1. Packages
  2. Tls Provider
  3. API Docs
  4. SelfSignedCert
TLS v5.1.1 published on Saturday, Mar 15, 2025 by Pulumi

tls.SelfSignedCert

Explore with Pulumi AI

Create SelfSignedCert Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SelfSignedCert(name: string, args: SelfSignedCertArgs, opts?: CustomResourceOptions);
@overload
def SelfSignedCert(resource_name: str,
                   args: SelfSignedCertArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def SelfSignedCert(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   allowed_uses: Optional[Sequence[str]] = None,
                   private_key_pem: Optional[str] = None,
                   validity_period_hours: Optional[int] = None,
                   dns_names: Optional[Sequence[str]] = None,
                   early_renewal_hours: Optional[int] = None,
                   ip_addresses: Optional[Sequence[str]] = None,
                   is_ca_certificate: Optional[bool] = None,
                   set_authority_key_id: Optional[bool] = None,
                   set_subject_key_id: Optional[bool] = None,
                   subject: Optional[SelfSignedCertSubjectArgs] = None,
                   uris: Optional[Sequence[str]] = None)
func NewSelfSignedCert(ctx *Context, name string, args SelfSignedCertArgs, opts ...ResourceOption) (*SelfSignedCert, error)
public SelfSignedCert(string name, SelfSignedCertArgs args, CustomResourceOptions? opts = null)
public SelfSignedCert(String name, SelfSignedCertArgs args)
public SelfSignedCert(String name, SelfSignedCertArgs args, CustomResourceOptions options)
type: tls:SelfSignedCert
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SelfSignedCertArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SelfSignedCertArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SelfSignedCertArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SelfSignedCertArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SelfSignedCertArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var selfSignedCertResource = new Tls.SelfSignedCert("selfSignedCertResource", new()
{
    AllowedUses = new[]
    {
        "string",
    },
    PrivateKeyPem = "string",
    ValidityPeriodHours = 0,
    DnsNames = new[]
    {
        "string",
    },
    EarlyRenewalHours = 0,
    IpAddresses = new[]
    {
        "string",
    },
    IsCaCertificate = false,
    SetAuthorityKeyId = false,
    SetSubjectKeyId = false,
    Subject = new Tls.Inputs.SelfSignedCertSubjectArgs
    {
        CommonName = "string",
        Country = "string",
        Locality = "string",
        Organization = "string",
        OrganizationalUnit = "string",
        PostalCode = "string",
        Province = "string",
        SerialNumber = "string",
        StreetAddresses = new[]
        {
            "string",
        },
    },
    Uris = new[]
    {
        "string",
    },
});
Copy
example, err := tls.NewSelfSignedCert(ctx, "selfSignedCertResource", &tls.SelfSignedCertArgs{
	AllowedUses: pulumi.StringArray{
		pulumi.String("string"),
	},
	PrivateKeyPem:       pulumi.String("string"),
	ValidityPeriodHours: pulumi.Int(0),
	DnsNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	EarlyRenewalHours: pulumi.Int(0),
	IpAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	IsCaCertificate:   pulumi.Bool(false),
	SetAuthorityKeyId: pulumi.Bool(false),
	SetSubjectKeyId:   pulumi.Bool(false),
	Subject: &tls.SelfSignedCertSubjectArgs{
		CommonName:         pulumi.String("string"),
		Country:            pulumi.String("string"),
		Locality:           pulumi.String("string"),
		Organization:       pulumi.String("string"),
		OrganizationalUnit: pulumi.String("string"),
		PostalCode:         pulumi.String("string"),
		Province:           pulumi.String("string"),
		SerialNumber:       pulumi.String("string"),
		StreetAddresses: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Uris: pulumi.StringArray{
		pulumi.String("string"),
	},
})
Copy
var selfSignedCertResource = new SelfSignedCert("selfSignedCertResource", SelfSignedCertArgs.builder()
    .allowedUses("string")
    .privateKeyPem("string")
    .validityPeriodHours(0)
    .dnsNames("string")
    .earlyRenewalHours(0)
    .ipAddresses("string")
    .isCaCertificate(false)
    .setAuthorityKeyId(false)
    .setSubjectKeyId(false)
    .subject(SelfSignedCertSubjectArgs.builder()
        .commonName("string")
        .country("string")
        .locality("string")
        .organization("string")
        .organizationalUnit("string")
        .postalCode("string")
        .province("string")
        .serialNumber("string")
        .streetAddresses("string")
        .build())
    .uris("string")
    .build());
Copy
self_signed_cert_resource = tls.SelfSignedCert("selfSignedCertResource",
    allowed_uses=["string"],
    private_key_pem="string",
    validity_period_hours=0,
    dns_names=["string"],
    early_renewal_hours=0,
    ip_addresses=["string"],
    is_ca_certificate=False,
    set_authority_key_id=False,
    set_subject_key_id=False,
    subject={
        "common_name": "string",
        "country": "string",
        "locality": "string",
        "organization": "string",
        "organizational_unit": "string",
        "postal_code": "string",
        "province": "string",
        "serial_number": "string",
        "street_addresses": ["string"],
    },
    uris=["string"])
Copy
const selfSignedCertResource = new tls.SelfSignedCert("selfSignedCertResource", {
    allowedUses: ["string"],
    privateKeyPem: "string",
    validityPeriodHours: 0,
    dnsNames: ["string"],
    earlyRenewalHours: 0,
    ipAddresses: ["string"],
    isCaCertificate: false,
    setAuthorityKeyId: false,
    setSubjectKeyId: false,
    subject: {
        commonName: "string",
        country: "string",
        locality: "string",
        organization: "string",
        organizationalUnit: "string",
        postalCode: "string",
        province: "string",
        serialNumber: "string",
        streetAddresses: ["string"],
    },
    uris: ["string"],
});
Copy
type: tls:SelfSignedCert
properties:
    allowedUses:
        - string
    dnsNames:
        - string
    earlyRenewalHours: 0
    ipAddresses:
        - string
    isCaCertificate: false
    privateKeyPem: string
    setAuthorityKeyId: false
    setSubjectKeyId: false
    subject:
        commonName: string
        country: string
        locality: string
        organization: string
        organizationalUnit: string
        postalCode: string
        province: string
        serialNumber: string
        streetAddresses:
            - string
    uris:
        - string
    validityPeriodHours: 0
Copy

