Venafi v1.10.4, Oct 16 24

Venafi v1.10.4 published on Wednesday, Oct 16, 2024 by Pulumi

venafi.Certificate

Explore with Pulumi AI

Venafi v1.10.4 published on Wednesday, Oct 16, 2024 by Pulumi

Create Certificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);

@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                common_name: Optional[str] = None,
                nickname: Optional[str] = None,
                san_uris: Optional[Sequence[str]] = None,
                country: Optional[str] = None,
                csr_origin: Optional[str] = None,
                csr_pem: Optional[str] = None,
                custom_fields: Optional[Mapping[str, str]] = None,
                ecdsa_curve: Optional[str] = None,
                expiration_window: Optional[int] = None,
                issuer_hint: Optional[str] = None,
                key_password: Optional[str] = None,
                valid_days: Optional[int] = None,
                certificate_dn: Optional[str] = None,
                pkcs12: Optional[str] = None,
                organizational_units: Optional[Sequence[str]] = None,
                organization: Optional[str] = None,
                private_key_pem: Optional[str] = None,
                renew_required: Optional[bool] = None,
                rsa_bits: Optional[int] = None,
                san_dns: Optional[Sequence[str]] = None,
                san_emails: Optional[Sequence[str]] = None,
                san_ips: Optional[Sequence[str]] = None,
                algorithm: Optional[str] = None,
                state: Optional[str] = None,
                locality: Optional[str] = None)

func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)

public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)

public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)

type: venafi:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var certificateResource = new Venafi.Certificate("certificateResource", new()
{
    CommonName = "string",
    Nickname = "string",
    SanUris = new[]
    {
        "string",
    },
    Country = "string",
    CsrOrigin = "string",
    CsrPem = "string",
    CustomFields = 
    {
        { "string", "string" },
    },
    EcdsaCurve = "string",
    ExpirationWindow = 0,
    IssuerHint = "string",
    KeyPassword = "string",
    ValidDays = 0,
    CertificateDn = "string",
    Pkcs12 = "string",
    OrganizationalUnits = new[]
    {
        "string",
    },
    Organization = "string",
    PrivateKeyPem = "string",
    RenewRequired = false,
    RsaBits = 0,
    SanDns = new[]
    {
        "string",
    },
    SanEmails = new[]
    {
        "string",
    },
    SanIps = new[]
    {
        "string",
    },
    Algorithm = "string",
    State = "string",
    Locality = "string",
});

example, err := venafi.NewCertificate(ctx, "certificateResource", &venafi.CertificateArgs{
	CommonName: pulumi.String("string"),
	Nickname:   pulumi.String("string"),
	SanUris: pulumi.StringArray{
		pulumi.String("string"),
	},
	Country:   pulumi.String("string"),
	CsrOrigin: pulumi.String("string"),
	CsrPem:    pulumi.String("string"),
	CustomFields: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	EcdsaCurve:       pulumi.String("string"),
	ExpirationWindow: pulumi.Int(0),
	IssuerHint:       pulumi.String("string"),
	KeyPassword:      pulumi.String("string"),
	ValidDays:        pulumi.Int(0),
	CertificateDn:    pulumi.String("string"),
	Pkcs12:           pulumi.String("string"),
	OrganizationalUnits: pulumi.StringArray{
		pulumi.String("string"),
	},
	Organization:  pulumi.String("string"),
	PrivateKeyPem: pulumi.String("string"),
	RenewRequired: pulumi.Bool(false),
	RsaBits:       pulumi.Int(0),
	SanDns: pulumi.StringArray{
		pulumi.String("string"),
	},
	SanEmails: pulumi.StringArray{
		pulumi.String("string"),
	},
	SanIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	Algorithm: pulumi.String("string"),
	State:     pulumi.String("string"),
	Locality:  pulumi.String("string"),
})

var certificateResource = new Certificate("certificateResource", CertificateArgs.builder()
    .commonName("string")
    .nickname("string")
    .sanUris("string")
    .country("string")
    .csrOrigin("string")
    .csrPem("string")
    .customFields(Map.of("string", "string"))
    .ecdsaCurve("string")
    .expirationWindow(0)
    .issuerHint("string")
    .keyPassword("string")
    .validDays(0)
    .certificateDn("string")
    .pkcs12("string")
    .organizationalUnits("string")
    .organization("string")
    .privateKeyPem("string")
    .renewRequired(false)
    .rsaBits(0)
    .sanDns("string")
    .sanEmails("string")
    .sanIps("string")
    .algorithm("string")
    .state("string")
    .locality("string")
    .build());

