TLS v4.11.0, Sep 18 23

TLS v4.11.0 published on Monday, Sep 18, 2023 by Pulumi

tls.SelfSignedCert

Explore with Pulumi AI

TLS v4.11.0 published on Monday, Sep 18, 2023 by Pulumi

Create SelfSignedCert Resource

new SelfSignedCert(name: string, args: SelfSignedCertArgs, opts?: CustomResourceOptions);

@overload
def SelfSignedCert(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   allowed_uses: Optional[Sequence[str]] = None,
                   dns_names: Optional[Sequence[str]] = None,
                   early_renewal_hours: Optional[int] = None,
                   ip_addresses: Optional[Sequence[str]] = None,
                   is_ca_certificate: Optional[bool] = None,
                   key_algorithm: Optional[str] = None,
                   private_key_pem: Optional[str] = None,
                   set_authority_key_id: Optional[bool] = None,
                   set_subject_key_id: Optional[bool] = None,
                   subject: Optional[SelfSignedCertSubjectArgs] = None,
                   uris: Optional[Sequence[str]] = None,
                   validity_period_hours: Optional[int] = None)
@overload
def SelfSignedCert(resource_name: str,
                   args: SelfSignedCertArgs,
                   opts: Optional[ResourceOptions] = None)

func NewSelfSignedCert(ctx *Context, name string, args SelfSignedCertArgs, opts ...ResourceOption) (*SelfSignedCert, error)

public SelfSignedCert(string name, SelfSignedCertArgs args, CustomResourceOptions? opts = null)

public SelfSignedCert(String name, SelfSignedCertArgs args)
public SelfSignedCert(String name, SelfSignedCertArgs args, CustomResourceOptions options)

type: tls:SelfSignedCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SelfSignedCertArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SelfSignedCertArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SelfSignedCertArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SelfSignedCertArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SelfSignedCertArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

SelfSignedCert Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SelfSignedCert resource accepts the following input properties:

AllowedUses List<string>

List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.

PrivateKeyPem string

Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.

ValidityPeriodHours int

Number of hours, after initial issuing, that the certificate will remain valid for.

DnsNames List<string>

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

EarlyRenewalHours int

The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the early renewal period. (default: 0)

IpAddresses List<string>

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

IsCaCertificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

KeyAlgorithm string

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

SetAuthorityKeyId bool

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

SetSubjectKeyId bool

Should the generated certificate include a subject key identifier (default: false).

Subject SelfSignedCertSubject

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

Uris List<string>

List of URIs for which a certificate is being requested (i.e. certificate subjects).

AllowedUses []string

PrivateKeyPem string

ValidityPeriodHours int

Number of hours, after initial issuing, that the certificate will remain valid for.

DnsNames []string

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

EarlyRenewalHours int

IpAddresses []string

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

IsCaCertificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

KeyAlgorithm string

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

SetAuthorityKeyId bool

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

SetSubjectKeyId bool

Should the generated certificate include a subject key identifier (default: false).

Subject SelfSignedCertSubjectArgs

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

Uris []string

List of URIs for which a certificate is being requested (i.e. certificate subjects).

allowedUses List<String>

privateKeyPem String

validityPeriodHours Integer

Number of hours, after initial issuing, that the certificate will remain valid for.

dnsNames List<String>

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

earlyRenewalHours Integer

ipAddresses List<String>

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

isCaCertificate Boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

keyAlgorithm String

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

setAuthorityKeyId Boolean

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

setSubjectKeyId Boolean

Should the generated certificate include a subject key identifier (default: false).

subject SelfSignedCertSubject

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

uris List<String>

List of URIs for which a certificate is being requested (i.e. certificate subjects).

allowedUses string[]

privateKeyPem string

validityPeriodHours number

Number of hours, after initial issuing, that the certificate will remain valid for.

dnsNames string[]

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

earlyRenewalHours number

ipAddresses string[]

