1. Packages
  2. Ibm Provider
  3. API Docs
  4. SmPrivateCertificateConfigurationIntermediateCa
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud

ibm.SmPrivateCertificateConfigurationIntermediateCa

Explore with Pulumi AI

Provides a resource for an intermediate certificate authority. This allows an intermediate CA to be created, updated and deleted. Note that an intermediate CA cannot be deleted if it contains one or more certificate templates. Therefore, arguments that are marked as Forces new resource should not be modified if certificate template configurations exist for the CA.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const intermediateCA = new ibm.SmPrivateCertificateConfigurationIntermediateCa("intermediateCA", {
    instanceId: ibm_resource_instance.sm_instance.guid,
    signingMethod: "internal",
    issuer: ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA.name,
    commonName: "ibm.com",
    altNames: [
        "alt-name-1",
        "alt-name-2",
    ],
    permittedDnsDomains: ["exampleString"],
    ous: ["example_ou"],
    organizations: ["example_organization"],
    countries: ["US"],
    localities: ["example_locality"],
    provinces: ["example_province"],
    streetAddresses: ["example street address"],
    postalCodes: ["example_postal_code"],
    ipSans: "127.0.0.1",
    uriSans: "https://www.example.com/test",
    otherSans: ["1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"],
    excludeCnFromSans: false,
    ttl: "2100h",
    maxTtl: "8760h",
    maxPathLength: -1,
    issuingCertificatesUrlsEncoded: true,
    keyType: "rsa",
    keyBits: 4096,
    format: "pem",
    privateKeyFormat: "der",
    crlExpiry: "72h",
    crlDisable: false,
    crlDistributionPointsEncoded: true,
}, {
    dependsOn: [ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA],
});
Copy
import pulumi
import pulumi_ibm as ibm

