routeros 1.83.1, Apr 28 25

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.SystemCertificate

Explore with Pulumi AI

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

# routeros.SystemCertificate (Resource)

Certificate resource management consists of two independent processes:

key creation and certificate signing request (key + csr)
certificate signing by the issuer (crt)

For a complete certificate creation cycle, both of the above steps must be performed. In this case the sign {} block must be specified in the configuration.

If you need to import the current state of the certificate resource, then do not specify the sign{} block.

Importing an external certificate is also done without specifying the sign{} block, because the certificate should have already been signed by the issuer at this step.

Create SystemCertificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SystemCertificate(name: string, args: SystemCertificateArgs, opts?: CustomResourceOptions);

@overload
def SystemCertificate(resource_name: str,
                      args: SystemCertificateArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def SystemCertificate(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      common_name: Optional[str] = None,
                      locality: Optional[str] = None,
                      name: Optional[str] = None,
                      ___path_: Optional[str] = None,
                      ___id_: Optional[float] = None,
                      country: Optional[str] = None,
                      days_valid: Optional[float] = None,
                      import_: Optional[SystemCertificateImportArgs] = None,
                      key_size: Optional[str] = None,
                      ___skip_: Optional[str] = None,
                      key_usages: Optional[Sequence[str]] = None,
                      copy_from: Optional[str] = None,
                      organization: Optional[str] = None,
                      sign_via_sceps: Optional[Sequence[SystemCertificateSignViaScepArgs]] = None,
                      signs: Optional[Sequence[SystemCertificateSignArgs]] = None,
                      state: Optional[str] = None,
                      subject_alt_name: Optional[str] = None,
                      system_certificate_id: Optional[str] = None,
                      trusted: Optional[bool] = None,
                      unit: Optional[str] = None)

func NewSystemCertificate(ctx *Context, name string, args SystemCertificateArgs, opts ...ResourceOption) (*SystemCertificate, error)

public SystemCertificate(string name, SystemCertificateArgs args, CustomResourceOptions? opts = null)

public SystemCertificate(String name, SystemCertificateArgs args)
public SystemCertificate(String name, SystemCertificateArgs args, CustomResourceOptions options)

type: routeros:SystemCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SystemCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SystemCertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SystemCertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SystemCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SystemCertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

SystemCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SystemCertificate resource accepts the following input properties:

CommonName string: Common Name (e.g. server FQDN or YOUR name).
CopyFrom string
Country string: Country Name (2 letter code).
DaysValid double: Certificate lifetime.
Import SystemCertificateImport
KeySize string
KeyUsages List<string>: Detailed key usage descriptions can be found in RFC 5280.
Locality string: Locality Name (eg, city).
Name string: Name of the certificate. Name can be edited.
Organization string: Organizational Unit Name (eg, section)
SignViaSceps List<SystemCertificateSignViaScep>
Signs List<SystemCertificateSign>
State string: State or Province Name (full name).
SubjectAltName string: SANs (subject alternative names).
SystemCertificateId string: The ID of this resource.
Trusted bool: If set to yes certificate is included 'in trusted certificate chain'.
Unit string: Organizational Unit Name (eg, section).
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.

CommonName string: Common Name (e.g. server FQDN or YOUR name).
CopyFrom string
Country string: Country Name (2 letter code).
DaysValid float64: Certificate lifetime.
Import SystemCertificateImportArgs
KeySize string
KeyUsages []string: Detailed key usage descriptions can be found in RFC 5280.
Locality string: Locality Name (eg, city).
Name string: Name of the certificate. Name can be edited.
Organization string: Organizational Unit Name (eg, section)
SignViaSceps []SystemCertificateSignViaScepArgs
Signs []SystemCertificateSignArgs
State string: State or Province Name (full name).
SubjectAltName string: SANs (subject alternative names).
SystemCertificateId string: The ID of this resource.
Trusted bool: If set to yes certificate is included 'in trusted certificate chain'.
Unit string: Organizational Unit Name (eg, section).
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.

