tls.LocallySignedCert
Explore with Pulumi AI
Create LocallySignedCert Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new LocallySignedCert(name: string, args: LocallySignedCertArgs, opts?: CustomResourceOptions);
@overload
def LocallySignedCert(resource_name: str,
args: LocallySignedCertArgs,
opts: Optional[ResourceOptions] = None)
@overload
def LocallySignedCert(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed_uses: Optional[Sequence[str]] = None,
ca_cert_pem: Optional[str] = None,
ca_private_key_pem: Optional[str] = None,
cert_request_pem: Optional[str] = None,
validity_period_hours: Optional[int] = None,
early_renewal_hours: Optional[int] = None,
is_ca_certificate: Optional[bool] = None,
set_subject_key_id: Optional[bool] = None)
func NewLocallySignedCert(ctx *Context, name string, args LocallySignedCertArgs, opts ...ResourceOption) (*LocallySignedCert, error)
public LocallySignedCert(string name, LocallySignedCertArgs args, CustomResourceOptions? opts = null)
public LocallySignedCert(String name, LocallySignedCertArgs args)
public LocallySignedCert(String name, LocallySignedCertArgs args, CustomResourceOptions options)
type: tls:LocallySignedCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LocallySignedCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LocallySignedCertArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LocallySignedCertArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LocallySignedCertArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LocallySignedCertArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var locallySignedCertResource = new Tls.LocallySignedCert("locallySignedCertResource", new()
{
AllowedUses = new[]
{
"string",
},
CaCertPem = "string",
CaPrivateKeyPem = "string",
CertRequestPem = "string",
ValidityPeriodHours = 0,
EarlyRenewalHours = 0,
IsCaCertificate = false,
SetSubjectKeyId = false,
});
example, err := tls.NewLocallySignedCert(ctx, "locallySignedCertResource", &tls.LocallySignedCertArgs{
AllowedUses: pulumi.StringArray{
pulumi.String("string"),
},
CaCertPem: pulumi.String("string"),
CaPrivateKeyPem: pulumi.String("string"),
CertRequestPem: pulumi.String("string"),
ValidityPeriodHours: pulumi.Int(0),
EarlyRenewalHours: pulumi.Int(0),
IsCaCertificate: pulumi.Bool(false),
SetSubjectKeyId: pulumi.Bool(false),
})
var locallySignedCertResource = new LocallySignedCert("locallySignedCertResource", LocallySignedCertArgs.builder()
.allowedUses("string")
.caCertPem("string")
.caPrivateKeyPem("string")
.certRequestPem("string")
.validityPeriodHours(0)
.earlyRenewalHours(0)
.isCaCertificate(false)
.setSubjectKeyId(false)
.build());
locally_signed_cert_resource = tls.LocallySignedCert("locallySignedCertResource",
allowed_uses=["string"],
ca_cert_pem="string",
ca_private_key_pem="string",
cert_request_pem="string",
validity_period_hours=0,
early_renewal_hours=0,
is_ca_certificate=False,
set_subject_key_id=False)
const locallySignedCertResource = new tls.LocallySignedCert("locallySignedCertResource", {
allowedUses: ["string"],
caCertPem: "string",
caPrivateKeyPem: "string",
certRequestPem: "string",
validityPeriodHours: 0,
earlyRenewalHours: 0,
isCaCertificate: false,
setSubjectKeyId: false,
});
type: tls:LocallySignedCert
properties:
allowedUses:
- string
caCertPem: string
caPrivateKeyPem: string
certRequestPem: string
earlyRenewalHours: 0
isCaCertificate: false
setSubjectKeyId: false
validityPeriodHours: 0
LocallySignedCert Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The LocallySignedCert resource accepts the following input properties:
- Allowed
Uses List<string> - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - Ca
Cert stringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- Ca
Private stringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- Cert
Request stringPem - Certificate request data in PEM (RFC 1421) format.
- Validity
Period intHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- Early
Renewal intHours - Is
Ca boolCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - Set
Subject boolKey Id - Should the generated certificate include a subject key identifier (default:
false
).