intermediate_ca = ibm.SmPrivateCertificateConfigurationIntermediateCa("intermediateCA",
    instance_id=ibm_resource_instance["sm_instance"]["guid"],
    signing_method="internal",
    issuer=ibm_sm_private_certificate_configuration_root_ca["private_certificate_root_CA"]["name"],
    common_name="ibm.com",
    alt_names=[
        "alt-name-1",
        "alt-name-2",
    ],
    permitted_dns_domains=["exampleString"],
    ous=["example_ou"],
    organizations=["example_organization"],
    countries=["US"],
    localities=["example_locality"],
    provinces=["example_province"],
    street_addresses=["example street address"],
    postal_codes=["example_postal_code"],
    ip_sans="127.0.0.1",
    uri_sans="https://www.example.com/test",
    other_sans=["1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"],
    exclude_cn_from_sans=False,
    ttl="2100h",
    max_ttl="8760h",
    max_path_length=-1,
    issuing_certificates_urls_encoded=True,
    key_type="rsa",
    key_bits=4096,
    format="pem",
    private_key_format="der",
    crl_expiry="72h",
    crl_disable=False,
    crl_distribution_points_encoded=True,
    opts = pulumi.ResourceOptions(depends_on=[ibm_sm_private_certificate_configuration_root_ca["private_certificate_root_CA"]]))
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewSmPrivateCertificateConfigurationIntermediateCa(ctx, "intermediateCA", &ibm.SmPrivateCertificateConfigurationIntermediateCaArgs{
			InstanceId:    pulumi.Any(ibm_resource_instance.Sm_instance.Guid),
			SigningMethod: pulumi.String("internal"),
			Issuer:        pulumi.Any(ibm_sm_private_certificate_configuration_root_ca.Private_certificate_root_CA.Name),
			CommonName:    pulumi.String("ibm.com"),
			AltNames: pulumi.StringArray{
				pulumi.String("alt-name-1"),
				pulumi.String("alt-name-2"),
			},
			PermittedDnsDomains: pulumi.StringArray{
				pulumi.String("exampleString"),
			},
			Ous: pulumi.StringArray{
				pulumi.String("example_ou"),
			},
			Organizations: pulumi.StringArray{
				pulumi.String("example_organization"),
			},
			Countries: pulumi.StringArray{
				pulumi.String("US"),
			},
			Localities: pulumi.StringArray{
				pulumi.String("example_locality"),
			},
			Provinces: pulumi.StringArray{
				pulumi.String("example_province"),
			},
			StreetAddresses: pulumi.StringArray{
				pulumi.String("example street address"),
			},
			PostalCodes: pulumi.StringArray{
				pulumi.String("example_postal_code"),
			},
			IpSans:  pulumi.String("127.0.0.1"),
			UriSans: pulumi.String("https://www.example.com/test"),
			OtherSans: pulumi.StringArray{
				pulumi.String("1.2.3.5.4.3.201.10.4.3;utf8:test@example.com"),
			},
			ExcludeCnFromSans:              pulumi.Bool(false),
			Ttl:                            pulumi.String("2100h"),
			MaxTtl:                         pulumi.String("8760h"),
			MaxPathLength:                  pulumi.Float64(-1),
			IssuingCertificatesUrlsEncoded: pulumi.Bool(true),
			KeyType:                        pulumi.String("rsa"),
			KeyBits:                        pulumi.Float64(4096),
			Format:                         pulumi.String("pem"),
			PrivateKeyFormat:               pulumi.String("der"),
			CrlExpiry:                      pulumi.String("72h"),
			CrlDisable:                     pulumi.Bool(false),
			CrlDistributionPointsEncoded:   pulumi.Bool(true),
		}, pulumi.DependsOn([]pulumi.Resource{
			ibm_sm_private_certificate_configuration_root_ca.Private_certificate_root_CA,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var intermediateCA = new Ibm.SmPrivateCertificateConfigurationIntermediateCa("intermediateCA", new()