commonName String: Common Name (e.g. server FQDN or YOUR name).
___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ String: A set of transformations for field names. This is an internal service field, setting a value is not required.
copyFrom String
country String: Country Name (2 letter code).
daysValid Double: Certificate lifetime.
import_ SystemCertificateImport
keySize String
keyUsages List<String>: Detailed key usage descriptions can be found in RFC 5280.
locality String: Locality Name (eg, city).
name String: Name of the certificate. Name can be edited.
organization String: Organizational Unit Name (eg, section)
signViaSceps List<SystemCertificateSignViaScep>
signs List<SystemCertificateSign>
state String: State or Province Name (full name).
subjectAltName String: SANs (subject alternative names).
systemCertificateId String: The ID of this resource.
trusted Boolean: If set to yes certificate is included 'in trusted certificate chain'.
unit String: Organizational Unit Name (eg, section).

commonName string: Common Name (e.g. server FQDN or YOUR name).
___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.
copyFrom string
country string: Country Name (2 letter code).
daysValid number: Certificate lifetime.
import SystemCertificateImport
keySize string
keyUsages string[]: Detailed key usage descriptions can be found in RFC 5280.
locality string: Locality Name (eg, city).
name string: Name of the certificate. Name can be edited.
organization string: Organizational Unit Name (eg, section)
signViaSceps SystemCertificateSignViaScep[]
signs SystemCertificateSign[]
state string: State or Province Name (full name).
subjectAltName string: SANs (subject alternative names).
systemCertificateId string: The ID of this resource.
trusted boolean: If set to yes certificate is included 'in trusted certificate chain'.
unit string: Organizational Unit Name (eg, section).

common_name str: Common Name (e.g. server FQDN or YOUR name).
___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ str: A set of transformations for field names. This is an internal service field, setting a value is not required.
copy_from str
country str: Country Name (2 letter code).
days_valid float: Certificate lifetime.
import_ SystemCertificateImportArgs
key_size str
key_usages Sequence[str]: Detailed key usage descriptions can be found in RFC 5280.
locality str: Locality Name (eg, city).
name str: Name of the certificate. Name can be edited.
organization str: Organizational Unit Name (eg, section)
sign_via_sceps Sequence[SystemCertificateSignViaScepArgs]
signs Sequence[SystemCertificateSignArgs]
state str: State or Province Name (full name).
subject_alt_name str: SANs (subject alternative names).
system_certificate_id str: The ID of this resource.
trusted bool: If set to yes certificate is included 'in trusted certificate chain'.
unit str: Organizational Unit Name (eg, section).

commonName String: Common Name (e.g. server FQDN or YOUR name).
___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ String: A set of transformations for field names. This is an internal service field, setting a value is not required.
copyFrom String
country String: Country Name (2 letter code).
daysValid Number: Certificate lifetime.
import Property Map
keySize String
keyUsages List<String>: Detailed key usage descriptions can be found in RFC 5280.
locality String: Locality Name (eg, city).
name String: Name of the certificate. Name can be edited.
organization String: Organizational Unit Name (eg, section)
signViaSceps List<Property Map>
signs List<Property Map>
state String: State or Province Name (full name).
subjectAltName String: SANs (subject alternative names).
systemCertificateId String: The ID of this resource.
trusted Boolean: If set to yes certificate is included 'in trusted certificate chain'.
unit String: Organizational Unit Name (eg, section).

Outputs

All input properties are implicitly available as output properties. Additionally, the SystemCertificate resource produces the following output properties:

Akid string: Authority Key Identifier.
Authority string
Ca string
CaCrlHost string
CaFingerprint string
ChallengePassword string: A challenge password for scep client.
Crl string
DigestAlgorithm bool
Dsa bool
Expired bool: Set to true if certificate is expired.
ExpiresAfter string
Fingerprint string
Id string: The provider-assigned unique ID for this managed resource.
InvalidAfter string: The date after which certificate wil be invalid.
InvalidBefore string: The date before which certificate is invalid.
Issued string
Issuer string
KeyType string
PrivateKey bool
ReqFingerprint string
Revoked string
ScepUrl string
SerialNumber string
Skid string: Subject Key Identifier.
SmartCardKey string
Status string: Shows current status of scep client.

