1. Packages
  2. TLS
  3. API Docs
  4. SelfSignedCert
TLS v5.0.0 published on Monday, Dec 4, 2023 by Pulumi

tls.SelfSignedCert

Explore with Pulumi AI

tls logo
TLS v5.0.0 published on Monday, Dec 4, 2023 by Pulumi

    Create SelfSignedCert Resource

    new SelfSignedCert(name: string, args: SelfSignedCertArgs, opts?: CustomResourceOptions);
    @overload
    def SelfSignedCert(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       allowed_uses: Optional[Sequence[str]] = None,
                       dns_names: Optional[Sequence[str]] = None,
                       early_renewal_hours: Optional[int] = None,
                       ip_addresses: Optional[Sequence[str]] = None,
                       is_ca_certificate: Optional[bool] = None,
                       private_key_pem: Optional[str] = None,
                       set_authority_key_id: Optional[bool] = None,
                       set_subject_key_id: Optional[bool] = None,
                       subject: Optional[SelfSignedCertSubjectArgs] = None,
                       uris: Optional[Sequence[str]] = None,
                       validity_period_hours: Optional[int] = None)
    @overload
    def SelfSignedCert(resource_name: str,
                       args: SelfSignedCertArgs,
                       opts: Optional[ResourceOptions] = None)
    func NewSelfSignedCert(ctx *Context, name string, args SelfSignedCertArgs, opts ...ResourceOption) (*SelfSignedCert, error)
    public SelfSignedCert(string name, SelfSignedCertArgs args, CustomResourceOptions? opts = null)
    public SelfSignedCert(String name, SelfSignedCertArgs args)
    public SelfSignedCert(String name, SelfSignedCertArgs args, CustomResourceOptions options)
    
    type: tls:SelfSignedCert
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SelfSignedCertArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SelfSignedCertArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SelfSignedCertArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SelfSignedCertArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SelfSignedCertArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SelfSignedCert Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SelfSignedCert resource accepts the following input properties:

    AllowedUses List<string>
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    PrivateKeyPem string
    Private key in PEM (RFC 1421) interpolation function.
    ValidityPeriodHours int
    Number of hours, after initial issuing, that the certificate will remain valid for.
    DnsNames List<string>
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    EarlyRenewalHours int
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    IpAddresses List<string>
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    IsCaCertificate bool
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    SetAuthorityKeyId bool
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    SetSubjectKeyId bool
    Should the generated certificate include a subject key identifier (default: false).
    Subject SelfSignedCertSubject
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    Uris List<string>
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    AllowedUses []string
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    PrivateKeyPem string
    Private key in PEM (RFC 1421) interpolation function.
    ValidityPeriodHours int
    Number of hours, after initial issuing, that the certificate will remain valid for.
    DnsNames []string
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    EarlyRenewalHours int
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    IpAddresses []string
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    IsCaCertificate bool
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    SetAuthorityKeyId bool
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    SetSubjectKeyId bool
    Should the generated certificate include a subject key identifier (default: false).
    Subject SelfSignedCertSubjectArgs
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    Uris []string
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    allowedUses List<String>
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    privateKeyPem String
    Private key in PEM (RFC 1421) interpolation function.
    validityPeriodHours Integer
    Number of hours, after initial issuing, that the certificate will remain valid for.
    dnsNames List<String>
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    earlyRenewalHours Integer
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    ipAddresses List<String>
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    isCaCertificate Boolean
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    setAuthorityKeyId Boolean
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    setSubjectKeyId Boolean
    Should the generated certificate include a subject key identifier (default: false).
    subject SelfSignedCertSubject
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    uris List<String>
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    allowedUses string[]
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    privateKeyPem string
    Private key in PEM (RFC 1421) interpolation function.
    validityPeriodHours number
    Number of hours, after initial issuing, that the certificate will remain valid for.
    dnsNames string[]
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    earlyRenewalHours number
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    ipAddresses string[]
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    isCaCertificate boolean
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    setAuthorityKeyId boolean
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    setSubjectKeyId boolean
    Should the generated certificate include a subject key identifier (default: false).
    subject SelfSignedCertSubject
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    uris string[]
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    allowed_uses Sequence[str]
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    private_key_pem str
    Private key in PEM (RFC 1421) interpolation function.
    validity_period_hours int
    Number of hours, after initial issuing, that the certificate will remain valid for.
    dns_names Sequence[str]
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    early_renewal_hours int
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    ip_addresses Sequence[str]
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    is_ca_certificate bool
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    set_authority_key_id bool
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    set_subject_key_id bool
    Should the generated certificate include a subject key identifier (default: false).
    subject SelfSignedCertSubjectArgs
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    uris Sequence[str]
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    allowedUses List<String>
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    privateKeyPem String
    Private key in PEM (RFC 1421) interpolation function.
    validityPeriodHours Number
    Number of hours, after initial issuing, that the certificate will remain valid for.
    dnsNames List<String>
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    earlyRenewalHours Number
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    ipAddresses List<String>
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    isCaCertificate Boolean
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    setAuthorityKeyId Boolean
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    setSubjectKeyId Boolean
    Should the generated certificate include a subject key identifier (default: false).
    subject Property Map
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    uris List<String>
    List of URIs for which a certificate is being requested (i.e. certificate subjects).