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

isCaCertificate boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

keyAlgorithm string

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

setAuthorityKeyId boolean

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

setSubjectKeyId boolean

Should the generated certificate include a subject key identifier (default: false).

subject SelfSignedCertSubject

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

uris string[]

List of URIs for which a certificate is being requested (i.e. certificate subjects).

allowed_uses Sequence[str]

private_key_pem str

validity_period_hours int

Number of hours, after initial issuing, that the certificate will remain valid for.

dns_names Sequence[str]

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

early_renewal_hours int

ip_addresses Sequence[str]

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

is_ca_certificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

key_algorithm str

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

set_authority_key_id bool

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

set_subject_key_id bool

Should the generated certificate include a subject key identifier (default: false).

subject SelfSignedCertSubjectArgs

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

uris Sequence[str]

List of URIs for which a certificate is being requested (i.e. certificate subjects).

allowedUses List<String>

privateKeyPem String

validityPeriodHours Number

Number of hours, after initial issuing, that the certificate will remain valid for.

dnsNames List<String>

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

earlyRenewalHours Number

ipAddresses List<String>

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

isCaCertificate Boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

keyAlgorithm String

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

setAuthorityKeyId Boolean

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

setSubjectKeyId Boolean

Should the generated certificate include a subject key identifier (default: false).

subject Property Map

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

uris List<String>

List of URIs for which a certificate is being requested (i.e. certificate subjects).

Outputs

All input properties are implicitly available as output properties. Additionally, the SelfSignedCert resource produces the following output properties:

CertPem string: Certificate data in PEM (RFC 1421).
Id string: The provider-assigned unique ID for this managed resource.
ReadyForRenewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
ValidityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

CertPem string: Certificate data in PEM (RFC 1421).
Id string: The provider-assigned unique ID for this managed resource.
ReadyForRenewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
ValidityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

certPem String: Certificate data in PEM (RFC 1421).
id String: The provider-assigned unique ID for this managed resource.
readyForRenewal Boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime String: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime String: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

certPem string: Certificate data in PEM (RFC 1421).
id string: The provider-assigned unique ID for this managed resource.
readyForRenewal boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime string: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime string: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

cert_pem str: Certificate data in PEM (RFC 1421).
id str: The provider-assigned unique ID for this managed resource.
ready_for_renewal bool: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validity_end_time str: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validity_start_time str: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

certPem String: Certificate data in PEM (RFC 1421).
id String: The provider-assigned unique ID for this managed resource.
readyForRenewal Boolean: Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime String: The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime String: The time after which the certificate is valid, expressed as an RFC3339 timestamp.

Look up Existing SelfSignedCert Resource

Get an existing SelfSignedCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SelfSignedCertState, opts?: CustomResourceOptions): SelfSignedCert

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_uses: Optional[Sequence[str]] = None,
        cert_pem: Optional[str] = None,
        dns_names: Optional[Sequence[str]] = None,
        early_renewal_hours: Optional[int] = None,
        ip_addresses: Optional[Sequence[str]] = None,
        is_ca_certificate: Optional[bool] = None,
        key_algorithm: Optional[str] = None,
        private_key_pem: Optional[str] = None,
        ready_for_renewal: Optional[bool] = None,
        set_authority_key_id: Optional[bool] = None,
        set_subject_key_id: Optional[bool] = None,
        subject: Optional[SelfSignedCertSubjectArgs] = None,
        uris: Optional[Sequence[str]] = None,
        validity_end_time: Optional[str] = None,
        validity_period_hours: Optional[int] = None,
        validity_start_time: Optional[str] = None) -> SelfSignedCert

func GetSelfSignedCert(ctx *Context, name string, id IDInput, state *SelfSignedCertState, opts ...ResourceOption) (*SelfSignedCert, error)

public static SelfSignedCert Get(string name, Input<string> id, SelfSignedCertState? state, CustomResourceOptions? opts = null)

public static SelfSignedCert get(String name, Output<String> id, SelfSignedCertState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedUses List<string>

CertPem string

Certificate data in PEM (RFC 1421).