Akid string: Authority Key Identifier.
Authority string
Ca string
CaCrlHost string
CaFingerprint string
ChallengePassword string: A challenge password for scep client.
Crl string
DigestAlgorithm bool
Dsa bool
Expired bool: Set to true if certificate is expired.
ExpiresAfter string
Fingerprint string
Id string: The provider-assigned unique ID for this managed resource.
InvalidAfter string: The date after which certificate wil be invalid.
InvalidBefore string: The date before which certificate is invalid.
Issued string
Issuer string
KeyType string
PrivateKey bool
ReqFingerprint string
Revoked string
ScepUrl string
SerialNumber string
Skid string: Subject Key Identifier.
SmartCardKey string
Status string: Shows current status of scep client.

akid String: Authority Key Identifier.
authority String
ca String
caCrlHost String
caFingerprint String
challengePassword String: A challenge password for scep client.
crl String
digestAlgorithm Boolean
dsa Boolean
expired Boolean: Set to true if certificate is expired.
expiresAfter String
fingerprint String
id String: The provider-assigned unique ID for this managed resource.
invalidAfter String: The date after which certificate wil be invalid.
invalidBefore String: The date before which certificate is invalid.
issued String
issuer String
keyType String
privateKey Boolean
reqFingerprint String
revoked String
scepUrl String
serialNumber String
skid String: Subject Key Identifier.
smartCardKey String
status String: Shows current status of scep client.

akid string: Authority Key Identifier.
authority string
ca string
caCrlHost string
caFingerprint string
challengePassword string: A challenge password for scep client.
crl string
digestAlgorithm boolean
dsa boolean
expired boolean: Set to true if certificate is expired.
expiresAfter string
fingerprint string
id string: The provider-assigned unique ID for this managed resource.
invalidAfter string: The date after which certificate wil be invalid.
invalidBefore string: The date before which certificate is invalid.
issued string
issuer string
keyType string
privateKey boolean
reqFingerprint string
revoked string
scepUrl string
serialNumber string
skid string: Subject Key Identifier.
smartCardKey string
status string: Shows current status of scep client.

akid str: Authority Key Identifier.
authority str
ca str
ca_crl_host str
ca_fingerprint str
challenge_password str: A challenge password for scep client.
crl str
digest_algorithm bool
dsa bool
expired bool: Set to true if certificate is expired.
expires_after str
fingerprint str
id str: The provider-assigned unique ID for this managed resource.
invalid_after str: The date after which certificate wil be invalid.
invalid_before str: The date before which certificate is invalid.
issued str
issuer str
key_type str
private_key bool
req_fingerprint str
revoked str
scep_url str
serial_number str
skid str: Subject Key Identifier.
smart_card_key str
status str: Shows current status of scep client.

akid String: Authority Key Identifier.
authority String
ca String
caCrlHost String
caFingerprint String
challengePassword String: A challenge password for scep client.
crl String
digestAlgorithm Boolean
dsa Boolean
expired Boolean: Set to true if certificate is expired.
expiresAfter String
fingerprint String
id String: The provider-assigned unique ID for this managed resource.
invalidAfter String: The date after which certificate wil be invalid.
invalidBefore String: The date before which certificate is invalid.
issued String
issuer String
keyType String
privateKey Boolean
reqFingerprint String
revoked String
scepUrl String
serialNumber String
skid String: Subject Key Identifier.
smartCardKey String
status String: Shows current status of scep client.

