrValues(false)
    .build());

sm_private_certificate_configuration_intermediate_ca_resource = ibm.SmPrivateCertificateConfigurationIntermediateCa("smPrivateCertificateConfigurationIntermediateCaResource",
    instance_id="string",
    common_name="string",
    signing_method="string",
    max_ttl="string",
    localities=["string"],
    name="string",
    crypto_key={
        "allow_generate_key": False,
        "id": "string",
        "label": "string",
        "provider": {
            "instance_crn": "string",
            "pin_iam_credentials_secret_id": "string",
            "private_keystore_id": "string",
            "type": "string",
        },
    },
    endpoint_type="string",
    exclude_cn_from_sans=False,
    format="string",
    crl_distribution_points_encoded=False,
    ip_sans="string",
    issuer="string",
    issuing_certificates_urls_encoded=False,
    key_bits=0,
    key_type="string",
    alt_names=["string"],
    max_path_length=0,
    crl_disable=False,
    crl_expiry="string",
    organizations=["string"],
    other_sans=["string"],
    ous=["string"],
    permitted_dns_domains=["string"],
    postal_codes=["string"],
    private_key_format="string",
    provinces=["string"],
    region="string",
    countries=["string"],
    sm_private_certificate_configuration_intermediate_ca_id="string",
    street_addresses=["string"],
    ttl="string",
    uri_sans="string",
    use_csr_values=False)

const smPrivateCertificateConfigurationIntermediateCaResource = new ibm.SmPrivateCertificateConfigurationIntermediateCa("smPrivateCertificateConfigurationIntermediateCaResource", {
    instanceId: "string",
    commonName: "string",
    signingMethod: "string",
    maxTtl: "string",
    localities: ["string"],
    name: "string",
    cryptoKey: {
        allowGenerateKey: false,
        id: "string",
        label: "string",
        provider: {
            instanceCrn: "string",
            pinIamCredentialsSecretId: "string",
            privateKeystoreId: "string",
            type: "string",
        },
    },
    endpointType: "string",
    excludeCnFromSans: false,
    format: "string",
    crlDistributionPointsEncoded: false,
    ipSans: "string",
    issuer: "string",
    issuingCertificatesUrlsEncoded: false,
    keyBits: 0,
    keyType: "string",
    altNames: ["string"],
    maxPathLength: 0,
    crlDisable: false,
    crlExpiry: "string",
    organizations: ["string"],
    otherSans: ["string"],
    ous: ["string"],
    permittedDnsDomains: ["string"],
    postalCodes: ["string"],
    privateKeyFormat: "string",
    provinces: ["string"],
    region: "string",
    countries: ["string"],
    smPrivateCertificateConfigurationIntermediateCaId: "string",
    streetAddresses: ["string"],
    ttl: "string",
    uriSans: "string",
    useCsrValues: false,
});

type: ibm:SmPrivateCertificateConfigurationIntermediateCa
properties:
    altNames:
        - string
    commonName: string
    countries:
        - string
    crlDisable: false
    crlDistributionPointsEncoded: false
    crlExpiry: string
    cryptoKey:
        allowGenerateKey: false
        id: string
        label: string
        provider:
            instanceCrn: string
            pinIamCredentialsSecretId: string
            privateKeystoreId: string
            type: string
    endpointType: string
    excludeCnFromSans: false
    format: string
    instanceId: string
    ipSans: string
    issuer: string
    issuingCertificatesUrlsEncoded: false
    keyBits: 0
    keyType: string
    localities:
        - string
    maxPathLength: 0
    maxTtl: string
    name: string
    organizations:
        - string
    otherSans:
        - string
    ous:
        - string
    permittedDnsDomains:
        - string
    postalCodes:
        - string
    privateKeyFormat: string
    provinces:
        - string
    region: string
    signingMethod: string
    smPrivateCertificateConfigurationIntermediateCaId: string
    streetAddresses:
        - string
    ttl: string
    uriSans: string
    useCsrValues: false

SmPrivateCertificateConfigurationIntermediateCa Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SmPrivateCertificateConfigurationIntermediateCa resource accepts the following input properties:

CommonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

InstanceId string

The GUID of the Secrets Manager instance.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

SigningMethod string

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

AltNames List<string>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

Countries List<string>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CrlDisable bool

Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.

CrlDistributionPointsEncoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

CrlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

CryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

ExcludeCnFromSans bool

Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.

Format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

IpSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

Issuer string

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

IssuingCertificatesUrlsEncoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

KeyBits double

The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Localities List<string>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxPathLength double

The maximum path length to encode in the generated certificate. -1 means no limit.

