1. Packages
  2. Venafi Provider
  3. API Docs
  4. Certificate
Venafi v1.10.6 published on Thursday, Jan 23, 2025 by Pulumi

venafi.Certificate

Explore with Pulumi AI

Create Certificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                common_name: Optional[str] = None,
                nickname: Optional[str] = None,
                san_uris: Optional[Sequence[str]] = None,
                country: Optional[str] = None,
                csr_origin: Optional[str] = None,
                csr_pem: Optional[str] = None,
                custom_fields: Optional[Mapping[str, str]] = None,
                ecdsa_curve: Optional[str] = None,
                expiration_window: Optional[int] = None,
                issuer_hint: Optional[str] = None,
                key_password: Optional[str] = None,
                valid_days: Optional[int] = None,
                certificate_dn: Optional[str] = None,
                pkcs12: Optional[str] = None,
                organizational_units: Optional[Sequence[str]] = None,
                organization: Optional[str] = None,
                private_key_pem: Optional[str] = None,
                renew_required: Optional[bool] = None,
                rsa_bits: Optional[int] = None,
                san_dns: Optional[Sequence[str]] = None,
                san_emails: Optional[Sequence[str]] = None,
                san_ips: Optional[Sequence[str]] = None,
                algorithm: Optional[str] = None,
                state: Optional[str] = None,
                locality: Optional[str] = None)
func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: venafi:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. CertificateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. CertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. CertificateArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var certificateResource = new Venafi.Certificate("certificateResource", new()
{
    CommonName = "string",
    Nickname = "string",
    SanUris = new[]
    {
        "string",
    },
    Country = "string",
    CsrOrigin = "string",
    CsrPem = "string",
    CustomFields = 
    {
        { "string", "string" },
    },
    EcdsaCurve = "string",
    ExpirationWindow = 0,
    IssuerHint = "string",
    KeyPassword = "string",
    ValidDays = 0,
    CertificateDn = "string",
    Pkcs12 = "string",
    OrganizationalUnits = new[]
    {
        "string",
    },
    Organization = "string",
    PrivateKeyPem = "string",
    RenewRequired = false,
    RsaBits = 0,
    SanDns = new[]
    {
        "string",
    },
    SanEmails = new[]
    {
        "string",
    },
    SanIps = new[]
    {
        "string",
    },
    Algorithm = "string",
    State = "string",
    Locality = "string",
});
Copy
example, err := venafi.NewCertificate(ctx, "certificateResource", &venafi.CertificateArgs{
	CommonName: pulumi.String("string"),
	Nickname:   pulumi.String("string"),
	SanUris: pulumi.StringArray{
		pulumi.String("string"),
	},
	Country:   pulumi.String("string"),
	CsrOrigin: pulumi.String("string"),
	CsrPem:    pulumi.String("string"),
	CustomFields: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	EcdsaCurve:       pulumi.String("string"),
	ExpirationWindow: pulumi.Int(0),
	IssuerHint:       pulumi.String("string"),
	KeyPassword:      pulumi.String("string"),
	ValidDays:        pulumi.Int(0),
	CertificateDn:    pulumi.String("string"),
	Pkcs12:           pulumi.String("string"),
	OrganizationalUnits: pulumi.StringArray{
		pulumi.String("string"),
	},
	Organization:  pulumi.String("string"),
	PrivateKeyPem: pulumi.String("string"),
	RenewRequired: pulumi.Bool(false),
	RsaBits:       pulumi.Int(0),
	SanDns: pulumi.StringArray{
		pulumi.String("string"),
	},
	SanEmails: pulumi.StringArray{
		pulumi.String("string"),
	},
	SanIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	Algorithm: pulumi.String("string"),
	State:     pulumi.String("string"),
	Locality:  pulumi.String("string"),
})
Copy
var certificateResource = new Certificate("certificateResource", CertificateArgs.builder()
    .commonName("string")
    .nickname("string")
    .sanUris("string")
    .country("string")
    .csrOrigin("string")
    .csrPem("string")
    .customFields(Map.of("string", "string"))
    .ecdsaCurve("string")
    .expirationWindow(0)