Look up Existing SystemCertificate Resource

Get an existing SystemCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SystemCertificateState, opts?: CustomResourceOptions): SystemCertificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ___id_: Optional[float] = None,
        ___path_: Optional[str] = None,
        ___skip_: Optional[str] = None,
        akid: Optional[str] = None,
        authority: Optional[str] = None,
        ca: Optional[str] = None,
        ca_crl_host: Optional[str] = None,
        ca_fingerprint: Optional[str] = None,
        challenge_password: Optional[str] = None,
        common_name: Optional[str] = None,
        copy_from: Optional[str] = None,
        country: Optional[str] = None,
        crl: Optional[str] = None,
        days_valid: Optional[float] = None,
        digest_algorithm: Optional[bool] = None,
        dsa: Optional[bool] = None,
        expired: Optional[bool] = None,
        expires_after: Optional[str] = None,
        fingerprint: Optional[str] = None,
        import_: Optional[SystemCertificateImportArgs] = None,
        invalid_after: Optional[str] = None,
        invalid_before: Optional[str] = None,
        issued: Optional[str] = None,
        issuer: Optional[str] = None,
        key_size: Optional[str] = None,
        key_type: Optional[str] = None,
        key_usages: Optional[Sequence[str]] = None,
        locality: Optional[str] = None,
        name: Optional[str] = None,
        organization: Optional[str] = None,
        private_key: Optional[bool] = None,
        req_fingerprint: Optional[str] = None,
        revoked: Optional[str] = None,
        scep_url: Optional[str] = None,
        serial_number: Optional[str] = None,
        sign_via_sceps: Optional[Sequence[SystemCertificateSignViaScepArgs]] = None,
        signs: Optional[Sequence[SystemCertificateSignArgs]] = None,
        skid: Optional[str] = None,
        smart_card_key: Optional[str] = None,
        state: Optional[str] = None,
        status: Optional[str] = None,
        subject_alt_name: Optional[str] = None,
        system_certificate_id: Optional[str] = None,
        trusted: Optional[bool] = None,
        unit: Optional[str] = None) -> SystemCertificate

func GetSystemCertificate(ctx *Context, name string, id IDInput, state *SystemCertificateState, opts ...ResourceOption) (*SystemCertificate, error)

public static SystemCertificate Get(string name, Input<string> id, SystemCertificateState? state, CustomResourceOptions? opts = null)

public static SystemCertificate get(String name, Output<String> id, SystemCertificateState state, CustomResourceOptions options)

resources:  _:    type: routeros:SystemCertificate    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Akid string: Authority Key Identifier.
Authority string
Ca string
CaCrlHost string
CaFingerprint string
ChallengePassword string: A challenge password for scep client.
CommonName string: Common Name (e.g. server FQDN or YOUR name).
CopyFrom string
Country string: Country Name (2 letter code).
Crl string
DaysValid double: Certificate lifetime.
DigestAlgorithm bool
Dsa bool
Expired bool: Set to true if certificate is expired.
ExpiresAfter string
Fingerprint string
Import SystemCertificateImport
InvalidAfter string: The date after which certificate wil be invalid.
InvalidBefore string: The date before which certificate is invalid.
Issued string
Issuer string
KeySize string
KeyType string
KeyUsages List<string>: Detailed key usage descriptions can be found in RFC 5280.
Locality string: Locality Name (eg, city).
Name string: Name of the certificate. Name can be edited.
Organization string: Organizational Unit Name (eg, section)
PrivateKey bool
ReqFingerprint string
Revoked string
ScepUrl string
SerialNumber string
SignViaSceps List<SystemCertificateSignViaScep>
Signs List<SystemCertificateSign>
Skid string: Subject Key Identifier.
SmartCardKey string
State string: State or Province Name (full name).
Status string: Shows current status of scep client.
SubjectAltName string: SANs (subject alternative names).
SystemCertificateId string: The ID of this resource.
Trusted bool: If set to yes certificate is included 'in trusted certificate chain'.
Unit string: Organizational Unit Name (eg, section).
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.