DnsNames List<string>

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

EarlyRenewalHours int

IpAddresses List<string>

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

IsCaCertificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

KeyAlgorithm string

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

PrivateKeyPem string

ReadyForRenewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

SetAuthorityKeyId bool

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

SetSubjectKeyId bool

Should the generated certificate include a subject key identifier (default: false).

Subject SelfSignedCertSubject

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

Uris List<string>

List of URIs for which a certificate is being requested (i.e. certificate subjects).

ValidityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

ValidityPeriodHours int

Number of hours, after initial issuing, that the certificate will remain valid for.

ValidityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

AllowedUses []string

CertPem string

Certificate data in PEM (RFC 1421).

DnsNames []string

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

EarlyRenewalHours int

IpAddresses []string

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

IsCaCertificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

KeyAlgorithm string

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

PrivateKeyPem string

ReadyForRenewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

SetAuthorityKeyId bool

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

SetSubjectKeyId bool

Should the generated certificate include a subject key identifier (default: false).

Subject SelfSignedCertSubjectArgs

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

Uris []string

List of URIs for which a certificate is being requested (i.e. certificate subjects).

ValidityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

ValidityPeriodHours int

Number of hours, after initial issuing, that the certificate will remain valid for.

ValidityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses List<String>

certPem String

Certificate data in PEM (RFC 1421).

dnsNames List<String>

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

earlyRenewalHours Integer

ipAddresses List<String>

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

isCaCertificate Boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

keyAlgorithm String

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

privateKeyPem String

readyForRenewal Boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

setAuthorityKeyId Boolean

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

setSubjectKeyId Boolean

Should the generated certificate include a subject key identifier (default: false).

subject SelfSignedCertSubject

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

uris List<String>

List of URIs for which a certificate is being requested (i.e. certificate subjects).

validityEndTime String

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityPeriodHours Integer

Number of hours, after initial issuing, that the certificate will remain valid for.

validityStartTime String

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses string[]

certPem string

Certificate data in PEM (RFC 1421).

dnsNames string[]

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

earlyRenewalHours number

ipAddresses string[]

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

isCaCertificate boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

keyAlgorithm string

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

privateKeyPem string

readyForRenewal boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

setAuthorityKeyId boolean

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

setSubjectKeyId boolean

Should the generated certificate include a subject key identifier (default: false).

subject SelfSignedCertSubject

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

uris string[]

List of URIs for which a certificate is being requested (i.e. certificate subjects).

validityEndTime string

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityPeriodHours number

Number of hours, after initial issuing, that the certificate will remain valid for.

validityStartTime string

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowed_uses Sequence[str]

cert_pem str

Certificate data in PEM (RFC 1421).

dns_names Sequence[str]

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

early_renewal_hours int

ip_addresses Sequence[str]

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

is_ca_certificate bool

Is the generated certificate representing a Certificate Authority (CA) (default: false).

key_algorithm str

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

private_key_pem str

ready_for_renewal bool

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

set_authority_key_id bool

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

set_subject_key_id bool

Should the generated certificate include a subject key identifier (default: false).

subject SelfSignedCertSubjectArgs

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

uris Sequence[str]

List of URIs for which a certificate is being requested (i.e. certificate subjects).

validity_end_time str

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validity_period_hours int

Number of hours, after initial issuing, that the certificate will remain valid for.

validity_start_time str

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

allowedUses List<String>

certPem String

Certificate data in PEM (RFC 1421).

dnsNames List<String>

List of DNS names for which a certificate is being requested (i.e. certificate subjects).

earlyRenewalHours Number

ipAddresses List<String>

List of IP addresses for which a certificate is being requested (i.e. certificate subjects).

isCaCertificate Boolean

Is the generated certificate representing a Certificate Authority (CA) (default: false).

keyAlgorithm String

Name of the algorithm used when generating the private key provided in private_key_pem. NOTE: this is deprecated and ignored, as the key algorithm is now inferred from the key.