    {
        InstanceId = ibm_resource_instance.Sm_instance.Guid,
        SigningMethod = "internal",
        Issuer = ibm_sm_private_certificate_configuration_root_ca.Private_certificate_root_CA.Name,
        CommonName = "ibm.com",
        AltNames = new[]
        {
            "alt-name-1",
            "alt-name-2",
        },
        PermittedDnsDomains = new[]
        {
            "exampleString",
        },
        Ous = new[]
        {
            "example_ou",
        },
        Organizations = new[]
        {
            "example_organization",
        },
        Countries = new[]
        {
            "US",
        },
        Localities = new[]
        {
            "example_locality",
        },
        Provinces = new[]
        {
            "example_province",
        },
        StreetAddresses = new[]
        {
            "example street address",
        },
        PostalCodes = new[]
        {
            "example_postal_code",
        },
        IpSans = "127.0.0.1",
        UriSans = "https://www.example.com/test",
        OtherSans = new[]
        {
            "1.2.3.5.4.3.201.10.4.3;utf8:test@example.com",
        },
        ExcludeCnFromSans = false,
        Ttl = "2100h",
        MaxTtl = "8760h",
        MaxPathLength = -1,
        IssuingCertificatesUrlsEncoded = true,
        KeyType = "rsa",
        KeyBits = 4096,
        Format = "pem",
        PrivateKeyFormat = "der",
        CrlExpiry = "72h",
        CrlDisable = false,
        CrlDistributionPointsEncoded = true,
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            ibm_sm_private_certificate_configuration_root_ca.Private_certificate_root_CA,
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.SmPrivateCertificateConfigurationIntermediateCa;
import com.pulumi.ibm.SmPrivateCertificateConfigurationIntermediateCaArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var intermediateCA = new SmPrivateCertificateConfigurationIntermediateCa("intermediateCA", SmPrivateCertificateConfigurationIntermediateCaArgs.builder()
            .instanceId(ibm_resource_instance.sm_instance().guid())
            .signingMethod("internal")
            .issuer(ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA().name())
            .commonName("ibm.com")
            .altNames(            
                "alt-name-1",
                "alt-name-2")
            .permittedDnsDomains("exampleString")
            .ous("example_ou")
            .organizations("example_organization")
            .countries("US")
            .localities("example_locality")
            .provinces("example_province")
            .streetAddresses("example street address")
            .postalCodes("example_postal_code")
            .ipSans("127.0.0.1")
            .uriSans("https://www.example.com/test")
            .otherSans("1.2.3.5.4.3.201.10.4.3;utf8:test@example.com")
            .excludeCnFromSans(false)
            .ttl("2100h")
            .maxTtl("8760h")
            .maxPathLength(-1)
            .issuingCertificatesUrlsEncoded(true)
            .keyType("rsa")
            .keyBits(4096)
            .format("pem")
            .privateKeyFormat("der")
            .crlExpiry("72h")
            .crlDisable(false)
            .crlDistributionPointsEncoded(true)
            .build(), CustomResourceOptions.builder()
                .dependsOn(ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA())
                .build());