SelfSignedCert Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SelfSignedCert resource accepts the following input properties:

AllowedUses This property is required. List<string>
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
PrivateKeyPem This property is required. string
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
ValidityPeriodHours This property is required. int
Number of hours, after initial issuing, that the certificate will remain valid for.
DnsNames List<string>
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
EarlyRenewalHours int
IpAddresses List<string>
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
IsCaCertificate bool
Is the generated certificate representing a Certificate Authority (CA) (default: false).
SetAuthorityKeyId bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
SetSubjectKeyId bool
Should the generated certificate include a subject key identifier (default: false).
Subject SelfSignedCertSubject
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
Uris List<string>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
AllowedUses This property is required. []string
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
PrivateKeyPem This property is required. string
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
ValidityPeriodHours This property is required. int
Number of hours, after initial issuing, that the certificate will remain valid for.
DnsNames []string
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
EarlyRenewalHours int
IpAddresses []string
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
IsCaCertificate bool
Is the generated certificate representing a Certificate Authority (CA) (default: false).
SetAuthorityKeyId bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
SetSubjectKeyId bool
Should the generated certificate include a subject key identifier (default: false).
Subject SelfSignedCertSubjectArgs
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
Uris []string
List of URIs for which a certificate is being requested (i.e. certificate subjects).
allowedUses This property is required. List<String>
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
privateKeyPem This property is required. String
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
validityPeriodHours This property is required. Integer
Number of hours, after initial issuing, that the certificate will remain valid for.
dnsNames List<String>
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
earlyRenewalHours Integer
ipAddresses List<String>
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
isCaCertificate Boolean
Is the generated certificate representing a Certificate Authority (CA) (default: false).
setAuthorityKeyId Boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
setSubjectKeyId Boolean
Should the generated certificate include a subject key identifier (default: false).
subject SelfSignedCertSubject
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
uris List<String>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
allowedUses This property is required. string[]
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
privateKeyPem This property is required. string
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
validityPeriodHours This property is required. number
Number of hours, after initial issuing, that the certificate will remain valid for.
dnsNames string[]
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
earlyRenewalHours number
ipAddresses string[]
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
isCaCertificate boolean
Is the generated certificate representing a Certificate Authority (CA) (default: false).
setAuthorityKeyId boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
setSubjectKeyId boolean
Should the generated certificate include a subject key identifier (default: false).
subject SelfSignedCertSubject
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
uris string[]
List of URIs for which a certificate is being requested (i.e. certificate subjects).
allowed_uses This property is required. Sequence[str]
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
private_key_pem This property is required. str
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
validity_period_hours This property is required. int
Number of hours, after initial issuing, that the certificate will remain valid for.
dns_names Sequence[str]
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
early_renewal_hours int
ip_addresses Sequence[str]
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
is_ca_certificate bool
Is the generated certificate representing a Certificate Authority (CA) (default: false).
set_authority_key_id bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
set_subject_key_id bool
Should the generated certificate include a subject key identifier (default: false).
subject SelfSignedCertSubjectArgs
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
uris Sequence[str]
List of URIs for which a certificate is being requested (i.e. certificate subjects).
allowedUses This property is required. List<String>
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
privateKeyPem This property is required. String
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
validityPeriodHours This property is required. Number
Number of hours, after initial issuing, that the certificate will remain valid for.
dnsNames List<String>
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
earlyRenewalHours Number
ipAddresses List<String>
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
isCaCertificate Boolean
Is the generated certificate representing a Certificate Authority (CA) (default: false).
setAuthorityKeyId Boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
setSubjectKeyId Boolean
Should the generated certificate include a subject key identifier (default: false).
subject Property Map
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
uris List<String>
List of URIs for which a certificate is being requested (i.e. certificate subjects).