Deprecated:

This is now ignored, as the key algorithm is inferred from the private_key_pem.

privateKeyPem String

readyForRenewal Boolean

Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?

setAuthorityKeyId Boolean

Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).

setSubjectKeyId Boolean

Should the generated certificate include a subject key identifier (default: false).

subject Property Map

The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.

uris List<String>

List of URIs for which a certificate is being requested (i.e. certificate subjects).

validityEndTime String

The time until which the certificate is invalid, expressed as an RFC3339 timestamp.

validityPeriodHours Number

Number of hours, after initial issuing, that the certificate will remain valid for.

validityStartTime String

The time after which the certificate is valid, expressed as an RFC3339 timestamp.

Supporting Types

SelfSignedCertSubject, SelfSignedCertSubjectArgs

CommonName string: Distinguished name: CN
Country string: Distinguished name: C
Locality string: Distinguished name: L
Organization string: Distinguished name: O
OrganizationalUnit string: Distinguished name: OU
PostalCode string: Distinguished name: PC
Province string: Distinguished name: ST
SerialNumber string: Distinguished name: SERIALNUMBER
StreetAddresses List<string>: Distinguished name: STREET

CommonName string: Distinguished name: CN
Country string: Distinguished name: C
Locality string: Distinguished name: L
Organization string: Distinguished name: O
OrganizationalUnit string: Distinguished name: OU
PostalCode string: Distinguished name: PC
Province string: Distinguished name: ST
SerialNumber string: Distinguished name: SERIALNUMBER
StreetAddresses []string: Distinguished name: STREET

commonName String: Distinguished name: CN
country String: Distinguished name: C
locality String: Distinguished name: L
organization String: Distinguished name: O
organizationalUnit String: Distinguished name: OU
postalCode String: Distinguished name: PC
province String: Distinguished name: ST
serialNumber String: Distinguished name: SERIALNUMBER
streetAddresses List<String>: Distinguished name: STREET

commonName string: Distinguished name: CN
country string: Distinguished name: C
locality string: Distinguished name: L
organization string: Distinguished name: O
organizationalUnit string: Distinguished name: OU
postalCode string: Distinguished name: PC
province string: Distinguished name: ST
serialNumber string: Distinguished name: SERIALNUMBER
streetAddresses string[]: Distinguished name: STREET

common_name str: Distinguished name: CN
country str: Distinguished name: C
locality str: Distinguished name: L
organization str: Distinguished name: O
organizational_unit str: Distinguished name: OU
postal_code str: Distinguished name: PC
province str: Distinguished name: ST
serial_number str: Distinguished name: SERIALNUMBER
street_addresses Sequence[str]: Distinguished name: STREET

commonName String: Distinguished name: CN
country String: Distinguished name: C
locality String: Distinguished name: L
organization String: Distinguished name: O
organizationalUnit String: Distinguished name: OU
postalCode String: Distinguished name: PC
province String: Distinguished name: ST
serialNumber String: Distinguished name: SERIALNUMBER
streetAddresses List<String>: Distinguished name: STREET

Package Details

Repository: TLS pulumi/pulumi-tls
License: Apache-2.0
Notes: This Pulumi package is based on the tls Terraform Provider.

TLS v4.11.0 published on Monday, Sep 18, 2023 by Pulumi

pulumi/pulumi-tls

tls.SelfSignedCert

On this page

On this page

Create SelfSignedCert Resource

SelfSignedCert Resource Properties

Inputs

Outputs

Look up Existing SelfSignedCert Resource

Supporting Types

SelfSignedCertSubject, SelfSignedCertSubjectArgs

Package Details

On this page

On this page