Akid string: Authority Key Identifier.
Authority string
Ca string
CaCrlHost string
CaFingerprint string
ChallengePassword string: A challenge password for scep client.
CommonName string: Common Name (e.g. server FQDN or YOUR name).
CopyFrom string
Country string: Country Name (2 letter code).
Crl string
DaysValid float64: Certificate lifetime.
DigestAlgorithm bool
Dsa bool
Expired bool: Set to true if certificate is expired.
ExpiresAfter string
Fingerprint string
Import SystemCertificateImportArgs
InvalidAfter string: The date after which certificate wil be invalid.
InvalidBefore string: The date before which certificate is invalid.
Issued string
Issuer string
KeySize string
KeyType string
KeyUsages []string: Detailed key usage descriptions can be found in RFC 5280.
Locality string: Locality Name (eg, city).
Name string: Name of the certificate. Name can be edited.
Organization string: Organizational Unit Name (eg, section)
PrivateKey bool
ReqFingerprint string
Revoked string
ScepUrl string
SerialNumber string
SignViaSceps []SystemCertificateSignViaScepArgs
Signs []SystemCertificateSignArgs
Skid string: Subject Key Identifier.
SmartCardKey string
State string: State or Province Name (full name).
Status string: Shows current status of scep client.
SubjectAltName string: SANs (subject alternative names).
SystemCertificateId string: The ID of this resource.
Trusted bool: If set to yes certificate is included 'in trusted certificate chain'.
Unit string: Organizational Unit Name (eg, section).
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ String: A set of transformations for field names. This is an internal service field, setting a value is not required.
akid String: Authority Key Identifier.
authority String
ca String
caCrlHost String
caFingerprint String
challengePassword String: A challenge password for scep client.
commonName String: Common Name (e.g. server FQDN or YOUR name).
copyFrom String
country String: Country Name (2 letter code).
crl String
daysValid Double: Certificate lifetime.
digestAlgorithm Boolean
dsa Boolean
expired Boolean: Set to true if certificate is expired.
expiresAfter String
fingerprint String
import_ SystemCertificateImport
invalidAfter String: The date after which certificate wil be invalid.
invalidBefore String: The date before which certificate is invalid.
issued String
issuer String
keySize String
keyType String
keyUsages List<String>: Detailed key usage descriptions can be found in RFC 5280.
locality String: Locality Name (eg, city).
name String: Name of the certificate. Name can be edited.
organization String: Organizational Unit Name (eg, section)
privateKey Boolean
reqFingerprint String
revoked String
scepUrl String
serialNumber String
signViaSceps List<SystemCertificateSignViaScep>
signs List<SystemCertificateSign>
skid String: Subject Key Identifier.
smartCardKey String
state String: State or Province Name (full name).
status String: Shows current status of scep client.
subjectAltName String: SANs (subject alternative names).
systemCertificateId String: The ID of this resource.
trusted Boolean: If set to yes certificate is included 'in trusted certificate chain'.
unit String: Organizational Unit Name (eg, section).

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.
akid string: Authority Key Identifier.
authority string
ca string
caCrlHost string
caFingerprint string
challengePassword string: A challenge password for scep client.
commonName string: Common Name (e.g. server FQDN or YOUR name).
copyFrom string
country string: Country Name (2 letter code).
crl string
daysValid number: Certificate lifetime.
digestAlgorithm boolean
dsa boolean
expired boolean: Set to true if certificate is expired.
expiresAfter string
fingerprint string
import SystemCertificateImport
invalidAfter string: The date after which certificate wil be invalid.
invalidBefore string: The date before which certificate is invalid.
issued string
issuer string
keySize string
keyType string
keyUsages string[]: Detailed key usage descriptions can be found in RFC 5280.
locality string: Locality Name (eg, city).
name string: Name of the certificate. Name can be edited.
organization string: Organizational Unit Name (eg, section)
privateKey boolean
reqFingerprint string
revoked string
scepUrl string
serialNumber string
signViaSceps SystemCertificateSignViaScep[]
signs SystemCertificateSign[]
skid string: Subject Key Identifier.
smartCardKey string
state string: State or Province Name (full name).
status string: Shows current status of scep client.
subjectAltName string: SANs (subject alternative names).
systemCertificateId string: The ID of this resource.
trusted boolean: If set to yes certificate is included 'in trusted certificate chain'.
unit string: Organizational Unit Name (eg, section).