Outputs

All input properties are implicitly available as output properties. Additionally, the SelfSignedCert resource produces the following output properties:

CertPem string
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
Id string
The provider-assigned unique ID for this managed resource.
KeyAlgorithm string
Name of the algorithm used when generating the private key provided in private_key_pem.
ReadyForRenewal bool
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
ValidityEndTime string
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityStartTime string
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
CertPem string
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
Id string
The provider-assigned unique ID for this managed resource.
KeyAlgorithm string
Name of the algorithm used when generating the private key provided in private_key_pem.
ReadyForRenewal bool
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
ValidityEndTime string
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityStartTime string
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
certPem String
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
id String
The provider-assigned unique ID for this managed resource.
keyAlgorithm String
Name of the algorithm used when generating the private key provided in private_key_pem.
readyForRenewal Boolean
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime String
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime String
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
certPem string
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
id string
The provider-assigned unique ID for this managed resource.
keyAlgorithm string
Name of the algorithm used when generating the private key provided in private_key_pem.
readyForRenewal boolean
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime string
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime string
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
cert_pem str
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
id str
The provider-assigned unique ID for this managed resource.
key_algorithm str
Name of the algorithm used when generating the private key provided in private_key_pem.
ready_for_renewal bool
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validity_end_time str
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validity_start_time str
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
certPem String
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
id String
The provider-assigned unique ID for this managed resource.
keyAlgorithm String
Name of the algorithm used when generating the private key provided in private_key_pem.
readyForRenewal Boolean
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
validityEndTime String
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityStartTime String
The time after which the certificate is valid, expressed as an RFC3339 timestamp.