    .issuerHint("string")
    .keyPassword("string")
    .validDays(0)
    .certificateDn("string")
    .pkcs12("string")
    .organizationalUnits("string")
    .organization("string")
    .privateKeyPem("string")
    .renewRequired(false)
    .rsaBits(0)
    .sanDns("string")
    .sanEmails("string")
    .sanIps("string")
    .algorithm("string")
    .state("string")
    .locality("string")
    .build());
Copy
certificate_resource = venafi.Certificate("certificateResource",
    common_name="string",
    nickname="string",
    san_uris=["string"],
    country="string",
    csr_origin="string",
    csr_pem="string",
    custom_fields={
        "string": "string",
    },
    ecdsa_curve="string",
    expiration_window=0,
    issuer_hint="string",
    key_password="string",
    valid_days=0,
    certificate_dn="string",
    pkcs12="string",
    organizational_units=["string"],
    organization="string",
    private_key_pem="string",
    renew_required=False,
    rsa_bits=0,
    san_dns=["string"],
    san_emails=["string"],
    san_ips=["string"],
    algorithm="string",
    state="string",
    locality="string")
Copy
const certificateResource = new venafi.Certificate("certificateResource", {
    commonName: "string",
    nickname: "string",
    sanUris: ["string"],
    country: "string",
    csrOrigin: "string",
    csrPem: "string",
    customFields: {
        string: "string",
    },
    ecdsaCurve: "string",
    expirationWindow: 0,
    issuerHint: "string",
    keyPassword: "string",
    validDays: 0,
    certificateDn: "string",
    pkcs12: "string",
    organizationalUnits: ["string"],
    organization: "string",
    privateKeyPem: "string",
    renewRequired: false,
    rsaBits: 0,
    sanDns: ["string"],
    sanEmails: ["string"],
    sanIps: ["string"],
    algorithm: "string",
    state: "string",
    locality: "string",
});
Copy
type: venafi:Certificate
properties:
    algorithm: string
    certificateDn: string
    commonName: string
    country: string
    csrOrigin: string
    csrPem: string
    customFields:
        string: string
    ecdsaCurve: string
    expirationWindow: 0
    issuerHint: string
    keyPassword: string
    locality: string
    nickname: string
    organization: string
    organizationalUnits:
        - string
    pkcs12: string
    privateKeyPem: string
    renewRequired: false
    rsaBits: 0
    sanDns:
        - string
    sanEmails:
        - string
    sanIps:
        - string
    sanUris:
        - string
    state: string
    validDays: 0
Copy

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Certificate resource accepts the following input properties:

CommonName
This property is required.
Changes to this property will trigger replacement.
string
The common name of the certificate.
Algorithm Changes to this property will trigger replacement. string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDn string
Country Changes to this property will trigger replacement. string
Country of the certificate (C)
CsrOrigin Changes to this property will trigger replacement. string
Whether key-pair generation will be local or service generated. Default is local.
CsrPem string
CustomFields Changes to this property will trigger replacement. Dictionary<string, string>
Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve Changes to this property will trigger replacement. string
ECDSA curve to use when generating a key
ExpirationWindow int
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
IssuerHint Changes to this property will trigger replacement. string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
KeyPassword Changes to this property will trigger replacement. string
The password used to encrypt the private key.
Locality Changes to this property will trigger replacement. string
Locality/City of the certificate (L)
Nickname Changes to this property will trigger replacement. string
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
Organization Changes to this property will trigger replacement. string
Organization of the certificate (O)
OrganizationalUnits Changes to this property will trigger replacement. List<string>
List of Organizational Units of the certificate (OU)
Pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
PrivateKeyPem string
The private key in PEM format.