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ str: A set of transformations for field names. This is an internal service field, setting a value is not required.
akid str: Authority Key Identifier.
authority str
ca str
ca_crl_host str
ca_fingerprint str
challenge_password str: A challenge password for scep client.
common_name str: Common Name (e.g. server FQDN or YOUR name).
copy_from str
country str: Country Name (2 letter code).
crl str
days_valid float: Certificate lifetime.
digest_algorithm bool
dsa bool
expired bool: Set to true if certificate is expired.
expires_after str
fingerprint str
import_ SystemCertificateImportArgs
invalid_after str: The date after which certificate wil be invalid.
invalid_before str: The date before which certificate is invalid.
issued str
issuer str
key_size str
key_type str
key_usages Sequence[str]: Detailed key usage descriptions can be found in RFC 5280.
locality str: Locality Name (eg, city).
name str: Name of the certificate. Name can be edited.
organization str: Organizational Unit Name (eg, section)
private_key bool
req_fingerprint str
revoked str
scep_url str
serial_number str
sign_via_sceps Sequence[SystemCertificateSignViaScepArgs]
signs Sequence[SystemCertificateSignArgs]
skid str: Subject Key Identifier.
smart_card_key str
state str: State or Province Name (full name).
status str: Shows current status of scep client.
subject_alt_name str: SANs (subject alternative names).
system_certificate_id str: The ID of this resource.
trusted bool: If set to yes certificate is included 'in trusted certificate chain'.
unit str: Organizational Unit Name (eg, section).

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ String: A set of transformations for field names. This is an internal service field, setting a value is not required.
akid String: Authority Key Identifier.
authority String
ca String
caCrlHost String
caFingerprint String
challengePassword String: A challenge password for scep client.
commonName String: Common Name (e.g. server FQDN or YOUR name).
copyFrom String
country String: Country Name (2 letter code).
crl String
daysValid Number: Certificate lifetime.
digestAlgorithm Boolean
dsa Boolean
expired Boolean: Set to true if certificate is expired.
expiresAfter String
fingerprint String
import Property Map
invalidAfter String: The date after which certificate wil be invalid.
invalidBefore String: The date before which certificate is invalid.
issued String
issuer String
keySize String
keyType String
keyUsages List<String>: Detailed key usage descriptions can be found in RFC 5280.
locality String: Locality Name (eg, city).
name String: Name of the certificate. Name can be edited.
organization String: Organizational Unit Name (eg, section)
privateKey Boolean
reqFingerprint String
revoked String
scepUrl String
serialNumber String
signViaSceps List<Property Map>
signs List<Property Map>
skid String: Subject Key Identifier.
smartCardKey String
state String: State or Province Name (full name).
status String: Shows current status of scep client.
subjectAltName String: SANs (subject alternative names).
systemCertificateId String: The ID of this resource.
trusted Boolean: If set to yes certificate is included 'in trusted certificate chain'.
unit String: Organizational Unit Name (eg, section).

Supporting Types

SystemCertificateImport, SystemCertificateImportArgs

CertFileContent string: Certificate in PEM format.
CertFileName string: Certificate file name that will be imported.
KeyFileContent string: Key in PEM format.
KeyFileName string: Key file name that will be imported.
Passphrase string: File passphrase if there is such.

CertFileContent string: Certificate in PEM format.
CertFileName string: Certificate file name that will be imported.
KeyFileContent string: Key in PEM format.
KeyFileName string: Key file name that will be imported.
Passphrase string: File passphrase if there is such.

certFileContent String: Certificate in PEM format.
certFileName String: Certificate file name that will be imported.
keyFileContent String: Key in PEM format.
keyFileName String: Key file name that will be imported.
passphrase String: File passphrase if there is such.

certFileContent string: Certificate in PEM format.
certFileName string: Certificate file name that will be imported.
keyFileContent string: Key in PEM format.
keyFileName string: Key file name that will be imported.
passphrase string: File passphrase if there is such.

cert_file_content str: Certificate in PEM format.
cert_file_name str: Certificate file name that will be imported.
key_file_content str: Key in PEM format.
key_file_name str: Key file name that will be imported.
passphrase str: File passphrase if there is such.

certFileContent String: Certificate in PEM format.
certFileName String: Certificate file name that will be imported.
keyFileContent String: Key in PEM format.
keyFileName String: Key file name that will be imported.
passphrase String: File passphrase if there is such.