    }
}
Copy
resources:
  intermediateCA:
    type: ibm:SmPrivateCertificateConfigurationIntermediateCa
    properties:
      instanceId: ${ibm_resource_instance.sm_instance.guid}
      signingMethod: internal
      issuer: ${ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA.name}
      commonName: ibm.com
      altNames:
        - alt-name-1
        - alt-name-2
      permittedDnsDomains:
        - exampleString
      ous:
        - example_ou
      organizations:
        - example_organization
      countries:
        - US
      localities:
        - example_locality
      provinces:
        - example_province
      streetAddresses:
        - example street address
      postalCodes:
        - example_postal_code
      ipSans: 127.0.0.1
      uriSans: https://www.example.com/test
      otherSans:
        - 1.2.3.5.4.3.201.10.4.3;utf8:test@example.com
      excludeCnFromSans: false
      ttl: 2100h
      maxTtl: 8760h
      maxPathLength: -1
      issuingCertificatesUrlsEncoded: true
      keyType: rsa
      keyBits: 4096
      format: pem
      privateKeyFormat: der
      crlExpiry: 72h
      crlDisable: false
      crlDistributionPointsEncoded: true
    options:
      dependsOn:
        - ${ibm_sm_private_certificate_configuration_root_ca.private_certificate_root_CA}
Copy

Provider Configuration

The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below:

  • Static credentials
  • Environment variables

To find which credentials are required for this resource, see the service table here.

Static credentials

You can provide your static credentials by adding the ibmcloud_api_key, iaas_classic_username, and iaas_classic_api_key arguments in the IBM Cloud provider block.

Usage:

provider "ibm" {
    ibmcloud_api_key = ""
    iaas_classic_username = ""
    iaas_classic_api_key = ""
}

Environment variables

You can provide your credentials by exporting the IC_API_KEY, IAAS_CLASSIC_USERNAME, and IAAS_CLASSIC_API_KEY environment variables, representing your IBM Cloud platform API key, IBM Cloud Classic Infrastructure (SoftLayer) user name, and IBM Cloud infrastructure API key, respectively.

provider "ibm" {}

Usage:

export IC_API_KEY="ibmcloud_api_key"
export IAAS_CLASSIC_USERNAME="iaas_classic_username"
export IAAS_CLASSIC_API_KEY="iaas_classic_api_key"
pulumi preview

Note:

  1. Create or find your ibmcloud_api_key and iaas_classic_api_key here.
  • Select My IBM Cloud API Keys option from view dropdown for ibmcloud_api_key
  • Select Classic Infrastructure API Keys option from view dropdown for iaas_classic_api_key
  1. For iaas_classic_username
  • Go to Users
  • Click on user.
  • Find user name in the VPN password section under User Details tab

For more informaton, see here.