- Allowed
Uses []string - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - Ca
Cert stringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- Ca
Private stringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- Cert
Request stringPem - Certificate request data in PEM (RFC 1421) format.
- Validity
Period intHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- Early
Renewal intHours - Is
Ca boolCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - Set
Subject boolKey Id - Should the generated certificate include a subject key identifier (default:
false
).
- allowed
Uses List<String> - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - ca
Cert StringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- ca
Private StringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- cert
Request StringPem - Certificate request data in PEM (RFC 1421) format.
- validity
Period IntegerHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- early
Renewal IntegerHours - is
Ca BooleanCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - set
Subject BooleanKey Id - Should the generated certificate include a subject key identifier (default:
false
).
- allowed
Uses string[] - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - ca
Cert stringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- ca
Private stringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- cert
Request stringPem - Certificate request data in PEM (RFC 1421) format.
- validity
Period numberHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- early
Renewal numberHours - is
Ca booleanCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - set
Subject booleanKey Id - Should the generated certificate include a subject key identifier (default:
false
).
- allowed_
uses Sequence[str] - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - ca_
cert_ strpem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- ca_
private_ strkey_ pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- cert_
request_ strpem - Certificate request data in PEM (RFC 1421) format.
- validity_
period_ inthours - Number of hours, after initial issuing, that the certificate will remain valid for.
- early_
renewal_ inthours - is_
ca_ boolcertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - set_
subject_ boolkey_ id - Should the generated certificate include a subject key identifier (default:
false
).
- allowed
Uses List<String> - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - ca
Cert StringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- ca
Private StringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- cert
Request StringPem - Certificate request data in PEM (RFC 1421) format.
- validity
Period NumberHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- early
Renewal NumberHours - is
Ca BooleanCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - set
Subject BooleanKey Id - Should the generated certificate include a subject key identifier (default:
false
).
Outputs
All input properties are implicitly available as output properties. Additionally, the LocallySignedCert resource produces the following output properties:
- Ca
Key stringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - Cert
Pem string - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - Id string
- The provider-assigned unique ID for this managed resource.
- Ready
For boolRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - Validity
End stringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- Validity
Start stringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- Ca
Key stringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - Cert
Pem string - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - Id string
- The provider-assigned unique ID for this managed resource.
- Ready
For boolRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - Validity
End stringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- Validity
Start stringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- ca
Key StringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - cert
Pem String - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - id String
- The provider-assigned unique ID for this managed resource.
- ready
For BooleanRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - validity
End StringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Start StringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- ca
Key stringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - cert
Pem string - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - id string
- The provider-assigned unique ID for this managed resource.
- ready
For booleanRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - validity
End stringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Start stringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- ca_
key_ stralgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - cert_
pem str - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - id str
- The provider-assigned unique ID for this managed resource.
- ready_
for_ boolrenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - validity_
end_ strtime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity_
start_ strtime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- ca
Key StringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - cert
Pem String - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - id String
- The provider-assigned unique ID for this managed resource.
- ready
For BooleanRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - validity
End StringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Start StringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
Look up Existing LocallySignedCert Resource
Get an existing LocallySignedCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: LocallySignedCertState, opts?: CustomResourceOptions): LocallySignedCert
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allowed_uses: Optional[Sequence[str]] = None,
ca_cert_pem: Optional[str] = None,
ca_key_algorithm: Optional[str] = None,
ca_private_key_pem: Optional[str] = None,
cert_pem: Optional[str] = None,
cert_request_pem: Optional[str] = None,
early_renewal_hours: Optional[int] = None,
is_ca_certificate: Optional[bool] = None,
ready_for_renewal: Optional[bool] = None,
set_subject_key_id: Optional[bool] = None,
validity_end_time: Optional[str] = None,
validity_period_hours: Optional[int] = None,
validity_start_time: Optional[str] = None) -> LocallySignedCert
func GetLocallySignedCert(ctx *Context, name string, id IDInput, state *LocallySignedCertState, opts ...ResourceOption) (*LocallySignedCert, error)
public static LocallySignedCert Get(string name, Input<string> id, LocallySignedCertState? state, CustomResourceOptions? opts = null)
public static LocallySignedCert get(String name, Output<String> id, LocallySignedCertState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allowed
Uses List<string> - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - Ca
Cert stringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- Ca
Key stringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - Ca
Private stringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- Cert
Pem string - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - Cert
Request stringPem - Certificate request data in PEM (RFC 1421) format.