certificate_resource = venafi.Certificate("certificateResource",
    common_name="string",
    nickname="string",
    san_uris=["string"],
    country="string",
    csr_origin="string",
    csr_pem="string",
    custom_fields={
        "string": "string",
    },
    ecdsa_curve="string",
    expiration_window=0,
    issuer_hint="string",
    key_password="string",
    valid_days=0,
    certificate_dn="string",
    pkcs12="string",
    organizational_units=["string"],
    organization="string",
    private_key_pem="string",
    renew_required=False,
    rsa_bits=0,
    san_dns=["string"],
    san_emails=["string"],
    san_ips=["string"],
    algorithm="string",
    state="string",
    locality="string")

const certificateResource = new venafi.Certificate("certificateResource", {
    commonName: "string",
    nickname: "string",
    sanUris: ["string"],
    country: "string",
    csrOrigin: "string",
    csrPem: "string",
    customFields: {
        string: "string",
    },
    ecdsaCurve: "string",
    expirationWindow: 0,
    issuerHint: "string",
    keyPassword: "string",
    validDays: 0,
    certificateDn: "string",
    pkcs12: "string",
    organizationalUnits: ["string"],
    organization: "string",
    privateKeyPem: "string",
    renewRequired: false,
    rsaBits: 0,
    sanDns: ["string"],
    sanEmails: ["string"],
    sanIps: ["string"],
    algorithm: "string",
    state: "string",
    locality: "string",
});

type: venafi:Certificate
properties:
    algorithm: string
    certificateDn: string
    commonName: string
    country: string
    csrOrigin: string
    csrPem: string
    customFields:
        string: string
    ecdsaCurve: string
    expirationWindow: 0
    issuerHint: string
    keyPassword: string
    locality: string
    nickname: string
    organization: string
    organizationalUnits:
        - string
    pkcs12: string
    privateKeyPem: string
    renewRequired: false
    rsaBits: 0
    sanDns:
        - string
    sanEmails:
        - string
    sanIps:
        - string
    sanUris:
        - string
    state: string
    validDays: 0

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Certificate resource accepts the following input properties:

CommonName string: The common name of the certificate.
Algorithm string: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDn string
Country string: Country of the certificate (C)
CsrOrigin string: Whether key-pair generation will be local or service generated. Default is local.
CsrPem string
CustomFields Dictionary<string, string>: Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve string: ECDSA curve to use when generating a key
ExpirationWindow int: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
IssuerHint string: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
KeyPassword string: The password used to encrypt the private key.
Locality string: Locality/City of the certificate (L)
Nickname string: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
Organization string: Organization of the certificate (O)
OrganizationalUnits List<string>: List of Organizational Units of the certificate (OU)
Pkcs12 string: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
PrivateKeyPem string: The private key in PEM format.
RenewRequired bool: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
RsaBits int: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
SanDns List<string>: List of DNS names to use as alternative subjects of the certificate.
SanEmails List<string>: List of email addresses to use as alternative subjects of the certificate.
SanIps List<string>: List of IP addresses to use as alternative subjects of the certificate.
SanUris List<string>: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
State string: State of the certificate (S)
ValidDays int: Desired number of days for which the new certificate will be valid.

CommonName string: The common name of the certificate.
Algorithm string: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDn string
Country string: Country of the certificate (C)
CsrOrigin string: Whether key-pair generation will be local or service generated. Default is local.
CsrPem string
CustomFields map[string]string: Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve string: ECDSA curve to use when generating a key
ExpirationWindow int: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
IssuerHint string: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
KeyPassword string: The password used to encrypt the private key.
Locality string: Locality/City of the certificate (L)
Nickname string: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
Organization string: Organization of the certificate (O)
OrganizationalUnits []string: List of Organizational Units of the certificate (OU)
Pkcs12 string: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
PrivateKeyPem string: The private key in PEM format.
RenewRequired bool: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
RsaBits int: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
SanDns []string: List of DNS names to use as alternative subjects of the certificate.
SanEmails []string: List of email addresses to use as alternative subjects of the certificate.
SanIps []string: List of IP addresses to use as alternative subjects of the certificate.
SanUris []string: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
State string: State of the certificate (S)
ValidDays int: Desired number of days for which the new certificate will be valid.