Name string

A human-readable unique name to assign to the intermediate CA configuration.

Organizations List<string>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

OtherSans List<string>

The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Ous List<string>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PermittedDnsDomains List<string>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

PostalCodes List<string>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PrivateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

Provinces List<string>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SmPrivateCertificateConfigurationIntermediateCaId string

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

StreetAddresses List<string>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.

UriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

UseCsrValues bool

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

CommonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

InstanceId string

The GUID of the Secrets Manager instance.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

SigningMethod string

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

AltNames []string

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

Countries []string

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CrlDisable bool

CrlDistributionPointsEncoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

CrlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

CryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

ExcludeCnFromSans bool

Format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

IpSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

Issuer string

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

IssuingCertificatesUrlsEncoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

KeyBits float64

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Localities []string

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxPathLength float64

The maximum path length to encode in the generated certificate. -1 means no limit.

Name string

A human-readable unique name to assign to the intermediate CA configuration.

Organizations []string

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

OtherSans []string

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Ous []string

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PermittedDnsDomains []string

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

PostalCodes []string

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PrivateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

Provinces []string

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SmPrivateCertificateConfigurationIntermediateCaId string

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

StreetAddresses []string

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

UriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

UseCsrValues bool

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

commonName String

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

instanceId String

The GUID of the Secrets Manager instance.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this CA.

signingMethod String

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

altNames List<String>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable Boolean

crlDistributionPointsEncoded Boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry String

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

cryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans Boolean

format String

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

ipSans String

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuer String

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded Boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits Double

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength Double

The maximum path length to encode in the generated certificate. -1 means no limit.

name String

A human-readable unique name to assign to the intermediate CA configuration.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains List<String>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat String

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

smPrivateCertificateConfigurationIntermediateCaId String

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

uriSans String

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

useCsrValues Boolean

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

commonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

instanceId string

The GUID of the Secrets Manager instance.

maxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

signingMethod string

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

altNames string[]

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

countries string[]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable boolean

crlDistributionPointsEncoded boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

cryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

endpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans boolean

format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

ipSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuer string

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits number

keyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities string[]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength number

The maximum path length to encode in the generated certificate. -1 means no limit.

name string

A human-readable unique name to assign to the intermediate CA configuration.

organizations string[]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans string[]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous string[]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains string[]

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

postalCodes string[]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces string[]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

smPrivateCertificateConfigurationIntermediateCaId string

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

streetAddresses string[]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl string

uriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

useCsrValues boolean

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

common_name str

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

instance_id str

The GUID of the Secrets Manager instance.

max_ttl str

The maximum time-to-live (TTL) for certificates that are created by this CA.

signing_method str

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

alt_names Sequence[str]

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

countries Sequence[str]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crl_disable bool

crl_distribution_points_encoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crl_expiry str

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crypto_key SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

endpoint_type str

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

exclude_cn_from_sans bool

format str

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

ip_sans str

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuer str

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuing_certificates_urls_encoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

key_bits float

key_type str

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities Sequence[str]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

max_path_length float

The maximum path length to encode in the generated certificate. -1 means no limit.

name str

A human-readable unique name to assign to the intermediate CA configuration.

organizations Sequence[str]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

other_sans Sequence[str]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous Sequence[str]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permitted_dns_domains Sequence[str]

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

postal_codes Sequence[str]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

private_key_format str

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces Sequence[str]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region str

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

sm_private_certificate_configuration_intermediate_ca_id str

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

street_addresses Sequence[str]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl str

uri_sans str

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

use_csr_values bool

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

commonName String

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

instanceId String

The GUID of the Secrets Manager instance.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this CA.

signingMethod String

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

altNames List<String>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable Boolean

crlDistributionPointsEncoded Boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry String

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

cryptoKey Property Map

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans Boolean

format String

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

ipSans String

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuer String

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded Boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits Number

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength Number

The maximum path length to encode in the generated certificate. -1 means no limit.

name String

A human-readable unique name to assign to the intermediate CA configuration.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains List<String>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat String

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

smPrivateCertificateConfigurationIntermediateCaId String

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

uriSans String

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

useCsrValues Boolean

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

Outputs

All input properties are implicitly available as output properties. Additionally, the SmPrivateCertificateConfigurationIntermediateCa resource produces the following output properties:

ConfigType string

The configuration type.

