1. Pulumi Registry
  2. TLS
  3. API Docs
  4. LocallySignedCert
tls logo
TLS v4.10.0, Feb 15 23

tls.LocallySignedCert

Create LocallySignedCert Resource

new LocallySignedCert(name: string, args: LocallySignedCertArgs, opts?: CustomResourceOptions);
@overload
def LocallySignedCert(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      allowed_uses: Optional[Sequence[str]] = None,
                      ca_cert_pem: Optional[str] = None,
                      ca_key_algorithm: Optional[str] = None,
                      ca_private_key_pem: Optional[str] = None,
                      cert_request_pem: Optional[str] = None,
                      early_renewal_hours: Optional[int] = None,
                      is_ca_certificate: Optional[bool] = None,
                      set_subject_key_id: Optional[bool] = None,
                      validity_period_hours: Optional[int] = None)
@overload
def LocallySignedCert(resource_name: str,
                      args: LocallySignedCertArgs,
                      opts: Optional[ResourceOptions] = None)
func NewLocallySignedCert(ctx *Context, name string, args LocallySignedCertArgs, opts ...ResourceOption) (*LocallySignedCert, error)
public LocallySignedCert(string name, LocallySignedCertArgs args, CustomResourceOptions? opts = null)
public LocallySignedCert(String name, LocallySignedCertArgs args)
public LocallySignedCert(String name, LocallySignedCertArgs args, CustomResourceOptions options)

type: tls:LocallySignedCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
name string
The unique name of the resource.
args LocallySignedCertArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args LocallySignedCertArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args LocallySignedCertArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args LocallySignedCertArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args LocallySignedCertArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

LocallySignedCert Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The LocallySignedCert resource accepts the following input properties:

AllowedUses List<string>

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

CaCertPem string

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

CaPrivateKeyPem string

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

CertRequestPem string

Certificate request data in PEM (RFC 1421) format.

ValidityPeriodHours int

Number of hours, after initial issuing, that the certificate will remain valid for.

CaKeyAlgorithm string

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

EarlyRenewalHours int

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

IsCaCertificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

SetSubjectKeyId bool

Should the generated certificate include a subject key identifier (default: false).

AllowedUses []string

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

CaCertPem string

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

CaPrivateKeyPem string

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

CertRequestPem string

Certificate request data in PEM (RFC 1421) format.

ValidityPeriodHours int

Number of hours, after initial issuing, that the certificate will remain valid for.

CaKeyAlgorithm string

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

EarlyRenewalHours int

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

IsCaCertificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

SetSubjectKeyId bool

Should the generated certificate include a subject key identifier (default: false).

allowedUses List<String>

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

caCertPem String

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

caPrivateKeyPem String

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

certRequestPem String

Certificate request data in PEM (RFC 1421) format.

validityPeriodHours Integer

Number of hours, after initial issuing, that the certificate will remain valid for.

caKeyAlgorithm String

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

earlyRenewalHours Integer

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

isCaCertificate Boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

setSubjectKeyId Boolean

Should the generated certificate include a subject key identifier (default: false).

allowedUses string[]

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

caCertPem string

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

caPrivateKeyPem string

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

certRequestPem string

Certificate request data in PEM (RFC 1421) format.

validityPeriodHours number

Number of hours, after initial issuing, that the certificate will remain valid for.

caKeyAlgorithm string

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

earlyRenewalHours number

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

isCaCertificate boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

setSubjectKeyId boolean

Should the generated certificate include a subject key identifier (default: false).

allowed_uses Sequence[str]

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

ca_cert_pem str

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

ca_private_key_pem str

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

cert_request_pem str

Certificate request data in PEM (RFC 1421) format.

validity_period_hours int

Number of hours, after initial issuing, that the certificate will remain valid for.

ca_key_algorithm str

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

early_renewal_hours int

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

is_ca_certificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

set_subject_key_id bool

Should the generated certificate include a subject key identifier (default: false).

allowedUses List<String>

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

caCertPem String

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

caPrivateKeyPem String

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

certRequestPem String

Certificate request data in PEM (RFC 1421) format.

validityPeriodHours Number

Number of hours, after initial issuing, that the certificate will remain valid for.

caKeyAlgorithm String

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

earlyRenewalHours Number

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

isCaCertificate Boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

setSubjectKeyId Boolean

Should the generated certificate include a subject key identifier (default: false).

Outputs

All input properties are implicitly available as output properties. Additionally, the LocallySignedCert resource produces the following output properties:

CertPem string

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

Id string

The provider-assigned unique ID for this managed resource.

ReadyForRenewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

ValidityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

ValidityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

CertPem string

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

Id string

The provider-assigned unique ID for this managed resource.

ReadyForRenewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

ValidityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

ValidityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

certPem String

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

id String

The provider-assigned unique ID for this managed resource.

readyForRenewal Boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

validityEndTime String

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityStartTime String

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

certPem string

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

id string

The provider-assigned unique ID for this managed resource.

readyForRenewal boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

validityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

cert_pem str

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

id str

The provider-assigned unique ID for this managed resource.

ready_for_renewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

validity_end_time str

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validity_start_time str

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

certPem String

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

id String

The provider-assigned unique ID for this managed resource.

readyForRenewal Boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

validityEndTime String

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityStartTime String

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

Look up Existing LocallySignedCert Resource

Get an existing LocallySignedCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: LocallySignedCertState, opts?: CustomResourceOptions): LocallySignedCert
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_uses: Optional[Sequence[str]] = None,
        ca_cert_pem: Optional[str] = None,
        ca_key_algorithm: Optional[str] = None,
        ca_private_key_pem: Optional[str] = None,
        cert_pem: Optional[str] = None,
        cert_request_pem: Optional[str] = None,
        early_renewal_hours: Optional[int] = None,
        is_ca_certificate: Optional[bool] = None,
        ready_for_renewal: Optional[bool] = None,
        set_subject_key_id: Optional[bool] = None,
        validity_end_time: Optional[str] = None,
        validity_period_hours: Optional[int] = None,
        validity_start_time: Optional[str] = None) -> LocallySignedCert
func GetLocallySignedCert(ctx *Context, name string, id IDInput, state *LocallySignedCertState, opts ...ResourceOption) (*LocallySignedCert, error)
public static LocallySignedCert Get(string name, Input<string> id, LocallySignedCertState? state, CustomResourceOptions? opts = null)
public static LocallySignedCert get(String name, Output<String> id, LocallySignedCertState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AllowedUses List<string>

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

CaCertPem string

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

CaKeyAlgorithm string

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

CaPrivateKeyPem string

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

CertPem string

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

CertRequestPem string

Certificate request data in PEM (RFC 1421) format.

EarlyRenewalHours int

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

IsCaCertificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

ReadyForRenewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

SetSubjectKeyId bool

Should the generated certificate include a subject key identifier (default: false).

ValidityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

ValidityPeriodHours int

Number of hours, after initial issuing, that the certificate will remain valid for.

ValidityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

AllowedUses []string

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

CaCertPem string

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

CaKeyAlgorithm string

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

CaPrivateKeyPem string

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

CertPem string

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

CertRequestPem string

Certificate request data in PEM (RFC 1421) format.

EarlyRenewalHours int

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

IsCaCertificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

ReadyForRenewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

SetSubjectKeyId bool

Should the generated certificate include a subject key identifier (default: false).

ValidityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

ValidityPeriodHours int

Number of hours, after initial issuing, that the certificate will remain valid for.

ValidityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses List<String>

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

caCertPem String

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

caKeyAlgorithm String

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

caPrivateKeyPem String

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

certPem String

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

certRequestPem String

Certificate request data in PEM (RFC 1421) format.

earlyRenewalHours Integer

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

isCaCertificate Boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

readyForRenewal Boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

setSubjectKeyId Boolean

Should the generated certificate include a subject key identifier (default: false).

validityEndTime String

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityPeriodHours Integer

Number of hours, after initial issuing, that the certificate will remain valid for.

validityStartTime String

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses string[]

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

caCertPem string

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

caKeyAlgorithm string

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

caPrivateKeyPem string

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

certPem string

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

certRequestPem string

Certificate request data in PEM (RFC 1421) format.

earlyRenewalHours number

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

isCaCertificate boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

readyForRenewal boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

setSubjectKeyId boolean

Should the generated certificate include a subject key identifier (default: false).

validityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityPeriodHours number

Number of hours, after initial issuing, that the certificate will remain valid for.

validityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowed_uses Sequence[str]

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

ca_cert_pem str

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

ca_key_algorithm str

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

ca_private_key_pem str

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

cert_pem str

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

cert_request_pem str

Certificate request data in PEM (RFC 1421) format.

early_renewal_hours int

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

is_ca_certificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

ready_for_renewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

set_subject_key_id bool

Should the generated certificate include a subject key identifier (default: false).

validity_end_time str

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validity_period_hours int

Number of hours, after initial issuing, that the certificate will remain valid for.

validity_start_time str

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses List<String>

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

caCertPem String

Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.

caKeyAlgorithm String

Name of the algorithm used when generating the private key provided in ca_private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the ca_private_key_pem.

caPrivateKeyPem String

Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.

certPem String

Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().

certRequestPem String

Certificate request data in PEM (RFC 1421) format.

earlyRenewalHours Number

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

isCaCertificate Boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

readyForRenewal Boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

setSubjectKeyId Boolean

Should the generated certificate include a subject key identifier (default: false).

validityEndTime String

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityPeriodHours Number

Number of hours, after initial issuing, that the certificate will remain valid for.

validityStartTime String

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

Package Details

Repository
TLS pulumi/pulumi-tls
License
Apache-2.0
Notes

This Pulumi package is based on the tls Terraform Provider.