Create SmPrivateCertificateConfigurationIntermediateCa Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SmPrivateCertificateConfigurationIntermediateCa(name: string, args: SmPrivateCertificateConfigurationIntermediateCaArgs, opts?: CustomResourceOptions);
@overload
def SmPrivateCertificateConfigurationIntermediateCa(resource_name: str,
                                                    args: SmPrivateCertificateConfigurationIntermediateCaArgs,
                                                    opts: Optional[ResourceOptions] = None)

@overload
def SmPrivateCertificateConfigurationIntermediateCa(resource_name: str,
                                                    opts: Optional[ResourceOptions] = None,
                                                    instance_id: Optional[str] = None,
                                                    common_name: Optional[str] = None,
                                                    signing_method: Optional[str] = None,
                                                    max_ttl: Optional[str] = None,
                                                    localities: Optional[Sequence[str]] = None,
                                                    name: Optional[str] = None,
                                                    crypto_key: Optional[SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs] = None,
                                                    endpoint_type: Optional[str] = None,
                                                    exclude_cn_from_sans: Optional[bool] = None,
                                                    format: Optional[str] = None,
                                                    crl_distribution_points_encoded: Optional[bool] = None,
                                                    ip_sans: Optional[str] = None,
                                                    issuer: Optional[str] = None,
                                                    issuing_certificates_urls_encoded: Optional[bool] = None,
                                                    key_bits: Optional[float] = None,
                                                    key_type: Optional[str] = None,
                                                    alt_names: Optional[Sequence[str]] = None,
                                                    max_path_length: Optional[float] = None,
                                                    crl_disable: Optional[bool] = None,
                                                    crl_expiry: Optional[str] = None,
                                                    organizations: Optional[Sequence[str]] = None,
                                                    other_sans: Optional[Sequence[str]] = None,
                                                    ous: Optional[Sequence[str]] = None,
                                                    permitted_dns_domains: Optional[Sequence[str]] = None,
                                                    postal_codes: Optional[Sequence[str]] = None,
                                                    private_key_format: Optional[str] = None,
                                                    provinces: Optional[Sequence[str]] = None,
                                                    region: Optional[str] = None,
                                                    countries: Optional[Sequence[str]] = None,
                                                    sm_private_certificate_configuration_intermediate_ca_id: Optional[str] = None,
                                                    street_addresses: Optional[Sequence[str]] = None,
                                                    ttl: Optional[str] = None,
                                                    uri_sans: Optional[str] = None,
                                                    use_csr_values: Optional[bool] = None)
func NewSmPrivateCertificateConfigurationIntermediateCa(ctx *Context, name string, args SmPrivateCertificateConfigurationIntermediateCaArgs, opts ...ResourceOption) (*SmPrivateCertificateConfigurationIntermediateCa, error)
public SmPrivateCertificateConfigurationIntermediateCa(string name, SmPrivateCertificateConfigurationIntermediateCaArgs args, CustomResourceOptions? opts = null)
public SmPrivateCertificateConfigurationIntermediateCa(String name, SmPrivateCertificateConfigurationIntermediateCaArgs args)
public SmPrivateCertificateConfigurationIntermediateCa(String name, SmPrivateCertificateConfigurationIntermediateCaArgs args, CustomResourceOptions options)