RenewRequired Changes to this property will trigger replacement. bool
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
RsaBits Changes to this property will trigger replacement. int
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
SanDns Changes to this property will trigger replacement. List<string>
List of DNS names to use as alternative subjects of the certificate.
SanEmails Changes to this property will trigger replacement. List<string>
List of email addresses to use as alternative subjects of the certificate.
SanIps Changes to this property will trigger replacement. List<string>
List of IP addresses to use as alternative subjects of the certificate.
SanUris Changes to this property will trigger replacement. List<string>
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
State Changes to this property will trigger replacement. string
State of the certificate (S)
ValidDays Changes to this property will trigger replacement. int
Desired number of days for which the new certificate will be valid.
CommonName
This property is required.
Changes to this property will trigger replacement.
string
The common name of the certificate.
Algorithm Changes to this property will trigger replacement. string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDn string
Country Changes to this property will trigger replacement. string
Country of the certificate (C)
CsrOrigin Changes to this property will trigger replacement. string
Whether key-pair generation will be local or service generated. Default is local.
CsrPem string
CustomFields Changes to this property will trigger replacement. map[string]string
Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve Changes to this property will trigger replacement. string
ECDSA curve to use when generating a key
ExpirationWindow int
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
IssuerHint Changes to this property will trigger replacement. string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
KeyPassword Changes to this property will trigger replacement. string
The password used to encrypt the private key.
Locality Changes to this property will trigger replacement. string
Locality/City of the certificate (L)
Nickname Changes to this property will trigger replacement. string
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
Organization Changes to this property will trigger replacement. string
Organization of the certificate (O)
OrganizationalUnits Changes to this property will trigger replacement. []string
List of Organizational Units of the certificate (OU)
Pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
PrivateKeyPem string
The private key in PEM format.
RenewRequired Changes to this property will trigger replacement. bool
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
RsaBits Changes to this property will trigger replacement. int
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
SanDns Changes to this property will trigger replacement. []string
List of DNS names to use as alternative subjects of the certificate.
SanEmails Changes to this property will trigger replacement. []string
List of email addresses to use as alternative subjects of the certificate.
SanIps Changes to this property will trigger replacement. []string
List of IP addresses to use as alternative subjects of the certificate.
SanUris Changes to this property will trigger replacement. []string
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
State Changes to this property will trigger replacement. string
State of the certificate (S)
ValidDays Changes to this property will trigger replacement. int
Desired number of days for which the new certificate will be valid.
commonName
This property is required.
Changes to this property will trigger replacement.
String
The common name of the certificate.
algorithm Changes to this property will trigger replacement. String
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificateDn String
country Changes to this property will trigger replacement. String
Country of the certificate (C)
csrOrigin Changes to this property will trigger replacement. String
Whether key-pair generation will be local or service generated. Default is local.
csrPem String
customFields Changes to this property will trigger replacement. Map<String,String>
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve Changes to this property will trigger replacement. String
ECDSA curve to use when generating a key
expirationWindow Integer
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint Changes to this property will trigger replacement. String
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword Changes to this property will trigger replacement. String
The password used to encrypt the private key.
locality Changes to this property will trigger replacement. String
Locality/City of the certificate (L)
nickname Changes to this property will trigger replacement. String
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization Changes to this property will trigger replacement. String
Organization of the certificate (O)
organizationalUnits Changes to this property will trigger replacement. List<String>
List of Organizational Units of the certificate (OU)
pkcs12 String
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem String
The private key in PEM format.
renewRequired Changes to this property will trigger replacement. Boolean
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Changes to this property will trigger replacement. Integer
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns Changes to this property will trigger replacement. List<String>
List of DNS names to use as alternative subjects of the certificate.
sanEmails Changes to this property will trigger replacement. List<String>
List of email addresses to use as alternative subjects of the certificate.
sanIps Changes to this property will trigger replacement. List<String>
List of IP addresses to use as alternative subjects of the certificate.
sanUris Changes to this property will trigger replacement. List<String>
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state Changes to this property will trigger replacement. String
State of the certificate (S)
validDays Changes to this property will trigger replacement. Integer
Desired number of days for which the new certificate will be valid.
commonName
This property is required.
