fortios.vpn/certificate.Local
Explore with Pulumi AI
Local keys and certificates.
Create Local Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Local(name: string, args?: LocalArgs, opts?: CustomResourceOptions);
@overload
def Local(resource_name: str,
args: Optional[LocalArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Local(resource_name: str,
opts: Optional[ResourceOptions] = None,
acme_ca_url: Optional[str] = None,
acme_domain: Optional[str] = None,
acme_email: Optional[str] = None,
acme_renew_window: Optional[int] = None,
acme_rsa_key_size: Optional[int] = None,
auto_regenerate_days: Optional[int] = None,
auto_regenerate_days_warning: Optional[int] = None,
ca_identifier: Optional[str] = None,
certificate: Optional[str] = None,
cmp_path: Optional[str] = None,
cmp_regeneration_method: Optional[str] = None,
cmp_server: Optional[str] = None,
cmp_server_cert: Optional[str] = None,
comments: Optional[str] = None,
csr: Optional[str] = None,
enroll_protocol: Optional[str] = None,
est_ca_id: Optional[str] = None,
est_client_cert: Optional[str] = None,
est_http_password: Optional[str] = None,
est_http_username: Optional[str] = None,
est_server: Optional[str] = None,
est_server_cert: Optional[str] = None,
est_srp_password: Optional[str] = None,
est_srp_username: Optional[str] = None,
ike_localid: Optional[str] = None,
ike_localid_type: Optional[str] = None,
last_updated: Optional[int] = None,
name: Optional[str] = None,
name_encoding: Optional[str] = None,
password: Optional[str] = None,
private_key: Optional[str] = None,
private_key_retain: Optional[str] = None,
range: Optional[str] = None,
scep_password: Optional[str] = None,
scep_url: Optional[str] = None,
source: Optional[str] = None,
source_ip: Optional[str] = None,
state: Optional[str] = None,
vdomparam: Optional[str] = None)
func NewLocal(ctx *Context, name string, args *LocalArgs, opts ...ResourceOption) (*Local, error)
public Local(string name, LocalArgs? args = null, CustomResourceOptions? opts = null)
type: fortios:vpn/certificate/local:Local
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LocalArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LocalArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LocalArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LocalArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LocalArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Local Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Local resource accepts the following input properties:
- Acme
Ca stringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- Acme
Domain string - A valid domain that resolves to this Fortigate.
- Acme
Email string - Contact email address that is required by some CAs like LetsEncrypt.
- Acme
Renew intWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- Acme
Rsa intKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- Auto
Regenerate intDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- Auto
Regenerate intDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- Ca
Identifier string - CA identifier of the CA server for signing via SCEP.
- Certificate string
- PEM format certificate.
- Cmp
Path string - Path location inside CMP server.
- Cmp
Regeneration stringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - Cmp
Server string - Address and port for CMP server (format = address:port).
- Cmp
Server stringCert - CMP server certificate.
- Comments string
- Comment.
- Csr string
- Certificate Signing Request.
- Enroll
Protocol string - Certificate enrollment protocol.
- Est
Ca stringId - CA identifier of the CA server for signing via EST.
- Est
Client stringCert - Certificate used to authenticate this FortiGate to EST server.
- Est
Http stringPassword - HTTP Authentication password for signing via EST.
- Est
Http stringUsername - HTTP Authentication username for signing via EST.
- Est
Server string - Address and port for EST server (e.g. https://example.com:1234).
- Est
Server stringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- Est
Srp stringPassword - EST SRP authentication password.
- Est
Srp stringUsername - EST SRP authentication username.
- Ike
Localid string - Local ID the FortiGate uses for authentication as a VPN client.
- Ike
Localid stringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - Last
Updated int - Time at which certificate was last updated.
- Name string
- Name.
- Name
Encoding string - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - Password string
- Password as a PEM file.
- Private
Key string - PEM format key, encrypted with a password.
- Private
Key stringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - Range string
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - Scep
Password string - SCEP server challenge password for auto-regeneration.
- Scep
Url string - SCEP server URL.
- Source string
- Certificate source type.