type: ibm:SmPrivateCertificateConfigurationIntermediateCa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SmPrivateCertificateConfigurationIntermediateCaArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SmPrivateCertificateConfigurationIntermediateCaArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SmPrivateCertificateConfigurationIntermediateCaArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SmPrivateCertificateConfigurationIntermediateCaArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SmPrivateCertificateConfigurationIntermediateCaArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var smPrivateCertificateConfigurationIntermediateCaResource = new Ibm.SmPrivateCertificateConfigurationIntermediateCa("smPrivateCertificateConfigurationIntermediateCaResource", new()
{
    InstanceId = "string",
    CommonName = "string",
    SigningMethod = "string",
    MaxTtl = "string",
    Localities = new[]
    {
        "string",
    },
    Name = "string",
    CryptoKey = new Ibm.Inputs.SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs
    {
        AllowGenerateKey = false,
        Id = "string",
        Label = "string",
        Provider = new Ibm.Inputs.SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs
        {
            InstanceCrn = "string",
            PinIamCredentialsSecretId = "string",
            PrivateKeystoreId = "string",
            Type = "string",
        },
    },
    EndpointType = "string",
    ExcludeCnFromSans = false,
    Format = "string",
    CrlDistributionPointsEncoded = false,
    IpSans = "string",
    Issuer = "string",
    IssuingCertificatesUrlsEncoded = false,
    KeyBits = 0,
    KeyType = "string",
    AltNames = new[]
    {
        "string",
    },
    MaxPathLength = 0,
    CrlDisable = false,
    CrlExpiry = "string",
    Organizations = new[]
    {
        "string",
    },
    OtherSans = new[]
    {
        "string",
    },
    Ous = new[]
    {
        "string",
    },
    PermittedDnsDomains = new[]
    {
        "string",
    },
    PostalCodes = new[]
    {
        "string",
    },
    PrivateKeyFormat = "string",
    Provinces = new[]
    {
        "string",
    },
    Region = "string",
    Countries = new[]
    {
        "string",
    },
    SmPrivateCertificateConfigurationIntermediateCaId = "string",
    StreetAddresses = new[]
    {
        "string",
    },
    Ttl = "string",
    UriSans = "string",
    UseCsrValues = false,
});
Copy
example, err := ibm.NewSmPrivateCertificateConfigurationIntermediateCa(ctx, "smPrivateCertificateConfigurationIntermediateCaResource", &ibm.SmPrivateCertificateConfigurationIntermediateCaArgs{
InstanceId: pulumi.String("string"),
CommonName: pulumi.String("string"),
SigningMethod: pulumi.String("string"),
MaxTtl: pulumi.String("string"),
Localities: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
CryptoKey: &.SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs{
AllowGenerateKey: pulumi.Bool(false),
Id: pulumi.String("string"),
Label: pulumi.String("string"),
Provider: &.SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs{
InstanceCrn: pulumi.String("string"),
PinIamCredentialsSecretId: pulumi.String("string"),
PrivateKeystoreId: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
EndpointType: pulumi.String("string"),
ExcludeCnFromSans: pulumi.Bool(false),
Format: pulumi.String("string"),
CrlDistributionPointsEncoded: pulumi.Bool(false),
IpSans: pulumi.String("string"),
Issuer: pulumi.String("string"),
IssuingCertificatesUrlsEncoded: pulumi.Bool(false),
KeyBits: pulumi.Float64(0),
KeyType: pulumi.String("string"),
AltNames: pulumi.StringArray{
pulumi.String("string"),
},
MaxPathLength: pulumi.Float64(0),
CrlDisable: pulumi.Bool(false),
CrlExpiry: pulumi.String("string"),
Organizations: pulumi.StringArray{
pulumi.String("string"),
},
OtherSans: pulumi.StringArray{
pulumi.String("string"),
},
Ous: pulumi.StringArray{
pulumi.String("string"),
},
PermittedDnsDomains: pulumi.StringArray{
pulumi.String("string"),
},
PostalCodes: pulumi.StringArray{
pulumi.String("string"),
},
PrivateKeyFormat: pulumi.String("string"),
Provinces: pulumi.StringArray{
pulumi.String("string"),
},
Region: pulumi.String("string"),
Countries: pulumi.StringArray{
pulumi.String("string"),
},
SmPrivateCertificateConfigurationIntermediateCaId: pulumi.String("string"),
StreetAddresses: pulumi.StringArray{
pulumi.String("string"),
},
Ttl: pulumi.String("string"),
UriSans: pulumi.String("string"),
UseCsrValues: pulumi.Bool(false),
})
Copy
var smPrivateCertificateConfigurationIntermediateCaResource = new SmPrivateCertificateConfigurationIntermediateCa("smPrivateCertificateConfigurationIntermediateCaResource", SmPrivateCertificateConfigurationIntermediateCaArgs.builder()
    .instanceId("string")
    .commonName("string")
    .signingMethod("string")
    .maxTtl("string")
    .localities("string")
    .name("string")
    .cryptoKey(SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs.builder()
        .allowGenerateKey(false)
        .id("string")
        .label("string")
        .provider(SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs.builder()
            .instanceCrn("string")
            .pinIamCredentialsSecretId("string")