Changes to this property will trigger replacement.
string
The common name of the certificate.
algorithm Changes to this property will trigger replacement. string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificateDn string
country Changes to this property will trigger replacement. string
Country of the certificate (C)
csrOrigin Changes to this property will trigger replacement. string
Whether key-pair generation will be local or service generated. Default is local.
csrPem string
customFields Changes to this property will trigger replacement. {[key: string]: string}
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve Changes to this property will trigger replacement. string
ECDSA curve to use when generating a key
expirationWindow number
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint Changes to this property will trigger replacement. string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword Changes to this property will trigger replacement. string
The password used to encrypt the private key.
locality Changes to this property will trigger replacement. string
Locality/City of the certificate (L)
nickname Changes to this property will trigger replacement. string
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization Changes to this property will trigger replacement. string
Organization of the certificate (O)
organizationalUnits Changes to this property will trigger replacement. string[]
List of Organizational Units of the certificate (OU)
pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem string
The private key in PEM format.
renewRequired Changes to this property will trigger replacement. boolean
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Changes to this property will trigger replacement. number
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns Changes to this property will trigger replacement. string[]
List of DNS names to use as alternative subjects of the certificate.
sanEmails Changes to this property will trigger replacement. string[]
List of email addresses to use as alternative subjects of the certificate.
sanIps Changes to this property will trigger replacement. string[]
List of IP addresses to use as alternative subjects of the certificate.
sanUris Changes to this property will trigger replacement. string[]
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state Changes to this property will trigger replacement. string
State of the certificate (S)
validDays Changes to this property will trigger replacement. number
Desired number of days for which the new certificate will be valid.
common_name
This property is required.
Changes to this property will trigger replacement.
str
The common name of the certificate.
algorithm Changes to this property will trigger replacement. str
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate_dn str
country Changes to this property will trigger replacement. str
Country of the certificate (C)
csr_origin Changes to this property will trigger replacement. str
Whether key-pair generation will be local or service generated. Default is local.
csr_pem str
custom_fields Changes to this property will trigger replacement. Mapping[str, str]
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsa_curve Changes to this property will trigger replacement. str
ECDSA curve to use when generating a key
expiration_window int
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuer_hint Changes to this property will trigger replacement. str
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
key_password Changes to this property will trigger replacement. str
The password used to encrypt the private key.
locality Changes to this property will trigger replacement. str
Locality/City of the certificate (L)
nickname Changes to this property will trigger replacement. str
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization Changes to this property will trigger replacement. str
Organization of the certificate (O)
organizational_units Changes to this property will trigger replacement. Sequence[str]
List of Organizational Units of the certificate (OU)
pkcs12 str
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
private_key_pem str
The private key in PEM format.
renew_required Changes to this property will trigger replacement. bool
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsa_bits Changes to this property will trigger replacement. int
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
san_dns Changes to this property will trigger replacement. Sequence[str]
List of DNS names to use as alternative subjects of the certificate.
san_emails Changes to this property will trigger replacement. Sequence[str]
List of email addresses to use as alternative subjects of the certificate.
san_ips Changes to this property will trigger replacement. Sequence[str]
List of IP addresses to use as alternative subjects of the certificate.
san_uris Changes to this property will trigger replacement. Sequence[str]
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state Changes to this property will trigger replacement. str
State of the certificate (S)
valid_days Changes to this property will trigger replacement. int
Desired number of days for which the new certificate will be valid.
commonName
This property is required.
Changes to this property will trigger replacement.