- Source
Ip string - Source IP address for communications to the SCEP server.
- State string
- Certificate Signing Request State.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Acme
Ca stringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- Acme
Domain string - A valid domain that resolves to this Fortigate.
- Acme
Email string - Contact email address that is required by some CAs like LetsEncrypt.
- Acme
Renew intWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- Acme
Rsa intKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- Auto
Regenerate intDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- Auto
Regenerate intDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- Ca
Identifier string - CA identifier of the CA server for signing via SCEP.
- Certificate string
- PEM format certificate.
- Cmp
Path string - Path location inside CMP server.
- Cmp
Regeneration stringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - Cmp
Server string - Address and port for CMP server (format = address:port).
- Cmp
Server stringCert - CMP server certificate.
- Comments string
- Comment.
- Csr string
- Certificate Signing Request.
- Enroll
Protocol string - Certificate enrollment protocol.
- Est
Ca stringId - CA identifier of the CA server for signing via EST.
- Est
Client stringCert - Certificate used to authenticate this FortiGate to EST server.
- Est
Http stringPassword - HTTP Authentication password for signing via EST.
- Est
Http stringUsername - HTTP Authentication username for signing via EST.
- Est
Server string - Address and port for EST server (e.g. https://example.com:1234).
- Est
Server stringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- Est
Srp stringPassword - EST SRP authentication password.
- Est
Srp stringUsername - EST SRP authentication username.
- Ike
Localid string - Local ID the FortiGate uses for authentication as a VPN client.
- Ike
Localid stringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - Last
Updated int - Time at which certificate was last updated.
- Name string
- Name.
- Name
Encoding string - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - Password string
- Password as a PEM file.
- Private
Key string - PEM format key, encrypted with a password.
- Private
Key stringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - Range string
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - Scep
Password string - SCEP server challenge password for auto-regeneration.
- Scep
Url string - SCEP server URL.
- Source string
- Certificate source type.
- Source
Ip string - Source IP address for communications to the SCEP server.
- State string
- Certificate Signing Request State.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- acme
Ca StringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- acme
Domain String - A valid domain that resolves to this Fortigate.
- acme
Email String - Contact email address that is required by some CAs like LetsEncrypt.
- acme
Renew IntegerWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- acme
Rsa IntegerKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- auto
Regenerate IntegerDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- auto
Regenerate IntegerDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- ca
Identifier String - CA identifier of the CA server for signing via SCEP.
- certificate String
- PEM format certificate.
- cmp
Path String - Path location inside CMP server.
- cmp
Regeneration StringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - cmp
Server String - Address and port for CMP server (format = address:port).
- cmp
Server StringCert - CMP server certificate.
- comments String
- Comment.
- csr String
- Certificate Signing Request.
- enroll
Protocol String - Certificate enrollment protocol.
- est
Ca StringId - CA identifier of the CA server for signing via EST.
- est
Client StringCert - Certificate used to authenticate this FortiGate to EST server.
- est
Http StringPassword - HTTP Authentication password for signing via EST.
- est
Http StringUsername - HTTP Authentication username for signing via EST.
- est
Server String - Address and port for EST server (e.g. https://example.com:1234).
- est
Server StringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- est
Srp StringPassword - EST SRP authentication password.
- est
Srp StringUsername - EST SRP authentication username.
- ike
Localid String - Local ID the FortiGate uses for authentication as a VPN client.
- ike
Localid StringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - last
Updated Integer - Time at which certificate was last updated.
- name String
- Name.
- name
Encoding String - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - password String
- Password as a PEM file.
- private
Key String - PEM format key, encrypted with a password.
- private
Key StringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - range String
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - scep
Password String - SCEP server challenge password for auto-regeneration.
- scep
Url String - SCEP server URL.
- source String
- Certificate source type.
- source
Ip String - Source IP address for communications to the SCEP server.
- state String
- Certificate Signing Request State.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- acme
Ca stringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- acme
Domain string - A valid domain that resolves to this Fortigate.
- acme
Email string - Contact email address that is required by some CAs like LetsEncrypt.