CrlExpirySeconds double

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

Datas List<SmPrivateCertificateConfigurationIntermediateCaData>

(List) The configuration data of your Private Certificate. Nested scheme for data:

ExpirationDate string

The date a secret is expired. The date format follows RFC 3339.

Id string

The provider-assigned unique ID for this managed resource.

MaxTtlSeconds double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Status string

(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

ConfigType string

The configuration type.

CrlExpirySeconds float64

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

Datas []SmPrivateCertificateConfigurationIntermediateCaData

(List) The configuration data of your Private Certificate. Nested scheme for data:

ExpirationDate string

The date a secret is expired. The date format follows RFC 3339.

Id string

The provider-assigned unique ID for this managed resource.

MaxTtlSeconds float64

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

Status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

configType String

The configuration type.

crlExpirySeconds Double

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

datas List<SmPrivateCertificateConfigurationIntermediateCaData>

(List) The configuration data of your Private Certificate. Nested scheme for data:

expirationDate String

The date a secret is expired. The date format follows RFC 3339.

id String

The provider-assigned unique ID for this managed resource.

maxTtlSeconds Double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

status String

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

configType string

The configuration type.

crlExpirySeconds number

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

datas SmPrivateCertificateConfigurationIntermediateCaData[]

(List) The configuration data of your Private Certificate. Nested scheme for data:

expirationDate string

The date a secret is expired. The date format follows RFC 3339.

id string

The provider-assigned unique ID for this managed resource.

maxTtlSeconds number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

secretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

config_type str

The configuration type.

crl_expiry_seconds float

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

datas Sequence[SmPrivateCertificateConfigurationIntermediateCaData]

(List) The configuration data of your Private Certificate. Nested scheme for data:

expiration_date str

The date a secret is expired. The date format follows RFC 3339.

id str

The provider-assigned unique ID for this managed resource.

max_ttl_seconds float

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

secret_type str

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serial_number str

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

status str

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

configType String

The configuration type.

crlExpirySeconds Number

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

datas List<Property Map>

(List) The configuration data of your Private Certificate. Nested scheme for data:

expirationDate String

The date a secret is expired. The date format follows RFC 3339.

id String

The provider-assigned unique ID for this managed resource.

maxTtlSeconds Number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

status String

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

Look up Existing SmPrivateCertificateConfigurationIntermediateCa Resource

Get an existing SmPrivateCertificateConfigurationIntermediateCa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SmPrivateCertificateConfigurationIntermediateCaState, opts?: CustomResourceOptions): SmPrivateCertificateConfigurationIntermediateCa

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alt_names: Optional[Sequence[str]] = None,
        common_name: Optional[str] = None,
        config_type: Optional[str] = None,
        countries: Optional[Sequence[str]] = None,
        crl_disable: Optional[bool] = None,
        crl_distribution_points_encoded: Optional[bool] = None,
        crl_expiry: Optional[str] = None,
        crl_expiry_seconds: Optional[float] = None,
        crypto_key: Optional[SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs] = None,
        datas: Optional[Sequence[SmPrivateCertificateConfigurationIntermediateCaDataArgs]] = None,
        endpoint_type: Optional[str] = None,
        exclude_cn_from_sans: Optional[bool] = None,
        expiration_date: Optional[str] = None,
        format: Optional[str] = None,
        instance_id: Optional[str] = None,
        ip_sans: Optional[str] = None,
        issuer: Optional[str] = None,
        issuing_certificates_urls_encoded: Optional[bool] = None,
        key_bits: Optional[float] = None,
        key_type: Optional[str] = None,
        localities: Optional[Sequence[str]] = None,
        max_path_length: Optional[float] = None,
        max_ttl: Optional[str] = None,
        max_ttl_seconds: Optional[float] = None,
        name: Optional[str] = None,
        organizations: Optional[Sequence[str]] = None,
        other_sans: Optional[Sequence[str]] = None,
        ous: Optional[Sequence[str]] = None,
        permitted_dns_domains: Optional[Sequence[str]] = None,
        postal_codes: Optional[Sequence[str]] = None,
        private_key_format: Optional[str] = None,
        provinces: Optional[Sequence[str]] = None,
        region: Optional[str] = None,
        secret_type: Optional[str] = None,
        serial_number: Optional[str] = None,
        signing_method: Optional[str] = None,
        sm_private_certificate_configuration_intermediate_ca_id: Optional[str] = None,
        status: Optional[str] = None,
        street_addresses: Optional[Sequence[str]] = None,
        ttl: Optional[str] = None,
        uri_sans: Optional[str] = None,
        use_csr_values: Optional[bool] = None) -> SmPrivateCertificateConfigurationIntermediateCa