String
The common name of the certificate.
algorithm Changes to this property will trigger replacement. String
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificateDn String
country Changes to this property will trigger replacement. String
Country of the certificate (C)
csrOrigin Changes to this property will trigger replacement. String
Whether key-pair generation will be local or service generated. Default is local.
csrPem String
customFields Changes to this property will trigger replacement. Map<String>
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve Changes to this property will trigger replacement. String
ECDSA curve to use when generating a key
expirationWindow Number
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint Changes to this property will trigger replacement. String
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword Changes to this property will trigger replacement. String
The password used to encrypt the private key.
locality Changes to this property will trigger replacement. String
Locality/City of the certificate (L)
nickname Changes to this property will trigger replacement. String
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization Changes to this property will trigger replacement. String
Organization of the certificate (O)
organizationalUnits Changes to this property will trigger replacement. List<String>
List of Organizational Units of the certificate (OU)
pkcs12 String
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem String
The private key in PEM format.
renewRequired Changes to this property will trigger replacement. Boolean
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Changes to this property will trigger replacement. Number
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns Changes to this property will trigger replacement. List<String>
List of DNS names to use as alternative subjects of the certificate.
sanEmails Changes to this property will trigger replacement. List<String>
List of email addresses to use as alternative subjects of the certificate.
sanIps Changes to this property will trigger replacement. List<String>
List of IP addresses to use as alternative subjects of the certificate.
sanUris Changes to this property will trigger replacement. List<String>
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state Changes to this property will trigger replacement. String
State of the certificate (S)
validDays Changes to this property will trigger replacement. Number
Desired number of days for which the new certificate will be valid.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

CertificateDetails string
The X509 certificate in PEM format.
CertificateId string
ID of the issued certificate
Chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
Id string
The provider-assigned unique ID for this managed resource.
Certificate string
The X509 certificate in PEM format.
CertificateId string
ID of the issued certificate
Chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
Id string
The provider-assigned unique ID for this managed resource.
certificate String
The X509 certificate in PEM format.
certificateId String
ID of the issued certificate
chain String
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id String
The provider-assigned unique ID for this managed resource.
certificate string
The X509 certificate in PEM format.
certificateId string
ID of the issued certificate
chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id string
The provider-assigned unique ID for this managed resource.
certificate str
The X509 certificate in PEM format.
certificate_id str
ID of the issued certificate
chain str
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id str
The provider-assigned unique ID for this managed resource.
certificate String
The X509 certificate in PEM format.
certificateId String
ID of the issued certificate
chain String
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        algorithm: Optional[str] = None,
        certificate: Optional[str] = None,
        certificate_dn: Optional[str] = None,
        certificate_id: Optional[str] = None,
        chain: Optional[str] = None,
        common_name: Optional[str] = None,
        country: Optional[str] = None,
        csr_origin: Optional[str] = None,
        csr_pem: Optional[str] = None,
        custom_fields: Optional[Mapping[str, str]] = None,
        ecdsa_curve: Optional[str] = None,
        expiration_window: Optional[int] = None,
        issuer_hint: Optional[str] = None,
        key_password: Optional[str] = None,
        locality: Optional[str] = None,
        nickname: Optional[str] = None,
        organization: Optional[str] = None,
        organizational_units: Optional[Sequence[str]] = None,
        pkcs12: Optional[str] = None,
        private_key_pem: Optional[str] = None,
        renew_required: Optional[bool] = None,
        rsa_bits: Optional[int] = None,
        san_dns: Optional[Sequence[str]] = None,
        san_emails: Optional[Sequence[str]] = None,
        san_ips: Optional[Sequence[str]] = None,
        san_uris: Optional[Sequence[str]] = None,
        state: Optional[str] = None,
        valid_days: Optional[int] = None) -> Certificate
func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
resources:  _:    type: venafi:Certificate    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Algorithm Changes to this property will trigger replacement. string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
CertificateDetails string
The X509 certificate in PEM format.
CertificateDn string
CertificateId string
ID of the issued certificate
Chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
CommonName Changes to this property will trigger replacement. string
The common name of the certificate.