- acme
Renew numberWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- acme
Rsa numberKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- auto
Regenerate numberDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- auto
Regenerate numberDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- ca
Identifier string - CA identifier of the CA server for signing via SCEP.
- certificate string
- PEM format certificate.
- cmp
Path string - Path location inside CMP server.
- cmp
Regeneration stringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - cmp
Server string - Address and port for CMP server (format = address:port).
- cmp
Server stringCert - CMP server certificate.
- comments string
- Comment.
- csr string
- Certificate Signing Request.
- enroll
Protocol string - Certificate enrollment protocol.
- est
Ca stringId - CA identifier of the CA server for signing via EST.
- est
Client stringCert - Certificate used to authenticate this FortiGate to EST server.
- est
Http stringPassword - HTTP Authentication password for signing via EST.
- est
Http stringUsername - HTTP Authentication username for signing via EST.
- est
Server string - Address and port for EST server (e.g. https://example.com:1234).
- est
Server stringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- est
Srp stringPassword - EST SRP authentication password.
- est
Srp stringUsername - EST SRP authentication username.
- ike
Localid string - Local ID the FortiGate uses for authentication as a VPN client.
- ike
Localid stringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - last
Updated number - Time at which certificate was last updated.
- name string
- Name.
- name
Encoding string - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - password string
- Password as a PEM file.
- private
Key string - PEM format key, encrypted with a password.
- private
Key stringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - range string
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - scep
Password string - SCEP server challenge password for auto-regeneration.
- scep
Url string - SCEP server URL.
- source string
- Certificate source type.
- source
Ip string - Source IP address for communications to the SCEP server.
- state string
- Certificate Signing Request State.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- acme_
ca_ strurl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- acme_
domain str - A valid domain that resolves to this Fortigate.
- acme_
email str - Contact email address that is required by some CAs like LetsEncrypt.
- acme_
renew_ intwindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- acme_
rsa_ intkey_ size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- auto_
regenerate_ intdays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- auto_
regenerate_ intdays_ warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- ca_
identifier str - CA identifier of the CA server for signing via SCEP.
- certificate str
- PEM format certificate.
- cmp_
path str - Path location inside CMP server.
- cmp_
regeneration_ strmethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - cmp_
server str - Address and port for CMP server (format = address:port).
- cmp_
server_ strcert - CMP server certificate.
- comments str
- Comment.
- csr str
- Certificate Signing Request.
- enroll_
protocol str - Certificate enrollment protocol.
- est_
ca_ strid - CA identifier of the CA server for signing via EST.
- est_
client_ strcert - Certificate used to authenticate this FortiGate to EST server.
- est_
http_ strpassword - HTTP Authentication password for signing via EST.
- est_
http_ strusername - HTTP Authentication username for signing via EST.
- est_
server str - Address and port for EST server (e.g. https://example.com:1234).
- est_
server_ strcert - EST server's certificate must be verifiable by this certificate to be authenticated.
- est_
srp_ strpassword - EST SRP authentication password.
- est_
srp_ strusername - EST SRP authentication username.
- ike_
localid str - Local ID the FortiGate uses for authentication as a VPN client.
- ike_
localid_ strtype - IKE local ID type. Valid values:
asn1dn
,fqdn
. - last_
updated int - Time at which certificate was last updated.
- name str
- Name.
- name_
encoding str - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - password str
- Password as a PEM file.
- private_
key str - PEM format key, encrypted with a password.
- private_
key_ strretain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - range str
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - scep_
password str - SCEP server challenge password for auto-regeneration.
- scep_
url str - SCEP server URL.
- source str
- Certificate source type.
- source_
ip str - Source IP address for communications to the SCEP server.
- state str
- Certificate Signing Request State.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- acme
Ca StringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- acme
Domain String - A valid domain that resolves to this Fortigate.
- acme
Email String - Contact email address that is required by some CAs like LetsEncrypt.
- acme
Renew NumberWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- acme
Rsa NumberKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- auto
Regenerate NumberDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- auto
Regenerate NumberDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- ca
Identifier String - CA identifier of the CA server for signing via SCEP.