func GetSmPrivateCertificateConfigurationIntermediateCa(ctx *Context, name string, id IDInput, state *SmPrivateCertificateConfigurationIntermediateCaState, opts ...ResourceOption) (*SmPrivateCertificateConfigurationIntermediateCa, error)

public static SmPrivateCertificateConfigurationIntermediateCa Get(string name, Input<string> id, SmPrivateCertificateConfigurationIntermediateCaState? state, CustomResourceOptions? opts = null)

public static SmPrivateCertificateConfigurationIntermediateCa get(String name, Output<String> id, SmPrivateCertificateConfigurationIntermediateCaState state, CustomResourceOptions options)

resources:  _:    type: ibm:SmPrivateCertificateConfigurationIntermediateCa    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AltNames List<string>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

CommonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

ConfigType string

The configuration type.

Countries List<string>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CrlDisable bool

CrlDistributionPointsEncoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

CrlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

CrlExpirySeconds double

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

CryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

Datas List<SmPrivateCertificateConfigurationIntermediateCaData>

(List) The configuration data of your Private Certificate. Nested scheme for data:

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

ExcludeCnFromSans bool

ExpirationDate string

The date a secret is expired. The date format follows RFC 3339.

Format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

InstanceId string

The GUID of the Secrets Manager instance.

IpSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

Issuer string

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

IssuingCertificatesUrlsEncoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

KeyBits double

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Localities List<string>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxPathLength double

The maximum path length to encode in the generated certificate. -1 means no limit.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

MaxTtlSeconds double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

Name string

A human-readable unique name to assign to the intermediate CA configuration.

Organizations List<string>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

OtherSans List<string>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Ous List<string>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PermittedDnsDomains List<string>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

PostalCodes List<string>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PrivateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

Provinces List<string>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

SigningMethod string

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

SmPrivateCertificateConfigurationIntermediateCaId string

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

Status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

StreetAddresses List<string>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

UriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

UseCsrValues bool

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

AltNames []string

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

CommonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

ConfigType string

The configuration type.

Countries []string

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

CrlDisable bool

CrlDistributionPointsEncoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

CrlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

CrlExpirySeconds float64

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

CryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

Datas []SmPrivateCertificateConfigurationIntermediateCaDataArgs

(List) The configuration data of your Private Certificate. Nested scheme for data:

EndpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

ExcludeCnFromSans bool

ExpirationDate string

The date a secret is expired. The date format follows RFC 3339.

Format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

InstanceId string

The GUID of the Secrets Manager instance.

IpSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

Issuer string

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

IssuingCertificatesUrlsEncoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

KeyBits float64

KeyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Localities []string

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

MaxPathLength float64

The maximum path length to encode in the generated certificate. -1 means no limit.

MaxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

MaxTtlSeconds float64

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

Name string

A human-readable unique name to assign to the intermediate CA configuration.

Organizations []string

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

OtherSans []string

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

Ous []string

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PermittedDnsDomains []string

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

PostalCodes []string

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

PrivateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

Provinces []string

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

SecretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

SerialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

SigningMethod string

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

SmPrivateCertificateConfigurationIntermediateCaId string

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

Status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

StreetAddresses []string

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

Ttl string

UriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

UseCsrValues bool

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

altNames List<String>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

commonName String

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

configType String

The configuration type.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable Boolean

crlDistributionPointsEncoded Boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry String

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crlExpirySeconds Double

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

cryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

datas List<SmPrivateCertificateConfigurationIntermediateCaData>

(List) The configuration data of your Private Certificate. Nested scheme for data:

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans Boolean

expirationDate String

The date a secret is expired. The date format follows RFC 3339.

format String

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

instanceId String

The GUID of the Secrets Manager instance.

ipSans String

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuer String

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded Boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits Double

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength Double

The maximum path length to encode in the generated certificate. -1 means no limit.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this CA.

maxTtlSeconds Double

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name String

A human-readable unique name to assign to the intermediate CA configuration.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains List<String>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat String

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

signingMethod String

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

smPrivateCertificateConfigurationIntermediateCaId String

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

status String

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

uriSans String

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

useCsrValues Boolean

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

altNames string[]

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

commonName string

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

configType string

The configuration type.

countries string[]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable boolean

crlDistributionPointsEncoded boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry string

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crlExpirySeconds number

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

cryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

datas SmPrivateCertificateConfigurationIntermediateCaData[]