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SelfSignedCert resource produces the following output properties:

    CertPem string
    Certificate data in PEM (RFC 1421).
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyAlgorithm string
    Name of the algorithm used when generating the private key provided in private_key_pem.
    ReadyForRenewal bool
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    ValidityEndTime string
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    ValidityStartTime string
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    CertPem string
    Certificate data in PEM (RFC 1421).
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyAlgorithm string
    Name of the algorithm used when generating the private key provided in private_key_pem.
    ReadyForRenewal bool
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    ValidityEndTime string
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    ValidityStartTime string
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    certPem String
    Certificate data in PEM (RFC 1421).
    id String
    The provider-assigned unique ID for this managed resource.
    keyAlgorithm String
    Name of the algorithm used when generating the private key provided in private_key_pem.
    readyForRenewal Boolean
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    validityEndTime String
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    validityStartTime String
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    certPem string
    Certificate data in PEM (RFC 1421).
    id string
    The provider-assigned unique ID for this managed resource.
    keyAlgorithm string
    Name of the algorithm used when generating the private key provided in private_key_pem.
    readyForRenewal boolean
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    validityEndTime string
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    validityStartTime string
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    cert_pem str
    Certificate data in PEM (RFC 1421).
    id str
    The provider-assigned unique ID for this managed resource.
    key_algorithm str
    Name of the algorithm used when generating the private key provided in private_key_pem.
    ready_for_renewal bool
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    validity_end_time str
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    validity_start_time str
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    certPem String
    Certificate data in PEM (RFC 1421).
    id String
    The provider-assigned unique ID for this managed resource.
    keyAlgorithm String
    Name of the algorithm used when generating the private key provided in private_key_pem.
    readyForRenewal Boolean
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    validityEndTime String
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    validityStartTime String
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.