- certificate String
- PEM format certificate.
- cmp
Path String - Path location inside CMP server.
- cmp
Regeneration StringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - cmp
Server String - Address and port for CMP server (format = address:port).
- cmp
Server StringCert - CMP server certificate.
- comments String
- Comment.
- csr String
- Certificate Signing Request.
- enroll
Protocol String - Certificate enrollment protocol.
- est
Ca StringId - CA identifier of the CA server for signing via EST.
- est
Client StringCert - Certificate used to authenticate this FortiGate to EST server.
- est
Http StringPassword - HTTP Authentication password for signing via EST.
- est
Http StringUsername - HTTP Authentication username for signing via EST.
- est
Server String - Address and port for EST server (e.g. https://example.com:1234).
- est
Server StringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- est
Srp StringPassword - EST SRP authentication password.
- est
Srp StringUsername - EST SRP authentication username.
- ike
Localid String - Local ID the FortiGate uses for authentication as a VPN client.
- ike
Localid StringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - last
Updated Number - Time at which certificate was last updated.
- name String
- Name.
- name
Encoding String - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - password String
- Password as a PEM file.
- private
Key String - PEM format key, encrypted with a password.
- private
Key StringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - range String
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - scep
Password String - SCEP server challenge password for auto-regeneration.
- scep
Url String - SCEP server URL.
- source String
- Certificate source type.
- source
Ip String - Source IP address for communications to the SCEP server.
- state String
- Certificate Signing Request State.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Outputs
All input properties are implicitly available as output properties. Additionally, the Local resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Local Resource
Get an existing Local resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: LocalState, opts?: CustomResourceOptions): Local
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acme_ca_url: Optional[str] = None,
acme_domain: Optional[str] = None,
acme_email: Optional[str] = None,
acme_renew_window: Optional[int] = None,
acme_rsa_key_size: Optional[int] = None,
auto_regenerate_days: Optional[int] = None,
auto_regenerate_days_warning: Optional[int] = None,
ca_identifier: Optional[str] = None,
certificate: Optional[str] = None,
cmp_path: Optional[str] = None,
cmp_regeneration_method: Optional[str] = None,
cmp_server: Optional[str] = None,
cmp_server_cert: Optional[str] = None,
comments: Optional[str] = None,
csr: Optional[str] = None,
enroll_protocol: Optional[str] = None,
est_ca_id: Optional[str] = None,
est_client_cert: Optional[str] = None,
est_http_password: Optional[str] = None,
est_http_username: Optional[str] = None,
est_server: Optional[str] = None,
est_server_cert: Optional[str] = None,
est_srp_password: Optional[str] = None,
est_srp_username: Optional[str] = None,
ike_localid: Optional[str] = None,
ike_localid_type: Optional[str] = None,
last_updated: Optional[int] = None,
name: Optional[str] = None,
name_encoding: Optional[str] = None,
password: Optional[str] = None,
private_key: Optional[str] = None,
private_key_retain: Optional[str] = None,
range: Optional[str] = None,
scep_password: Optional[str] = None,
scep_url: Optional[str] = None,
source: Optional[str] = None,
source_ip: Optional[str] = None,
state: Optional[str] = None,
vdomparam: Optional[str] = None) -> Local
func GetLocal(ctx *Context, name string, id IDInput, state *LocalState, opts ...ResourceOption) (*Local, error)
public static Local Get(string name, Input<string> id, LocalState? state, CustomResourceOptions? opts = null)
public static Local get(String name, Output<String> id, LocalState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acme
Ca stringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- Acme
Domain string - A valid domain that resolves to this Fortigate.
- Acme
Email string - Contact email address that is required by some CAs like LetsEncrypt.
- Acme
Renew intWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- Acme
Rsa intKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- Auto
Regenerate intDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- Auto
Regenerate intDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- Ca
Identifier string - CA identifier of the CA server for signing via SCEP.
- Certificate string
- PEM format certificate.
- Cmp
Path string - Path location inside CMP server.
- Cmp
Regeneration stringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - Cmp
Server string - Address and port for CMP server (format = address:port).