            .privateKeystoreId("string")
            .type("string")
            .build())
        .build())
    .endpointType("string")
    .excludeCnFromSans(false)
    .format("string")
    .crlDistributionPointsEncoded(false)
    .ipSans("string")
    .issuer("string")
    .issuingCertificatesUrlsEncoded(false)
    .keyBits(0)
    .keyType("string")
    .altNames("string")
    .maxPathLength(0)
    .crlDisable(false)
    .crlExpiry("string")
    .organizations("string")
    .otherSans("string")
    .ous("string")
    .permittedDnsDomains("string")
    .postalCodes("string")
    .privateKeyFormat("string")
    .provinces("string")
    .region("string")
    .countries("string")
    .smPrivateCertificateConfigurationIntermediateCaId("string")
    .streetAddresses("string")
    .ttl("string")
    .uriSans("string")
    .useCsrValues(false)
    .build());
Copy
sm_private_certificate_configuration_intermediate_ca_resource = ibm.SmPrivateCertificateConfigurationIntermediateCa("smPrivateCertificateConfigurationIntermediateCaResource",
    instance_id="string",
    common_name="string",
    signing_method="string",
    max_ttl="string",
    localities=["string"],
    name="string",
    crypto_key={
        "allow_generate_key": False,
        "id": "string",
        "label": "string",
        "provider": {
            "instance_crn": "string",
            "pin_iam_credentials_secret_id": "string",
            "private_keystore_id": "string",
            "type": "string",
        },
    },
    endpoint_type="string",
    exclude_cn_from_sans=False,
    format="string",
    crl_distribution_points_encoded=False,
    ip_sans="string",
    issuer="string",
    issuing_certificates_urls_encoded=False,
    key_bits=0,
    key_type="string",
    alt_names=["string"],
    max_path_length=0,
    crl_disable=False,
    crl_expiry="string",
    organizations=["string"],
    other_sans=["string"],
    ous=["string"],
    permitted_dns_domains=["string"],
    postal_codes=["string"],
    private_key_format="string",
    provinces=["string"],
    region="string",
    countries=["string"],
    sm_private_certificate_configuration_intermediate_ca_id="string",
    street_addresses=["string"],
    ttl="string",
    uri_sans="string",
    use_csr_values=False)
Copy
const smPrivateCertificateConfigurationIntermediateCaResource = new ibm.SmPrivateCertificateConfigurationIntermediateCa("smPrivateCertificateConfigurationIntermediateCaResource", {
    instanceId: "string",
    commonName: "string",
    signingMethod: "string",
    maxTtl: "string",
    localities: ["string"],
    name: "string",
    cryptoKey: {
        allowGenerateKey: false,
        id: "string",
        label: "string",
        provider: {
            instanceCrn: "string",
            pinIamCredentialsSecretId: "string",
            privateKeystoreId: "string",
            type: "string",
        },
    },
    endpointType: "string",
    excludeCnFromSans: false,
    format: "string",
    crlDistributionPointsEncoded: false,
    ipSans: "string",
    issuer: "string",
    issuingCertificatesUrlsEncoded: false,
    keyBits: 0,
    keyType: "string",
    altNames: ["string"],
    maxPathLength: 0,
    crlDisable: false,
    crlExpiry: "string",
    organizations: ["string"],
    otherSans: ["string"],
    ous: ["string"],
    permittedDnsDomains: ["string"],
    postalCodes: ["string"],
    privateKeyFormat: "string",
    provinces: ["string"],
    region: "string",
    countries: ["string"],
    smPrivateCertificateConfigurationIntermediateCaId: "string",
    streetAddresses: ["string"],
    ttl: "string",
    uriSans: "string",
    useCsrValues: false,
});
Copy
type: ibm:SmPrivateCertificateConfigurationIntermediateCa
properties:
    altNames:
        - string
    commonName: string
    countries:
        - string
    crlDisable: false
    crlDistributionPointsEncoded: false
    crlExpiry: string
    cryptoKey:
        allowGenerateKey: false
        id: string
        label: string
        provider:
            instanceCrn: string
            pinIamCredentialsSecretId: string
            privateKeystoreId: string
            type: string
    endpointType: string
    excludeCnFromSans: false
    format: string
    instanceId: string
    ipSans: string
    issuer: string
    issuingCertificatesUrlsEncoded: false
    keyBits: 0
    keyType: string
    localities:
        - string
    maxPathLength: 0
    maxTtl: string
    name: string
    organizations:
        - string
    otherSans:
        - string
    ous:
        - string
    permittedDnsDomains:
        - string
    postalCodes:
        - string
    privateKeyFormat: string
    provinces:
        - string
    region: string
    signingMethod: string
    smPrivateCertificateConfigurationIntermediateCaId: string
    streetAddresses:
        - string
    ttl: string
    uriSans: string
    useCsrValues: false
Copy