    Look up Existing SelfSignedCert Resource

    Get an existing SelfSignedCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SelfSignedCertState, opts?: CustomResourceOptions): SelfSignedCert
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allowed_uses: Optional[Sequence[str]] = None,
            cert_pem: Optional[str] = None,
            dns_names: Optional[Sequence[str]] = None,
            early_renewal_hours: Optional[int] = None,
            ip_addresses: Optional[Sequence[str]] = None,
            is_ca_certificate: Optional[bool] = None,
            key_algorithm: Optional[str] = None,
            private_key_pem: Optional[str] = None,
            ready_for_renewal: Optional[bool] = None,
            set_authority_key_id: Optional[bool] = None,
            set_subject_key_id: Optional[bool] = None,
            subject: Optional[SelfSignedCertSubjectArgs] = None,
            uris: Optional[Sequence[str]] = None,
            validity_end_time: Optional[str] = None,
            validity_period_hours: Optional[int] = None,
            validity_start_time: Optional[str] = None) -> SelfSignedCert
    func GetSelfSignedCert(ctx *Context, name string, id IDInput, state *SelfSignedCertState, opts ...ResourceOption) (*SelfSignedCert, error)
    public static SelfSignedCert Get(string name, Input<string> id, SelfSignedCertState? state, CustomResourceOptions? opts = null)
    public static SelfSignedCert get(String name, Output<String> id, SelfSignedCertState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowedUses List<string>
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    CertPem string
    Certificate data in PEM (RFC 1421).
    DnsNames List<string>
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    EarlyRenewalHours int
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    IpAddresses List<string>
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    IsCaCertificate bool
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    KeyAlgorithm string
    Name of the algorithm used when generating the private key provided in private_key_pem.
    PrivateKeyPem string
    Private key in PEM (RFC 1421) interpolation function.
    ReadyForRenewal bool
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    SetAuthorityKeyId bool
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    SetSubjectKeyId bool
    Should the generated certificate include a subject key identifier (default: false).
    Subject SelfSignedCertSubject
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    Uris List<string>
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    ValidityEndTime string
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    ValidityPeriodHours int
    Number of hours, after initial issuing, that the certificate will remain valid for.
    ValidityStartTime string
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    AllowedUses []string
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    CertPem string
    Certificate data in PEM (RFC 1421).
    DnsNames []string
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    EarlyRenewalHours int
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    IpAddresses []string
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    IsCaCertificate bool
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    KeyAlgorithm string
    Name of the algorithm used when generating the private key provided in private_key_pem.
    PrivateKeyPem string
    Private key in PEM (RFC 1421) interpolation function.
    ReadyForRenewal bool
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    SetAuthorityKeyId bool
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    SetSubjectKeyId bool
    Should the generated certificate include a subject key identifier (default: false).
    Subject SelfSignedCertSubjectArgs
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    Uris []string
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    ValidityEndTime string
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    ValidityPeriodHours int
    Number of hours, after initial issuing, that the certificate will remain valid for.
    ValidityStartTime string
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    allowedUses List<String>
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    certPem String
    Certificate data in PEM (RFC 1421).
    dnsNames List<String>
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    earlyRenewalHours Integer
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    ipAddresses List<String>
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    isCaCertificate Boolean
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    keyAlgorithm String
    Name of the algorithm used when generating the private key provided in private_key_pem.
    privateKeyPem String
    Private key in PEM (RFC 1421) interpolation function.
    readyForRenewal Boolean
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    setAuthorityKeyId Boolean
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    setSubjectKeyId Boolean
    Should the generated certificate include a subject key identifier (default: false).
    subject SelfSignedCertSubject
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    uris List<String>
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    validityEndTime String
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    validityPeriodHours Integer
    Number of hours, after initial issuing, that the certificate will remain valid for.
    validityStartTime String
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    allowedUses string[]
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    certPem string
    Certificate data in PEM (RFC 1421).
    dnsNames string[]
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    earlyRenewalHours number
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    ipAddresses string[]
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    isCaCertificate boolean
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    keyAlgorithm string
    Name of the algorithm used when generating the private key provided in private_key_pem.
    privateKeyPem string
    Private key in PEM (RFC 1421) interpolation function.
    readyForRenewal boolean
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    setAuthorityKeyId boolean
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    setSubjectKeyId boolean
    Should the generated certificate include a subject key identifier (default: false).
    subject SelfSignedCertSubject
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    uris string[]
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    validityEndTime string
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    validityPeriodHours number
    Number of hours, after initial issuing, that the certificate will remain valid for.
    validityStartTime string
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    allowed_uses Sequence[str]
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    cert_pem str
    Certificate data in PEM (RFC 1421).
    dns_names Sequence[str]
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    early_renewal_hours int
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    ip_addresses Sequence[str]
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    is_ca_certificate bool
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    key_algorithm str
    Name of the algorithm used when generating the private key provided in private_key_pem.
    private_key_pem str
    Private key in PEM (RFC 1421) interpolation function.
    ready_for_renewal bool
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    set_authority_key_id bool
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    set_subject_key_id bool
    Should the generated certificate include a subject key identifier (default: false).
    subject SelfSignedCertSubjectArgs
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    uris Sequence[str]
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    validity_end_time str
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    validity_period_hours int
    Number of hours, after initial issuing, that the certificate will remain valid for.
    validity_start_time str
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.
    allowedUses List<String>
    List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
    certPem String
    Certificate data in PEM (RFC 1421).
    dnsNames List<String>
    List of DNS names for which a certificate is being requested (i.e. certificate subjects).
    earlyRenewalHours Number
    The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)
    ipAddresses List<String>
    List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
    isCaCertificate Boolean
    Is the generated certificate representing a Certificate Authority (CA) (default: false).
    keyAlgorithm String
    Name of the algorithm used when generating the private key provided in private_key_pem.
    privateKeyPem String
    Private key in PEM (RFC 1421) interpolation function.
    readyForRenewal Boolean
    Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
    setAuthorityKeyId Boolean
    Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
    setSubjectKeyId Boolean
    Should the generated certificate include a subject key identifier (default: false).
    subject Property Map
    The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
    uris List<String>
    List of URIs for which a certificate is being requested (i.e. certificate subjects).
    validityEndTime String
    The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
    validityPeriodHours Number
    Number of hours, after initial issuing, that the certificate will remain valid for.
    validityStartTime String
    The time after which the certificate is valid, expressed as an RFC3339 timestamp.