- Cmp
Server stringCert - CMP server certificate.
- Comments string
- Comment.
- Csr string
- Certificate Signing Request.
- Enroll
Protocol string - Certificate enrollment protocol.
- Est
Ca stringId - CA identifier of the CA server for signing via EST.
- Est
Client stringCert - Certificate used to authenticate this FortiGate to EST server.
- Est
Http stringPassword - HTTP Authentication password for signing via EST.
- Est
Http stringUsername - HTTP Authentication username for signing via EST.
- Est
Server string - Address and port for EST server (e.g. https://example.com:1234).
- Est
Server stringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- Est
Srp stringPassword - EST SRP authentication password.
- Est
Srp stringUsername - EST SRP authentication username.
- Ike
Localid string - Local ID the FortiGate uses for authentication as a VPN client.
- Ike
Localid stringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - Last
Updated int - Time at which certificate was last updated.
- Name string
- Name.
- Name
Encoding string - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - Password string
- Password as a PEM file.
- Private
Key string - PEM format key, encrypted with a password.
- Private
Key stringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - Range string
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - Scep
Password string - SCEP server challenge password for auto-regeneration.
- Scep
Url string - SCEP server URL.
- Source string
- Certificate source type.
- Source
Ip string - Source IP address for communications to the SCEP server.
- State string
- Certificate Signing Request State.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- Acme
Ca stringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- Acme
Domain string - A valid domain that resolves to this Fortigate.
- Acme
Email string - Contact email address that is required by some CAs like LetsEncrypt.
- Acme
Renew intWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- Acme
Rsa intKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- Auto
Regenerate intDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- Auto
Regenerate intDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- Ca
Identifier string - CA identifier of the CA server for signing via SCEP.
- Certificate string
- PEM format certificate.
- Cmp
Path string - Path location inside CMP server.
- Cmp
Regeneration stringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - Cmp
Server string - Address and port for CMP server (format = address:port).
- Cmp
Server stringCert - CMP server certificate.
- Comments string
- Comment.
- Csr string
- Certificate Signing Request.
- Enroll
Protocol string - Certificate enrollment protocol.
- Est
Ca stringId - CA identifier of the CA server for signing via EST.
- Est
Client stringCert - Certificate used to authenticate this FortiGate to EST server.
- Est
Http stringPassword - HTTP Authentication password for signing via EST.
- Est
Http stringUsername - HTTP Authentication username for signing via EST.
- Est
Server string - Address and port for EST server (e.g. https://example.com:1234).
- Est
Server stringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- Est
Srp stringPassword - EST SRP authentication password.
- Est
Srp stringUsername - EST SRP authentication username.
- Ike
Localid string - Local ID the FortiGate uses for authentication as a VPN client.
- Ike
Localid stringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - Last
Updated int - Time at which certificate was last updated.
- Name string
- Name.
- Name
Encoding string - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - Password string
- Password as a PEM file.
- Private
Key string - PEM format key, encrypted with a password.
- Private
Key stringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - Range string
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - Scep
Password string - SCEP server challenge password for auto-regeneration.
- Scep
Url string - SCEP server URL.
- Source string
- Certificate source type.
- Source
Ip string - Source IP address for communications to the SCEP server.
- State string
- Certificate Signing Request State.
- Vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- acme
Ca StringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- acme
Domain String - A valid domain that resolves to this Fortigate.
- acme
Email String - Contact email address that is required by some CAs like LetsEncrypt.
- acme
Renew IntegerWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- acme
Rsa IntegerKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- auto
Regenerate IntegerDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- auto
Regenerate IntegerDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- ca
Identifier String - CA identifier of the CA server for signing via SCEP.
- certificate String
- PEM format certificate.
- cmp
Path String - Path location inside CMP server.
- cmp
Regeneration StringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - cmp
Server String - Address and port for CMP server (format = address:port).
- cmp
Server StringCert - CMP server certificate.
- comments String
- Comment.
- csr String
- Certificate Signing Request.
- enroll
Protocol String - Certificate enrollment protocol.
- est
Ca StringId - CA identifier of the CA server for signing via EST.