Country Changes to this property will trigger replacement. string
Country of the certificate (C)
CsrOrigin Changes to this property will trigger replacement. string
Whether key-pair generation will be local or service generated. Default is local.
CsrPem string
CustomFields Changes to this property will trigger replacement. Dictionary<string, string>
Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve Changes to this property will trigger replacement. string
ECDSA curve to use when generating a key
ExpirationWindow int
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
IssuerHint Changes to this property will trigger replacement. string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
KeyPassword Changes to this property will trigger replacement. string
The password used to encrypt the private key.
Locality Changes to this property will trigger replacement. string
Locality/City of the certificate (L)
Nickname Changes to this property will trigger replacement. string
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
Organization Changes to this property will trigger replacement. string
Organization of the certificate (O)
OrganizationalUnits Changes to this property will trigger replacement. List<string>
List of Organizational Units of the certificate (OU)
Pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
PrivateKeyPem string
The private key in PEM format.
RenewRequired Changes to this property will trigger replacement. bool
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
RsaBits Changes to this property will trigger replacement. int
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
SanDns Changes to this property will trigger replacement. List<string>
List of DNS names to use as alternative subjects of the certificate.
SanEmails Changes to this property will trigger replacement. List<string>
List of email addresses to use as alternative subjects of the certificate.
SanIps Changes to this property will trigger replacement. List<string>
List of IP addresses to use as alternative subjects of the certificate.
SanUris Changes to this property will trigger replacement. List<string>
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
State Changes to this property will trigger replacement. string
State of the certificate (S)
ValidDays Changes to this property will trigger replacement. int
Desired number of days for which the new certificate will be valid.
Algorithm Changes to this property will trigger replacement. string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
Certificate string
The X509 certificate in PEM format.
CertificateDn string
CertificateId string
ID of the issued certificate
Chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
CommonName Changes to this property will trigger replacement. string
The common name of the certificate.
Country Changes to this property will trigger replacement. string
Country of the certificate (C)
CsrOrigin Changes to this property will trigger replacement. string
Whether key-pair generation will be local or service generated. Default is local.
CsrPem string
CustomFields Changes to this property will trigger replacement. map[string]string
Collection of Custom Field name-value pairs to assign to the certificate.
EcdsaCurve Changes to this property will trigger replacement. string
ECDSA curve to use when generating a key
ExpirationWindow int
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
IssuerHint Changes to this property will trigger replacement. string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
KeyPassword Changes to this property will trigger replacement. string
The password used to encrypt the private key.
Locality Changes to this property will trigger replacement. string
Locality/City of the certificate (L)
Nickname Changes to this property will trigger replacement. string
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
Organization Changes to this property will trigger replacement. string
Organization of the certificate (O)
OrganizationalUnits Changes to this property will trigger replacement. []string
List of Organizational Units of the certificate (OU)
Pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
PrivateKeyPem string
The private key in PEM format.
RenewRequired Changes to this property will trigger replacement. bool
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
RsaBits Changes to this property will trigger replacement. int
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
SanDns Changes to this property will trigger replacement. []string
List of DNS names to use as alternative subjects of the certificate.
SanEmails Changes to this property will trigger replacement. []string
List of email addresses to use as alternative subjects of the certificate.
SanIps Changes to this property will trigger replacement. []string
List of IP addresses to use as alternative subjects of the certificate.
SanUris Changes to this property will trigger replacement. []string
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
State Changes to this property will trigger replacement. string
State of the certificate (S)
ValidDays Changes to this property will trigger replacement. int
Desired number of days for which the new certificate will be valid.
algorithm Changes to this property will trigger replacement. String
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate String
The X509 certificate in PEM format.
certificateDn String
certificateId String
ID of the issued certificate
chain String
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
commonName Changes to this property will trigger replacement. String
The common name of the certificate.
country Changes to this property will trigger replacement. String
Country of the certificate (C)
csrOrigin Changes to this property will trigger replacement. String
Whether key-pair generation will be local or service generated. Default is local.