SystemCertificateSign, SystemCertificateSignArgs

Ca string: Which CA to use if signing issued certificates.
CaCrlHost string: CRL host if issuing CA certificate.

Ca string: Which CA to use if signing issued certificates.
CaCrlHost string: CRL host if issuing CA certificate.

ca String: Which CA to use if signing issued certificates.
caCrlHost String: CRL host if issuing CA certificate.

ca string: Which CA to use if signing issued certificates.
caCrlHost string: CRL host if issuing CA certificate.

ca str: Which CA to use if signing issued certificates.
ca_crl_host str: CRL host if issuing CA certificate.

ca String: Which CA to use if signing issued certificates.
caCrlHost String: CRL host if issuing CA certificate.

SystemCertificateSignViaScep, SystemCertificateSignViaScepArgs

ScepUrl string: HTTP URL to the SCEP server.
CaIdentity string: SCEP CA identity.
ChallengePassword string: A challenge password.
OnSmartCard bool: Whether to store a private key on smart card if hardware supports it.
Refresh bool: Check certificate expiration and refresh it if expired.

ScepUrl string: HTTP URL to the SCEP server.
CaIdentity string: SCEP CA identity.
ChallengePassword string: A challenge password.
OnSmartCard bool: Whether to store a private key on smart card if hardware supports it.
Refresh bool: Check certificate expiration and refresh it if expired.

scepUrl String: HTTP URL to the SCEP server.
caIdentity String: SCEP CA identity.
challengePassword String: A challenge password.
onSmartCard Boolean: Whether to store a private key on smart card if hardware supports it.
refresh Boolean: Check certificate expiration and refresh it if expired.

scepUrl string: HTTP URL to the SCEP server.
caIdentity string: SCEP CA identity.
challengePassword string: A challenge password.
onSmartCard boolean: Whether to store a private key on smart card if hardware supports it.
refresh boolean: Check certificate expiration and refresh it if expired.

scep_url str: HTTP URL to the SCEP server.
ca_identity str: SCEP CA identity.
challenge_password str: A challenge password.
on_smart_card bool: Whether to store a private key on smart card if hardware supports it.
refresh bool: Check certificate expiration and refresh it if expired.

scepUrl String: HTTP URL to the SCEP server.
caIdentity String: SCEP CA identity.
challengePassword String: A challenge password.
onSmartCard Boolean: Whether to store a private key on smart card if hardware supports it.
refresh Boolean: Check certificate expiration and refresh it if expired.

Import

#The ID can be found via API or the terminal

#The command for the terminal is -> :put [/certificate get [print show-ids]]

#If you plan to manipulate the certificate requiring signing, you need to correctly fill in the sign{} section.

#Changes in the sign{} section will not cause changes in the certificate. It’s not a bug, it’s a feature!

$ pulumi import routeros:index/systemCertificate:SystemCertificate client *9D

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: routeros terraform-routeros/terraform-provider-routeros
License
Notes: This Pulumi package is based on the routeros Terraform Provider.

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.SystemCertificate

On this page

On this page

# routeros.SystemCertificate (Resource)

Create SystemCertificate Resource

Constructor syntax

Parameters

SystemCertificate Resource Properties

Inputs

Outputs

Look up Existing SystemCertificate Resource

Supporting Types

SystemCertificateImport, SystemCertificateImportArgs

SystemCertificateSign, SystemCertificateSignArgs

SystemCertificateSignViaScep, SystemCertificateSignViaScepArgs

Import

Package Details

On this page

On this page