    Supporting Types

    SelfSignedCertSubject, SelfSignedCertSubjectArgs

    CommonName string
    Distinguished name: CN
    Country string
    Distinguished name: C
    Locality string
    Distinguished name: L
    Organization string
    Distinguished name: O
    OrganizationalUnit string
    Distinguished name: OU
    PostalCode string
    Distinguished name: PC
    Province string
    Distinguished name: ST
    SerialNumber string
    Distinguished name: SERIALNUMBER
    StreetAddresses List<string>
    Distinguished name: STREET
    CommonName string
    Distinguished name: CN
    Country string
    Distinguished name: C
    Locality string
    Distinguished name: L
    Organization string
    Distinguished name: O
    OrganizationalUnit string
    Distinguished name: OU
    PostalCode string
    Distinguished name: PC
    Province string
    Distinguished name: ST
    SerialNumber string
    Distinguished name: SERIALNUMBER
    StreetAddresses []string
    Distinguished name: STREET
    commonName String
    Distinguished name: CN
    country String
    Distinguished name: C
    locality String
    Distinguished name: L
    organization String
    Distinguished name: O
    organizationalUnit String
    Distinguished name: OU
    postalCode String
    Distinguished name: PC
    province String
    Distinguished name: ST
    serialNumber String
    Distinguished name: SERIALNUMBER
    streetAddresses List<String>
    Distinguished name: STREET
    commonName string
    Distinguished name: CN
    country string
    Distinguished name: C
    locality string
    Distinguished name: L
    organization string
    Distinguished name: O
    organizationalUnit string
    Distinguished name: OU
    postalCode string
    Distinguished name: PC
    province string
    Distinguished name: ST
    serialNumber string
    Distinguished name: SERIALNUMBER
    streetAddresses string[]
    Distinguished name: STREET
    common_name str
    Distinguished name: CN
    country str
    Distinguished name: C
    locality str
    Distinguished name: L
    organization str
    Distinguished name: O
    organizational_unit str
    Distinguished name: OU
    postal_code str
    Distinguished name: PC
    province str
    Distinguished name: ST
    serial_number str
    Distinguished name: SERIALNUMBER
    street_addresses Sequence[str]
    Distinguished name: STREET
    commonName String
    Distinguished name: CN
    country String
    Distinguished name: C
    locality String
    Distinguished name: L
    organization String
    Distinguished name: O
    organizationalUnit String
    Distinguished name: OU
    postalCode String
    Distinguished name: PC
    province String
    Distinguished name: ST
    serialNumber String
    Distinguished name: SERIALNUMBER
    streetAddresses List<String>
    Distinguished name: STREET

    Package Details

    Repository
    TLS pulumi/pulumi-tls
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the tls Terraform Provider.
    tls logo
    TLS v5.0.0 published on Monday, Dec 4, 2023 by Pulumi