Look up Existing SelfSignedCert Resource

Get an existing SelfSignedCert resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SelfSignedCertState, opts?: CustomResourceOptions): SelfSignedCert
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_uses: Optional[Sequence[str]] = None,
        cert_pem: Optional[str] = None,
        dns_names: Optional[Sequence[str]] = None,
        early_renewal_hours: Optional[int] = None,
        ip_addresses: Optional[Sequence[str]] = None,
        is_ca_certificate: Optional[bool] = None,
        key_algorithm: Optional[str] = None,
        private_key_pem: Optional[str] = None,
        ready_for_renewal: Optional[bool] = None,
        set_authority_key_id: Optional[bool] = None,
        set_subject_key_id: Optional[bool] = None,
        subject: Optional[SelfSignedCertSubjectArgs] = None,
        uris: Optional[Sequence[str]] = None,
        validity_end_time: Optional[str] = None,
        validity_period_hours: Optional[int] = None,
        validity_start_time: Optional[str] = None) -> SelfSignedCert
func GetSelfSignedCert(ctx *Context, name string, id IDInput, state *SelfSignedCertState, opts ...ResourceOption) (*SelfSignedCert, error)
public static SelfSignedCert Get(string name, Input<string> id, SelfSignedCertState? state, CustomResourceOptions? opts = null)
public static SelfSignedCert get(String name, Output<String> id, SelfSignedCertState state, CustomResourceOptions options)
resources:  _:    type: tls:SelfSignedCert    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AllowedUses List<string>
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
CertPem string
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
DnsNames List<string>
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
EarlyRenewalHours int
IpAddresses List<string>
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
IsCaCertificate bool
Is the generated certificate representing a Certificate Authority (CA) (default: false).
KeyAlgorithm string
Name of the algorithm used when generating the private key provided in private_key_pem.
PrivateKeyPem string
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
ReadyForRenewal bool
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
SetAuthorityKeyId bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
SetSubjectKeyId bool
Should the generated certificate include a subject key identifier (default: false).
Subject SelfSignedCertSubject
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
Uris List<string>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
ValidityEndTime string
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityPeriodHours int
Number of hours, after initial issuing, that the certificate will remain valid for.
ValidityStartTime string
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
AllowedUses []string
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
CertPem string
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
DnsNames []string
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
EarlyRenewalHours int
IpAddresses []string
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
IsCaCertificate bool
Is the generated certificate representing a Certificate Authority (CA) (default: false).
KeyAlgorithm string
Name of the algorithm used when generating the private key provided in private_key_pem.
PrivateKeyPem string
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
ReadyForRenewal bool
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
SetAuthorityKeyId bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
SetSubjectKeyId bool
Should the generated certificate include a subject key identifier (default: false).
Subject SelfSignedCertSubjectArgs
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
Uris []string
List of URIs for which a certificate is being requested (i.e. certificate subjects).
ValidityEndTime string
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
ValidityPeriodHours int
Number of hours, after initial issuing, that the certificate will remain valid for.
ValidityStartTime string
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
allowedUses List<String>
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
certPem String
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
dnsNames List<String>
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
earlyRenewalHours Integer
ipAddresses List<String>
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
isCaCertificate Boolean
Is the generated certificate representing a Certificate Authority (CA) (default: false).
keyAlgorithm String
Name of the algorithm used when generating the private key provided in private_key_pem.
privateKeyPem String
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
readyForRenewal Boolean
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
setAuthorityKeyId Boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
setSubjectKeyId Boolean
Should the generated certificate include a subject key identifier (default: false).
subject SelfSignedCertSubject
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
uris List<String>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
validityEndTime String
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityPeriodHours Integer
Number of hours, after initial issuing, that the certificate will remain valid for.
validityStartTime String
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
allowedUses string[]
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
certPem string
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
dnsNames string[]
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
earlyRenewalHours number
ipAddresses string[]
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
isCaCertificate boolean
Is the generated certificate representing a Certificate Authority (CA) (default: false).
keyAlgorithm string
Name of the algorithm used when generating the private key provided in private_key_pem.
privateKeyPem string
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
readyForRenewal boolean
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
setAuthorityKeyId boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
setSubjectKeyId boolean
Should the generated certificate include a subject key identifier (default: false).
subject SelfSignedCertSubject
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
uris string[]
List of URIs for which a certificate is being requested (i.e. certificate subjects).
validityEndTime string
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityPeriodHours number
Number of hours, after initial issuing, that the certificate will remain valid for.
validityStartTime string
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
allowed_uses Sequence[str]
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
cert_pem str
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
dns_names Sequence[str]
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
early_renewal_hours int
ip_addresses Sequence[str]
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
is_ca_certificate bool
Is the generated certificate representing a Certificate Authority (CA) (default: false).
key_algorithm str
Name of the algorithm used when generating the private key provided in private_key_pem.
private_key_pem str
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
ready_for_renewal bool
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
set_authority_key_id bool
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
set_subject_key_id bool
Should the generated certificate include a subject key identifier (default: false).
subject SelfSignedCertSubjectArgs
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
uris Sequence[str]
List of URIs for which a certificate is being requested (i.e. certificate subjects).
validity_end_time str
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validity_period_hours int
Number of hours, after initial issuing, that the certificate will remain valid for.
validity_start_time str
The time after which the certificate is valid, expressed as an RFC3339 timestamp.
allowedUses List<String>
List of key usages allowed for the issued certificate. Values are defined in RFC 5280 and combine flags defined by both Key Usages and Extended Key Usages. Accepted values: any_extended, cert_signing, client_auth, code_signing, content_commitment, crl_signing, data_encipherment, decipher_only, digital_signature, email_protection, encipher_only, ipsec_end_system, ipsec_tunnel, ipsec_user, key_agreement, key_encipherment, microsoft_commercial_code_signing, microsoft_kernel_code_signing, microsoft_server_gated_crypto, netscape_server_gated_crypto, ocsp_signing, server_auth, timestamping.
certPem String
Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
dnsNames List<String>
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
earlyRenewalHours Number
ipAddresses List<String>
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
isCaCertificate Boolean
Is the generated certificate representing a Certificate Authority (CA) (default: false).
keyAlgorithm String
Name of the algorithm used when generating the private key provided in private_key_pem.
privateKeyPem String
Private key in PEM (RFC 1421) format, that the certificate will belong to. This can be read from a separate file using the file interpolation function.
readyForRenewal Boolean
Is the certificate either expired (i.e. beyond the validity_period_hours) or ready for an early renewal (i.e. within the early_renewal_hours)?
setAuthorityKeyId Boolean
Should the generated certificate include an authority key identifier: for self-signed certificates this is the same value as the subject key identifier (default: false).
setSubjectKeyId Boolean
Should the generated certificate include a subject key identifier (default: false).
subject Property Map
The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon Issuer Distinguished Names (RFC5280) section.
uris List<String>
List of URIs for which a certificate is being requested (i.e. certificate subjects).
validityEndTime String
The time until which the certificate is invalid, expressed as an RFC3339 timestamp.
validityPeriodHours Number
Number of hours, after initial issuing, that the certificate will remain valid for.
validityStartTime String
The time after which the certificate is valid, expressed as an RFC3339 timestamp.