commonName String: The common name of the certificate.
algorithm String: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificateDn String
country String: Country of the certificate (C)
csrOrigin String: Whether key-pair generation will be local or service generated. Default is local.
csrPem String
customFields Map<String,String>: Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve String: ECDSA curve to use when generating a key
expirationWindow Integer: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint String: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword String: The password used to encrypt the private key.
locality String: Locality/City of the certificate (L)
nickname String: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization String: Organization of the certificate (O)
organizationalUnits List<String>: List of Organizational Units of the certificate (OU)
pkcs12 String: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem String: The private key in PEM format.
renewRequired Boolean: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Integer: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns List<String>: List of DNS names to use as alternative subjects of the certificate.
sanEmails List<String>: List of email addresses to use as alternative subjects of the certificate.
sanIps List<String>: List of IP addresses to use as alternative subjects of the certificate.
sanUris List<String>: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state String: State of the certificate (S)
validDays Integer: Desired number of days for which the new certificate will be valid.

commonName string: The common name of the certificate.
algorithm string: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificateDn string
country string: Country of the certificate (C)
csrOrigin string: Whether key-pair generation will be local or service generated. Default is local.
csrPem string
customFields {[key: string]: string}: Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve string: ECDSA curve to use when generating a key
expirationWindow number: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint string: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword string: The password used to encrypt the private key.
locality string: Locality/City of the certificate (L)
nickname string: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization string: Organization of the certificate (O)
organizationalUnits string[]: List of Organizational Units of the certificate (OU)
pkcs12 string: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem string: The private key in PEM format.
renewRequired boolean: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits number: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns string[]: List of DNS names to use as alternative subjects of the certificate.
sanEmails string[]: List of email addresses to use as alternative subjects of the certificate.
sanIps string[]: List of IP addresses to use as alternative subjects of the certificate.
sanUris string[]: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state string: State of the certificate (S)
validDays number: Desired number of days for which the new certificate will be valid.

common_name str: The common name of the certificate.
algorithm str: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate_dn str
country str: Country of the certificate (C)
csr_origin str: Whether key-pair generation will be local or service generated. Default is local.
csr_pem str
custom_fields Mapping[str, str]: Collection of Custom Field name-value pairs to assign to the certificate.
ecdsa_curve str: ECDSA curve to use when generating a key
expiration_window int: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuer_hint str: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
key_password str: The password used to encrypt the private key.
locality str: Locality/City of the certificate (L)
nickname str: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization str: Organization of the certificate (O)
organizational_units Sequence[str]: List of Organizational Units of the certificate (OU)
pkcs12 str: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
private_key_pem str: The private key in PEM format.
renew_required bool: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsa_bits int: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
san_dns Sequence[str]: List of DNS names to use as alternative subjects of the certificate.
san_emails Sequence[str]: List of email addresses to use as alternative subjects of the certificate.
san_ips Sequence[str]: List of IP addresses to use as alternative subjects of the certificate.
san_uris Sequence[str]: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state str: State of the certificate (S)
valid_days int: Desired number of days for which the new certificate will be valid.

commonName String: The common name of the certificate.
algorithm String: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificateDn String
country String: Country of the certificate (C)
csrOrigin String: Whether key-pair generation will be local or service generated. Default is local.
csrPem String
customFields Map<String>: Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve String: ECDSA curve to use when generating a key
expirationWindow Number: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint String: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword String: The password used to encrypt the private key.
locality String: Locality/City of the certificate (L)
nickname String: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization String: Organization of the certificate (O)
organizationalUnits List<String>: List of Organizational Units of the certificate (OU)
pkcs12 String: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem String: The private key in PEM format.
renewRequired Boolean: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Number: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns List<String>: List of DNS names to use as alternative subjects of the certificate.
sanEmails List<String>: List of email addresses to use as alternative subjects of the certificate.
sanIps List<String>: List of IP addresses to use as alternative subjects of the certificate.
sanUris List<String>: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state String: State of the certificate (S)
validDays Number: Desired number of days for which the new certificate will be valid.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

CertificateDetails string: The X509 certificate in PEM format.
CertificateId string: ID of the issued certificate
Chain string: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
Id string: The provider-assigned unique ID for this managed resource.