- est
Client StringCert - Certificate used to authenticate this FortiGate to EST server.
- est
Http StringPassword - HTTP Authentication password for signing via EST.
- est
Http StringUsername - HTTP Authentication username for signing via EST.
- est
Server String - Address and port for EST server (e.g. https://example.com:1234).
- est
Server StringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- est
Srp StringPassword - EST SRP authentication password.
- est
Srp StringUsername - EST SRP authentication username.
- ike
Localid String - Local ID the FortiGate uses for authentication as a VPN client.
- ike
Localid StringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - last
Updated Integer - Time at which certificate was last updated.
- name String
- Name.
- name
Encoding String - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - password String
- Password as a PEM file.
- private
Key String - PEM format key, encrypted with a password.
- private
Key StringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - range String
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - scep
Password String - SCEP server challenge password for auto-regeneration.
- scep
Url String - SCEP server URL.
- source String
- Certificate source type.
- source
Ip String - Source IP address for communications to the SCEP server.
- state String
- Certificate Signing Request State.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- acme
Ca stringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- acme
Domain string - A valid domain that resolves to this Fortigate.
- acme
Email string - Contact email address that is required by some CAs like LetsEncrypt.
- acme
Renew numberWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- acme
Rsa numberKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- auto
Regenerate numberDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- auto
Regenerate numberDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- ca
Identifier string - CA identifier of the CA server for signing via SCEP.
- certificate string
- PEM format certificate.
- cmp
Path string - Path location inside CMP server.
- cmp
Regeneration stringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - cmp
Server string - Address and port for CMP server (format = address:port).
- cmp
Server stringCert - CMP server certificate.
- comments string
- Comment.
- csr string
- Certificate Signing Request.
- enroll
Protocol string - Certificate enrollment protocol.
- est
Ca stringId - CA identifier of the CA server for signing via EST.
- est
Client stringCert - Certificate used to authenticate this FortiGate to EST server.
- est
Http stringPassword - HTTP Authentication password for signing via EST.
- est
Http stringUsername - HTTP Authentication username for signing via EST.
- est
Server string - Address and port for EST server (e.g. https://example.com:1234).
- est
Server stringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- est
Srp stringPassword - EST SRP authentication password.
- est
Srp stringUsername - EST SRP authentication username.
- ike
Localid string - Local ID the FortiGate uses for authentication as a VPN client.
- ike
Localid stringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - last
Updated number - Time at which certificate was last updated.
- name string
- Name.
- name
Encoding string - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - password string
- Password as a PEM file.
- private
Key string - PEM format key, encrypted with a password.
- private
Key stringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - range string
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - scep
Password string - SCEP server challenge password for auto-regeneration.
- scep
Url string - SCEP server URL.
- source string
- Certificate source type.
- source
Ip string - Source IP address for communications to the SCEP server.
- state string
- Certificate Signing Request State.
- vdomparam string
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- acme_
ca_ strurl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- acme_
domain str - A valid domain that resolves to this Fortigate.
- acme_
email str - Contact email address that is required by some CAs like LetsEncrypt.
- acme_
renew_ intwindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- acme_
rsa_ intkey_ size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- auto_
regenerate_ intdays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- auto_
regenerate_ intdays_ warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- ca_
identifier str - CA identifier of the CA server for signing via SCEP.
- certificate str
- PEM format certificate.
- cmp_
path str - Path location inside CMP server.
- cmp_
regeneration_ strmethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - cmp_
server str - Address and port for CMP server (format = address:port).
- cmp_
server_ strcert - CMP server certificate.
- comments str
- Comment.
- csr str
- Certificate Signing Request.
- enroll_
protocol str - Certificate enrollment protocol.
- est_
ca_ strid - CA identifier of the CA server for signing via EST.
- est_
client_ strcert - Certificate used to authenticate this FortiGate to EST server.
- est_
http_ strpassword - HTTP Authentication password for signing via EST.
- est_
http_ strusername - HTTP Authentication username for signing via EST.
- est_
server str - Address and port for EST server (e.g. https://example.com:1234).