Supporting Types

SelfSignedCertSubject
, SelfSignedCertSubjectArgs

CommonName string
Distinguished name: CN
Country string
Distinguished name: C
Locality string
Distinguished name: L
Organization string
Distinguished name: O
OrganizationalUnit string
Distinguished name: OU
PostalCode string
Distinguished name: PC
Province string
Distinguished name: ST
SerialNumber string
Distinguished name: SERIALNUMBER
StreetAddresses List<string>
Distinguished name: STREET
CommonName string
Distinguished name: CN
Country string
Distinguished name: C
Locality string
Distinguished name: L
Organization string
Distinguished name: O
OrganizationalUnit string
Distinguished name: OU
PostalCode string
Distinguished name: PC
Province string
Distinguished name: ST
SerialNumber string
Distinguished name: SERIALNUMBER
StreetAddresses []string
Distinguished name: STREET
commonName String
Distinguished name: CN
country String
Distinguished name: C
locality String
Distinguished name: L
organization String
Distinguished name: O
organizationalUnit String
Distinguished name: OU
postalCode String
Distinguished name: PC
province String
Distinguished name: ST
serialNumber String
Distinguished name: SERIALNUMBER
streetAddresses List<String>
Distinguished name: STREET
commonName string
Distinguished name: CN
country string
Distinguished name: C
locality string
Distinguished name: L
organization string
Distinguished name: O
organizationalUnit string
Distinguished name: OU
postalCode string
Distinguished name: PC
province string
Distinguished name: ST
serialNumber string
Distinguished name: SERIALNUMBER
streetAddresses string[]
Distinguished name: STREET
common_name str
Distinguished name: CN
country str
Distinguished name: C
locality str
Distinguished name: L
organization str
Distinguished name: O
organizational_unit str
Distinguished name: OU
postal_code str
Distinguished name: PC
province str
Distinguished name: ST
serial_number str
Distinguished name: SERIALNUMBER
street_addresses Sequence[str]
Distinguished name: STREET
commonName String
Distinguished name: CN
country String
Distinguished name: C
locality String
Distinguished name: L
organization String
Distinguished name: O
organizationalUnit String
Distinguished name: OU
postalCode String
Distinguished name: PC
province String
Distinguished name: ST
serialNumber String
Distinguished name: SERIALNUMBER
streetAddresses List<String>
Distinguished name: STREET

Package Details

Repository
TLS pulumi/pulumi-tls
License
Apache-2.0
Notes
This Pulumi package is based on the tls Terraform Provider.