Certificate string: The X509 certificate in PEM format.
CertificateId string: ID of the issued certificate
Chain string: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
Id string: The provider-assigned unique ID for this managed resource.

certificate String: The X509 certificate in PEM format.
certificateId String: ID of the issued certificate
chain String: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id String: The provider-assigned unique ID for this managed resource.

certificate string: The X509 certificate in PEM format.
certificateId string: ID of the issued certificate
chain string: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id string: The provider-assigned unique ID for this managed resource.

certificate str: The X509 certificate in PEM format.
certificate_id str: ID of the issued certificate
chain str: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id str: The provider-assigned unique ID for this managed resource.

certificate String: The X509 certificate in PEM format.
certificateId String: ID of the issued certificate
chain String: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        algorithm: Optional[str] = None,
        certificate: Optional[str] = None,
        certificate_dn: Optional[str] = None,
        certificate_id: Optional[str] = None,
        chain: Optional[str] = None,
        common_name: Optional[str] = None,
        country: Optional[str] = None,
        csr_origin: Optional[str] = None,
        csr_pem: Optional[str] = None,
        custom_fields: Optional[Mapping[str, str]] = None,
        ecdsa_curve: Optional[str] = None,
        expiration_window: Optional[int] = None,
        issuer_hint: Optional[str] = None,
        key_password: Optional[str] = None,
        locality: Optional[str] = None,
        nickname: Optional[str] = None,
        organization: Optional[str] = None,
        organizational_units: Optional[Sequence[str]] = None,
        pkcs12: Optional[str] = None,
        private_key_pem: Optional[str] = None,
        renew_required: Optional[bool] = None,
        rsa_bits: Optional[int] = None,
        san_dns: Optional[Sequence[str]] = None,
        san_emails: Optional[Sequence[str]] = None,
        san_ips: Optional[Sequence[str]] = None,
        san_uris: Optional[Sequence[str]] = None,
        state: Optional[str] = None,
        valid_days: Optional[int] = None) -> Certificate

func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)

public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)

public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Algorithm string: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDetails string: The X509 certificate in PEM format.
CertificateDn string
CertificateId string: ID of the issued certificate
Chain string: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
CommonName string: The common name of the certificate.
Country string: Country of the certificate (C)
CsrOrigin string: Whether key-pair generation will be local or service generated. Default is local.
CsrPem string
CustomFields Dictionary<string, string>: Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve string: ECDSA curve to use when generating a key
ExpirationWindow int: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
IssuerHint string: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
KeyPassword string: The password used to encrypt the private key.
Locality string: Locality/City of the certificate (L)
Nickname string: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
Organization string: Organization of the certificate (O)
OrganizationalUnits List<string>: List of Organizational Units of the certificate (OU)
Pkcs12 string: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
PrivateKeyPem string: The private key in PEM format.
RenewRequired bool: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
RsaBits int: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
SanDns List<string>: List of DNS names to use as alternative subjects of the certificate.
SanEmails List<string>: List of email addresses to use as alternative subjects of the certificate.
SanIps List<string>: List of IP addresses to use as alternative subjects of the certificate.
SanUris List<string>: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
State string: State of the certificate (S)
ValidDays int: Desired number of days for which the new certificate will be valid.

Algorithm string: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
Certificate string: The X509 certificate in PEM format.
CertificateDn string
CertificateId string: ID of the issued certificate
Chain string: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
CommonName string: The common name of the certificate.
Country string: Country of the certificate (C)
CsrOrigin string: Whether key-pair generation will be local or service generated. Default is local.
CsrPem string
CustomFields map[string]string: Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve string: ECDSA curve to use when generating a key
ExpirationWindow int: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
IssuerHint string: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
KeyPassword string: The password used to encrypt the private key.
Locality string: Locality/City of the certificate (L)
Nickname string: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
Organization string: Organization of the certificate (O)
OrganizationalUnits []string: List of Organizational Units of the certificate (OU)
Pkcs12 string: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
PrivateKeyPem string: The private key in PEM format.
RenewRequired bool: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
RsaBits int: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
SanDns []string: List of DNS names to use as alternative subjects of the certificate.
SanEmails []string: List of email addresses to use as alternative subjects of the certificate.
SanIps []string: List of IP addresses to use as alternative subjects of the certificate.
SanUris []string: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
State string: State of the certificate (S)
ValidDays int: Desired number of days for which the new certificate will be valid.