(List) The configuration data of your Private Certificate. Nested scheme for data:

endpointType string

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans boolean

expirationDate string

The date a secret is expired. The date format follows RFC 3339.

format string

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

instanceId string

The GUID of the Secrets Manager instance.

ipSans string

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuer string

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits number

keyType string

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities string[]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength number

The maximum path length to encode in the generated certificate. -1 means no limit.

maxTtl string

The maximum time-to-live (TTL) for certificates that are created by this CA.

maxTtlSeconds number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name string

A human-readable unique name to assign to the intermediate CA configuration.

organizations string[]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans string[]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous string[]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains string[]

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

postalCodes string[]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat string

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces string[]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region string

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretType string

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber string

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

signingMethod string

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

smPrivateCertificateConfigurationIntermediateCaId string

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

status string

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

streetAddresses string[]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl string

uriSans string

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

useCsrValues boolean

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

alt_names Sequence[str]

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

common_name str

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

config_type str

The configuration type.

countries Sequence[str]

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crl_disable bool

crl_distribution_points_encoded bool

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crl_expiry str

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crl_expiry_seconds float

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

crypto_key SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

datas Sequence[SmPrivateCertificateConfigurationIntermediateCaDataArgs]

(List) The configuration data of your Private Certificate. Nested scheme for data:

endpoint_type str

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

exclude_cn_from_sans bool

expiration_date str

The date a secret is expired. The date format follows RFC 3339.

format str

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

instance_id str

The GUID of the Secrets Manager instance.

ip_sans str

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuer str

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuing_certificates_urls_encoded bool

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

key_bits float

key_type str

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities Sequence[str]

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

max_path_length float

The maximum path length to encode in the generated certificate. -1 means no limit.

max_ttl str

The maximum time-to-live (TTL) for certificates that are created by this CA.

max_ttl_seconds float

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name str

A human-readable unique name to assign to the intermediate CA configuration.

organizations Sequence[str]

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

other_sans Sequence[str]

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous Sequence[str]

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permitted_dns_domains Sequence[str]

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

postal_codes Sequence[str]

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

private_key_format str

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces Sequence[str]

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region str

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secret_type str

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serial_number str

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

signing_method str

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

sm_private_certificate_configuration_intermediate_ca_id str

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

status str

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

street_addresses Sequence[str]

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl str

uri_sans str

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

use_csr_values bool

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

altNames List<String>

With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.

commonName String

The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.

configType String

The configuration type.

countries List<String>

The Country (C) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

crlDisable Boolean

crlDistributionPointsEncoded Boolean

Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.

crlExpiry String

The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.

crlExpirySeconds Number

(Integer) The time until the certificate revocation list (CRL) expires, in seconds.

cryptoKey Property Map

The data that is associated with a cryptographic key. Nested scheme for crypto_key:

datas List<Property Map>

(List) The configuration data of your Private Certificate. Nested scheme for data:

endpointType String

The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

Constraints: Allowable values are: private, public.

excludeCnFromSans Boolean

expirationDate String

The date a secret is expired. The date format follows RFC 3339.

format String

The format of the returned data.

Constraints: Allowable values are: pem, pem_bundle.

instanceId String

The GUID of the Secrets Manager instance.

ipSans String

The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuer String

The distinguished name that identifies the entity that signed and issued the certificate.

Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

issuingCertificatesUrlsEncoded Boolean

Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.

keyBits Number

keyType String

The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

localities List<String>

The Locality (L) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

maxPathLength Number

The maximum path length to encode in the generated certificate. -1 means no limit.

maxTtl String

The maximum time-to-live (TTL) for certificates that are created by this CA.

maxTtlSeconds Number

(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.

name String

A human-readable unique name to assign to the intermediate CA configuration.

organizations List<String>

The Organization (O) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

otherSans List<String>

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.

ous List<String>

The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

permittedDnsDomains List<String>

The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.

postalCodes List<String>

The postal code values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

privateKeyFormat String

The format of the generated private key.

Constraints: The default value is der. Allowable values are: der, pkcs8.

provinces List<String>

The Province (ST) values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

region String

The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.

secretType String

(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.

serialNumber String

(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.

signingMethod String

The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

Constraints: Allowable values are: internal, external.

smPrivateCertificateConfigurationIntermediateCaId String

The unique identifier of the PrivateCertificateConfigurationIntermediateCA.

status String

Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

streetAddresses List<String>

The street address values to define in the subject field of the resulting certificate.

Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.

ttl String

uriSans String

The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.

useCsrValues Boolean

Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

Supporting Types

SmPrivateCertificateConfigurationIntermediateCaCryptoKey, SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs

AllowGenerateKey bool

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

Id string

The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

Label string

The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

Provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

AllowGenerateKey bool

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

Id string

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

Label string

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

Provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

allowGenerateKey Boolean

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

id String

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

label String

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

allowGenerateKey boolean

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

id string

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

label string

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

allow_generate_key bool

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

id str

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

label str

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider

The data that is associated with a cryptographic provider. Nested scheme for provider:

allowGenerateKey Boolean

The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.

id String

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

label String

Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.

provider Property Map

The data that is associated with a cryptographic provider. Nested scheme for provider:

SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider, SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs

InstanceCrn string

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

PinIamCredentialsSecretId string

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

PrivateKeystoreId string

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

Type string

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

InstanceCrn string

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

PinIamCredentialsSecretId string

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

PrivateKeystoreId string

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

Type string

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

instanceCrn String

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

pinIamCredentialsSecretId String

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

privateKeystoreId String

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

type String

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

instanceCrn string

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

pinIamCredentialsSecretId string

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

privateKeystoreId string

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

type string

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

instance_crn str

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

pin_iam_credentials_secret_id str

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

private_keystore_id str

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

type str

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

instanceCrn String

The HPCS instance CRN.

Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.

pinIamCredentialsSecretId String

The secret Id of iam credentials with api key to access HPCS instance.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

privateKeystoreId String

The HPCS private key store space id.

Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.

type String

The type of cryptographic provider.

Constraints: Allowable values are: hyper_protect_crypto_services.

SmPrivateCertificateConfigurationIntermediateCaData, SmPrivateCertificateConfigurationIntermediateCaDataArgs

CaChains List<string>

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

Certificate string

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

Csr string

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

Expiration double

(Integer) The certificate expiration time.

IssuingCa string

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

PrivateKey string

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

PrivateKeyType string

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

CaChains []string

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

Certificate string

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

Csr string

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

Expiration float64

(Integer) The certificate expiration time.

IssuingCa string

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

PrivateKey string

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

PrivateKeyType string

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

caChains List<String>

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

certificate String

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

csr String

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

expiration Double

(Integer) The certificate expiration time.

issuingCa String

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKey String

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKeyType String

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

caChains string[]

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

certificate string

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

csr string

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

expiration number

(Integer) The certificate expiration time.

issuingCa string

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKey string

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKeyType string

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

ca_chains Sequence[str]

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

certificate str

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

csr str

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

expiration float

(Integer) The certificate expiration time.

issuing_ca str

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

private_key str

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

private_key_type str

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

caChains List<String>

(List) The chain of certificate authorities that are associated with the certificate.

Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.

certificate String

(Forces new resource, String) The PEM-encoded contents of your certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

csr String

(Forces new resource, String) The certificate signing request.

Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

expiration Number

(Integer) The certificate expiration time.

issuingCa String

(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKey String

(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.

privateKeyType String

(Forces new resource, String) The type of private key to generate.

Constraints: Allowable values are: rsa, ec.

Import

You can import the ibm_sm_private_certificate_configuration_intermediate_ca resource by using region, instance_id, and name.

For more information, see the documentation

Syntax

bash

$ pulumi import ibm:index/smPrivateCertificateConfigurationIntermediateCa:SmPrivateCertificateConfigurationIntermediateCa sm_private_certificate_configuration_intermediate_ca <region>/<instance_id>/<name>

Example

bash

$ pulumi import ibm:index/smPrivateCertificateConfigurationIntermediateCa:SmPrivateCertificateConfigurationIntermediateCa sm_private_certificate_configuration_intermediate_ca us-east/6ebc4224-e983-496a-8a54-f40a0bfa9175/my_intermediate_ca

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.SmPrivateCertificateConfigurationIntermediateCa

On this page

On this page

Example Usage

Provider Configuration

Static credentials

Environment variables

Create SmPrivateCertificateConfigurationIntermediateCa Resource

Constructor syntax

Parameters

Constructor example

SmPrivateCertificateConfigurationIntermediateCa Resource Properties

Inputs

Outputs

Look up Existing SmPrivateCertificateConfigurationIntermediateCa Resource

Supporting Types

SmPrivateCertificateConfigurationIntermediateCaCryptoKey, SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs

SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider, SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs

SmPrivateCertificateConfigurationIntermediateCaData, SmPrivateCertificateConfigurationIntermediateCaDataArgs

Import

Package Details

On this page

On this page