- est_
server_ strcert - EST server's certificate must be verifiable by this certificate to be authenticated.
- est_
srp_ strpassword - EST SRP authentication password.
- est_
srp_ strusername - EST SRP authentication username.
- ike_
localid str - Local ID the FortiGate uses for authentication as a VPN client.
- ike_
localid_ strtype - IKE local ID type. Valid values:
asn1dn
,fqdn
. - last_
updated int - Time at which certificate was last updated.
- name str
- Name.
- name_
encoding str - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - password str
- Password as a PEM file.
- private_
key str - PEM format key, encrypted with a password.
- private_
key_ strretain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - range str
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - scep_
password str - SCEP server challenge password for auto-regeneration.
- scep_
url str - SCEP server URL.
- source str
- Certificate source type.
- source_
ip str - Source IP address for communications to the SCEP server.
- state str
- Certificate Signing Request State.
- vdomparam str
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
- acme
Ca StringUrl - The URL for the ACME CA server (Let's Encrypt is the default provider).
- acme
Domain String - A valid domain that resolves to this Fortigate.
- acme
Email String - Contact email address that is required by some CAs like LetsEncrypt.
- acme
Renew NumberWindow - Beginning of the renewal window (in days before certificate expiration, 30 by default).
- acme
Rsa NumberKey Size - Length of the RSA private key of the generated cert (Minimum 2048 bits).
- auto
Regenerate NumberDays - Number of days to wait before expiry of an updated local certificate is requested (0 = disabled).
- auto
Regenerate NumberDays Warning - Number of days to wait before an expiry warning message is generated (0 = disabled).
- ca
Identifier String - CA identifier of the CA server for signing via SCEP.
- certificate String
- PEM format certificate.
- cmp
Path String - Path location inside CMP server.
- cmp
Regeneration StringMethod - CMP auto-regeneration method. Valid values:
keyupate
,renewal
. - cmp
Server String - Address and port for CMP server (format = address:port).
- cmp
Server StringCert - CMP server certificate.
- comments String
- Comment.
- csr String
- Certificate Signing Request.
- enroll
Protocol String - Certificate enrollment protocol.
- est
Ca StringId - CA identifier of the CA server for signing via EST.
- est
Client StringCert - Certificate used to authenticate this FortiGate to EST server.
- est
Http StringPassword - HTTP Authentication password for signing via EST.
- est
Http StringUsername - HTTP Authentication username for signing via EST.
- est
Server String - Address and port for EST server (e.g. https://example.com:1234).
- est
Server StringCert - EST server's certificate must be verifiable by this certificate to be authenticated.
- est
Srp StringPassword - EST SRP authentication password.
- est
Srp StringUsername - EST SRP authentication username.
- ike
Localid String - Local ID the FortiGate uses for authentication as a VPN client.
- ike
Localid StringType - IKE local ID type. Valid values:
asn1dn
,fqdn
. - last
Updated Number - Time at which certificate was last updated.
- name String
- Name.
- name
Encoding String - Name encoding method for auto-regeneration. Valid values:
printable
,utf8
. - password String
- Password as a PEM file.
- private
Key String - PEM format key, encrypted with a password.
- private
Key StringRetain - Enable/disable retention of private key during SCEP renewal (default = disable). Valid values:
enable
,disable
. - range String
- Either a global or VDOM IP address range for the certificate. Valid values:
global
,vdom
. - scep
Password String - SCEP server challenge password for auto-regeneration.
- scep
Url String - SCEP server URL.
- source String
- Certificate source type.
- source
Ip String - Source IP address for communications to the SCEP server.
- state String
- Certificate Signing Request State.
- vdomparam String
- Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter.
Import
VpnCertificate Local can be imported using any of these accepted formats:
$ pulumi import fortios:vpn/certificate/local:Local labelname {{name}}
If you do not want to import arguments of block:
$ export “FORTIOS_IMPORT_TABLE”=“false”
$ pulumi import fortios:vpn/certificate/local:Local labelname {{name}}
$ unset “FORTIOS_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortios pulumiverse/pulumi-fortios
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fortios
Terraform Provider.