csrPem String
customFields Changes to this property will trigger replacement. Map<String,String>
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve Changes to this property will trigger replacement. String
ECDSA curve to use when generating a key
expirationWindow Integer
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint Changes to this property will trigger replacement. String
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword Changes to this property will trigger replacement. String
The password used to encrypt the private key.
locality Changes to this property will trigger replacement. String
Locality/City of the certificate (L)
nickname Changes to this property will trigger replacement. String
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization Changes to this property will trigger replacement. String
Organization of the certificate (O)
organizationalUnits Changes to this property will trigger replacement. List<String>
List of Organizational Units of the certificate (OU)
pkcs12 String
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem String
The private key in PEM format.
renewRequired Changes to this property will trigger replacement. Boolean
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Changes to this property will trigger replacement. Integer
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns Changes to this property will trigger replacement. List<String>
List of DNS names to use as alternative subjects of the certificate.
sanEmails Changes to this property will trigger replacement. List<String>
List of email addresses to use as alternative subjects of the certificate.
sanIps Changes to this property will trigger replacement. List<String>
List of IP addresses to use as alternative subjects of the certificate.
sanUris Changes to this property will trigger replacement. List<String>
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state Changes to this property will trigger replacement. String
State of the certificate (S)
validDays Changes to this property will trigger replacement. Integer
Desired number of days for which the new certificate will be valid.
algorithm Changes to this property will trigger replacement. string
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate string
The X509 certificate in PEM format.
certificateDn string
certificateId string
ID of the issued certificate
chain string
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
commonName Changes to this property will trigger replacement. string
The common name of the certificate.
country Changes to this property will trigger replacement. string
Country of the certificate (C)
csrOrigin Changes to this property will trigger replacement. string
Whether key-pair generation will be local or service generated. Default is local.
csrPem string
customFields Changes to this property will trigger replacement. {[key: string]: string}
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve Changes to this property will trigger replacement. string
ECDSA curve to use when generating a key
expirationWindow number
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint Changes to this property will trigger replacement. string
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword Changes to this property will trigger replacement. string
The password used to encrypt the private key.
locality Changes to this property will trigger replacement. string
Locality/City of the certificate (L)
nickname Changes to this property will trigger replacement. string
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization Changes to this property will trigger replacement. string
Organization of the certificate (O)
organizationalUnits Changes to this property will trigger replacement. string[]
List of Organizational Units of the certificate (OU)
pkcs12 string
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem string
The private key in PEM format.
renewRequired Changes to this property will trigger replacement. boolean
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Changes to this property will trigger replacement. number
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns Changes to this property will trigger replacement. string[]
List of DNS names to use as alternative subjects of the certificate.
sanEmails Changes to this property will trigger replacement. string[]
List of email addresses to use as alternative subjects of the certificate.
sanIps Changes to this property will trigger replacement. string[]
List of IP addresses to use as alternative subjects of the certificate.
sanUris Changes to this property will trigger replacement. string[]
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state Changes to this property will trigger replacement. string
State of the certificate (S)
validDays Changes to this property will trigger replacement. number
Desired number of days for which the new certificate will be valid.
algorithm Changes to this property will trigger replacement. str
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate str
The X509 certificate in PEM format.
certificate_dn str
certificate_id str
ID of the issued certificate
chain str
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
common_name Changes to this property will trigger replacement. str
The common name of the certificate.
country Changes to this property will trigger replacement. str
Country of the certificate (C)
csr_origin Changes to this property will trigger replacement. str
Whether key-pair generation will be local or service generated. Default is local.
csr_pem str
custom_fields Changes to this property will trigger replacement. Mapping[str, str]
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsa_curve Changes to this property will trigger replacement. str
ECDSA curve to use when generating a key
expiration_window int
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuer_hint Changes to this property will trigger replacement. str
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
key_password Changes to this property will trigger replacement. str
The password used to encrypt the private key.