- Early
Renewal intHours - Is
Ca boolCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - Ready
For boolRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - Set
Subject boolKey Id - Should the generated certificate include a subject key identifier (default:
false
). - Validity
End stringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- Validity
Period intHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- Validity
Start stringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- Allowed
Uses []string - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - Ca
Cert stringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- Ca
Key stringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - Ca
Private stringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- Cert
Pem string - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - Cert
Request stringPem - Certificate request data in PEM (RFC 1421) format.
- Early
Renewal intHours - Is
Ca boolCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - Ready
For boolRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - Set
Subject boolKey Id - Should the generated certificate include a subject key identifier (default:
false
). - Validity
End stringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- Validity
Period intHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- Validity
Start stringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- allowed
Uses List<String> - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - ca
Cert StringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- ca
Key StringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - ca
Private StringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- cert
Pem String - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - cert
Request StringPem - Certificate request data in PEM (RFC 1421) format.
- early
Renewal IntegerHours - is
Ca BooleanCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - ready
For BooleanRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - set
Subject BooleanKey Id - Should the generated certificate include a subject key identifier (default:
false
). - validity
End StringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Period IntegerHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- validity
Start StringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- allowed
Uses string[] - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - ca
Cert stringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- ca
Key stringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - ca
Private stringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- cert
Pem string - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - cert
Request stringPem - Certificate request data in PEM (RFC 1421) format.
- early
Renewal numberHours - is
Ca booleanCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - ready
For booleanRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - set
Subject booleanKey Id - Should the generated certificate include a subject key identifier (default:
false
). - validity
End stringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Period numberHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- validity
Start stringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- allowed_
uses Sequence[str] - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - ca_
cert_ strpem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- ca_
key_ stralgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - ca_
private_ strkey_ pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- cert_
pem str - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - cert_
request_ strpem - Certificate request data in PEM (RFC 1421) format.
- early_
renewal_ inthours - is_
ca_ boolcertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - ready_
for_ boolrenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - set_
subject_ boolkey_ id - Should the generated certificate include a subject key identifier (default:
false
). - validity_
end_ strtime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity_
period_ inthours - Number of hours, after initial issuing, that the certificate will remain valid for.
- validity_
start_ strtime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
- allowed
Uses List<String> - List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values:
any_extended
,cert_signing
,client_auth
,code_signing
,content_commitment
,crl_signing
,data_encipherment
,decipher_only
,digital_signature
,email_protection
,encipher_only
,ipsec_end_system
,ipsec_tunnel
,ipsec_user
,key_agreement
,key_encipherment
,microsoft_commercial_code_signing
,microsoft_kernel_code_signing
,microsoft_server_gated_crypto
,netscape_server_gated_crypto
,ocsp_signing
,server_auth
,timestamping
. - ca
Cert StringPem - Certificate data of the Certificate Authority (CA) in PEM (RFC 1421) format.
- ca
Key StringAlgorithm - Name of the algorithm used when generating the private key provided in
ca_private_key_pem
. - ca
Private StringKey Pem - Private key of the Certificate Authority (CA) used to sign the certificate, in PEM (RFC 1421) format.
- cert
Pem String - Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\n
at the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace()
. - cert
Request StringPem - Certificate request data in PEM (RFC 1421) format.
- early
Renewal NumberHours - is
Ca BooleanCertificate - Is the generated certificate representing a Certificate Authority (CA) (default:
false
). - ready
For BooleanRenewal - Is the certificate either expired (i.e. beyond the
validity_period_hours
) or ready for an early renewal (i.e. within theearly_renewal_hours
)? - set
Subject BooleanKey Id - Should the generated certificate include a subject key identifier (default:
false
). - validity
End StringTime - The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
- validity
Period NumberHours - Number of hours, after initial issuing, that the certificate will remain valid for.
- validity
Start StringTime - The time after which the certificate is valid, expressed as an RFC3339 timestamp.
Package Details
- Repository
- TLS pulumi/pulumi-tls
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
tls
Terraform Provider.