algorithm String: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate String: The X509 certificate in PEM format.
certificateDn String
certificateId String: ID of the issued certificate
chain String: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
commonName String: The common name of the certificate.
country String: Country of the certificate (C)
csrOrigin String: Whether key-pair generation will be local or service generated. Default is local.
csrPem String
customFields Map<String,String>: Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve String: ECDSA curve to use when generating a key
expirationWindow Integer: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint String: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword String: The password used to encrypt the private key.
locality String: Locality/City of the certificate (L)
nickname String: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization String: Organization of the certificate (O)
organizationalUnits List<String>: List of Organizational Units of the certificate (OU)
pkcs12 String: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem String: The private key in PEM format.
renewRequired Boolean: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Integer: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns List<String>: List of DNS names to use as alternative subjects of the certificate.
sanEmails List<String>: List of email addresses to use as alternative subjects of the certificate.
sanIps List<String>: List of IP addresses to use as alternative subjects of the certificate.
sanUris List<String>: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state String: State of the certificate (S)
validDays Integer: Desired number of days for which the new certificate will be valid.

algorithm string: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate string: The X509 certificate in PEM format.
certificateDn string
certificateId string: ID of the issued certificate
chain string: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
commonName string: The common name of the certificate.
country string: Country of the certificate (C)
csrOrigin string: Whether key-pair generation will be local or service generated. Default is local.
csrPem string
customFields {[key: string]: string}: Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve string: ECDSA curve to use when generating a key
expirationWindow number: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint string: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword string: The password used to encrypt the private key.
locality string: Locality/City of the certificate (L)
nickname string: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization string: Organization of the certificate (O)
organizationalUnits string[]: List of Organizational Units of the certificate (OU)
pkcs12 string: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem string: The private key in PEM format.
renewRequired boolean: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits number: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns string[]: List of DNS names to use as alternative subjects of the certificate.
sanEmails string[]: List of email addresses to use as alternative subjects of the certificate.
sanIps string[]: List of IP addresses to use as alternative subjects of the certificate.
sanUris string[]: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state string: State of the certificate (S)
validDays number: Desired number of days for which the new certificate will be valid.

algorithm str: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate str: The X509 certificate in PEM format.
certificate_dn str
certificate_id str: ID of the issued certificate
chain str: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
common_name str: The common name of the certificate.
country str: Country of the certificate (C)
csr_origin str: Whether key-pair generation will be local or service generated. Default is local.
csr_pem str
custom_fields Mapping[str, str]: Collection of Custom Field name-value pairs to assign to the certificate.
ecdsa_curve str: ECDSA curve to use when generating a key
expiration_window int: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuer_hint str: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
key_password str: The password used to encrypt the private key.
locality str: Locality/City of the certificate (L)
nickname str: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization str: Organization of the certificate (O)
organizational_units Sequence[str]: List of Organizational Units of the certificate (OU)
pkcs12 str: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
private_key_pem str: The private key in PEM format.
renew_required bool: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsa_bits int: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
san_dns Sequence[str]: List of DNS names to use as alternative subjects of the certificate.
san_emails Sequence[str]: List of email addresses to use as alternative subjects of the certificate.
san_ips Sequence[str]: List of IP addresses to use as alternative subjects of the certificate.
san_uris Sequence[str]: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state str: State of the certificate (S)
valid_days int: Desired number of days for which the new certificate will be valid.

algorithm String: Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate String: The X509 certificate in PEM format.
certificateDn String
certificateId String: ID of the issued certificate
chain String: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
commonName String: The common name of the certificate.
country String: Country of the certificate (C)
csrOrigin String: Whether key-pair generation will be local or service generated. Default is local.
csrPem String
customFields Map<String>: Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve String: ECDSA curve to use when generating a key
expirationWindow Number: Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint String: Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword String: The password used to encrypt the private key.
locality String: Locality/City of the certificate (L)
nickname String: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization String: Organization of the certificate (O)
organizationalUnits List<String>: List of Organizational Units of the certificate (OU)
pkcs12 String: A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem String: The private key in PEM format.
renewRequired Boolean: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Number: Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns List<String>: List of DNS names to use as alternative subjects of the certificate.
sanEmails List<String>: List of email addresses to use as alternative subjects of the certificate.
sanIps List<String>: List of IP addresses to use as alternative subjects of the certificate.
sanUris List<String>: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state String: State of the certificate (S)
validDays Number: Desired number of days for which the new certificate will be valid.

Package Details

Repository: Venafi pulumi/pulumi-venafi
License: Apache-2.0
Notes: This Pulumi package is based on the venafi Terraform Provider.

Venafi v1.10.4 published on Wednesday, Oct 16, 2024 by Pulumi

pulumi/pulumi-venafi

venafi.Certificate

On this page

On this page

Create Certificate Resource

Constructor syntax

Parameters

Constructor example

Certificate Resource Properties

Inputs

Outputs

Look up Existing Certificate Resource

Package Details

On this page

On this page