locality Changes to this property will trigger replacement. str
Locality/City of the certificate (L)
nickname Changes to this property will trigger replacement. str
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization Changes to this property will trigger replacement. str
Organization of the certificate (O)
organizational_units Changes to this property will trigger replacement. Sequence[str]
List of Organizational Units of the certificate (OU)
pkcs12 str
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
private_key_pem str
The private key in PEM format.
renew_required Changes to this property will trigger replacement. bool
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsa_bits Changes to this property will trigger replacement. int
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
san_dns Changes to this property will trigger replacement. Sequence[str]
List of DNS names to use as alternative subjects of the certificate.
san_emails Changes to this property will trigger replacement. Sequence[str]
List of email addresses to use as alternative subjects of the certificate.
san_ips Changes to this property will trigger replacement. Sequence[str]
List of IP addresses to use as alternative subjects of the certificate.
san_uris Changes to this property will trigger replacement. Sequence[str]
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state Changes to this property will trigger replacement. str
State of the certificate (S)
valid_days Changes to this property will trigger replacement. int
Desired number of days for which the new certificate will be valid.
algorithm Changes to this property will trigger replacement. String
Key encryption algorithm, either RSA or ECDSA. Defaults to RSA.
certificate String
The X509 certificate in PEM format.
certificateDn String
certificateId String
ID of the issued certificate
chain String
The trust chain of X509 certificate authority certificates in PEM format concatenated together.
commonName Changes to this property will trigger replacement. String
The common name of the certificate.
country Changes to this property will trigger replacement. String
Country of the certificate (C)
csrOrigin Changes to this property will trigger replacement. String
Whether key-pair generation will be local or service generated. Default is local.
csrPem String
customFields Changes to this property will trigger replacement. Map<String>
Collection of Custom Field name-value pairs to assign to the certificate.
ecdsaCurve Changes to this property will trigger replacement. String
ECDSA curve to use when generating a key
expirationWindow Number
Number of hours before certificate expiry to request a new certificate. Defaults to 168.
issuerHint Changes to this property will trigger replacement. String
Used with valid_days to indicate the target issuer when using Trust Protection Platform. Relevant values are: DigiCert, Entrust, and Microsoft.
keyPassword Changes to this property will trigger replacement. String
The password used to encrypt the private key.
locality Changes to this property will trigger replacement. String
Locality/City of the certificate (L)
nickname Changes to this property will trigger replacement. String
Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for Trust Protection Platform.
organization Changes to this property will trigger replacement. String
Organization of the certificate (O)
organizationalUnits Changes to this property will trigger replacement. List<String>
List of Organizational Units of the certificate (OU)
pkcs12 String
A base64-encoded PKCS#12 keystore secured by the key_password. Useful when working with resources like azure key_vault_certificate.
privateKeyPem String
The private key in PEM format.
renewRequired Changes to this property will trigger replacement. Boolean
Indicates the certificate should be reissued. This means the resource will destroyed and recreated
rsaBits Changes to this property will trigger replacement. Number
Number of bits to use when generating an RSA key. Applies when algorithm is RSA. Defaults to 2048.
sanDns Changes to this property will trigger replacement. List<String>
List of DNS names to use as alternative subjects of the certificate.
sanEmails Changes to this property will trigger replacement. List<String>
List of email addresses to use as alternative subjects of the certificate.
sanIps Changes to this property will trigger replacement. List<String>
List of IP addresses to use as alternative subjects of the certificate.
sanUris Changes to this property will trigger replacement. List<String>
List of Uniform Resource Identifiers (URIs) to use as alternative subjects of the certificate.
state Changes to this property will trigger replacement. String
State of the certificate (S)
validDays Changes to this property will trigger replacement. Number
Desired number of days for which the new certificate will be valid.

Package Details

Repository
Venafi pulumi/pulumi-venafi
License
Apache-2.0
Notes
This Pulumi package is based on the venafi Terraform Provider.