SmPrivateCertificateConfigurationIntermediateCa Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SmPrivateCertificateConfigurationIntermediateCa resource accepts the following input properties:

CommonName This property is required. string
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
InstanceId This property is required. string
The GUID of the Secrets Manager instance.
MaxTtl This property is required. string
The maximum time-to-live (TTL) for certificates that are created by this CA.
SigningMethod This property is required. string
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
AltNames List<string>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
Countries List<string>
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
CrlDisable bool
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
CrlDistributionPointsEncoded bool
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
CrlExpiry string
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
CryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
EndpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
ExcludeCnFromSans bool
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
Format string
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
IpSans string
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
Issuer string
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
IssuingCertificatesUrlsEncoded bool
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
KeyBits double
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
KeyType string
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
Localities List<string>
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
MaxPathLength double
The maximum path length to encode in the generated certificate. -1 means no limit.
Name string
A human-readable unique name to assign to the intermediate CA configuration.
Organizations List<string>
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
OtherSans List<string>
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
Ous List<string>
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
PermittedDnsDomains List<string>
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
PostalCodes List<string>
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
PrivateKeyFormat string
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
Provinces List<string>
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
SmPrivateCertificateConfigurationIntermediateCaId string
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
StreetAddresses List<string>
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Ttl string
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
UriSans string
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
UseCsrValues bool
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
CommonName This property is required. string
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
InstanceId This property is required. string
The GUID of the Secrets Manager instance.
MaxTtl This property is required. string
The maximum time-to-live (TTL) for certificates that are created by this CA.
SigningMethod This property is required. string
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
AltNames []string
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
Countries []string
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
CrlDisable bool
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
CrlDistributionPointsEncoded bool
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
CrlExpiry string
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
CryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
EndpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
ExcludeCnFromSans bool
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
Format string
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
IpSans string
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
Issuer string
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
IssuingCertificatesUrlsEncoded bool
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
KeyBits float64
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
KeyType string
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
Localities []string
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
MaxPathLength float64
The maximum path length to encode in the generated certificate. -1 means no limit.
Name string
A human-readable unique name to assign to the intermediate CA configuration.
Organizations []string
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
OtherSans []string
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
Ous []string
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
PermittedDnsDomains []string
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
PostalCodes []string
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
PrivateKeyFormat string
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
Provinces []string
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
SmPrivateCertificateConfigurationIntermediateCaId string
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
StreetAddresses []string
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Ttl string
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
UriSans string
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
UseCsrValues bool
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
commonName This property is required. String
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
instanceId This property is required. String
The GUID of the Secrets Manager instance.
maxTtl This property is required. String
The maximum time-to-live (TTL) for certificates that are created by this CA.
signingMethod This property is required. String
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
altNames List<String>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
countries List<String>
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
crlDisable Boolean
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
crlDistributionPointsEncoded Boolean
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
crlExpiry String
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
cryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
endpointType String
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
excludeCnFromSans Boolean
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
format String
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
ipSans String
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuer String
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuingCertificatesUrlsEncoded Boolean
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
keyBits Double
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
keyType String
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
localities List<String>
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
maxPathLength Double
The maximum path length to encode in the generated certificate. -1 means no limit.
name String
A human-readable unique name to assign to the intermediate CA configuration.
organizations List<String>
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
otherSans List<String>
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
ous List<String>
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
permittedDnsDomains List<String>
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
postalCodes List<String>
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
privateKeyFormat String
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
provinces List<String>
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
region String
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
smPrivateCertificateConfigurationIntermediateCaId String
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
streetAddresses List<String>
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
ttl String
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
uriSans String
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
useCsrValues Boolean
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
commonName This property is required. string
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
instanceId This property is required. string
The GUID of the Secrets Manager instance.
maxTtl This property is required. string
The maximum time-to-live (TTL) for certificates that are created by this CA.
signingMethod This property is required. string
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
altNames string[]
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
countries string[]
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
crlDisable boolean
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
crlDistributionPointsEncoded boolean
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
crlExpiry string
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
cryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
endpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
excludeCnFromSans boolean
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
format string
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
ipSans string
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuer string
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuingCertificatesUrlsEncoded boolean
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
keyBits number
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
keyType string
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
localities string[]
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
maxPathLength number
The maximum path length to encode in the generated certificate. -1 means no limit.
name string
A human-readable unique name to assign to the intermediate CA configuration.
organizations string[]
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
otherSans string[]
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
ous string[]
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
permittedDnsDomains string[]
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
postalCodes string[]
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
privateKeyFormat string
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
provinces string[]
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
smPrivateCertificateConfigurationIntermediateCaId string
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
streetAddresses string[]
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
ttl string
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
uriSans string
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
useCsrValues boolean
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
common_name This property is required. str
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
instance_id This property is required. str
The GUID of the Secrets Manager instance.
max_ttl This property is required. str
The maximum time-to-live (TTL) for certificates that are created by this CA.
signing_method This property is required. str
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
alt_names Sequence[str]
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
countries Sequence[str]
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
crl_disable bool
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
crl_distribution_points_encoded bool
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
crl_expiry str
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
crypto_key SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
endpoint_type str
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
exclude_cn_from_sans bool
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
format str
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
ip_sans str
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuer str
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuing_certificates_urls_encoded bool
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
key_bits float
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
key_type str
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
localities Sequence[str]
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
max_path_length float
The maximum path length to encode in the generated certificate. -1 means no limit.
name str
A human-readable unique name to assign to the intermediate CA configuration.
organizations Sequence[str]
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
other_sans Sequence[str]
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
ous Sequence[str]
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
permitted_dns_domains Sequence[str]
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
postal_codes Sequence[str]
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
private_key_format str
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
provinces Sequence[str]
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
region str
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
sm_private_certificate_configuration_intermediate_ca_id str
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
street_addresses Sequence[str]
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
ttl str
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
uri_sans str
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
use_csr_values bool
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
commonName This property is required. String
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
instanceId This property is required. String
The GUID of the Secrets Manager instance.
maxTtl This property is required. String
The maximum time-to-live (TTL) for certificates that are created by this CA.
signingMethod This property is required. String
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
altNames List<String>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
countries List<String>
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
crlDisable Boolean
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
crlDistributionPointsEncoded Boolean
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
crlExpiry String
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
cryptoKey Property Map
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
endpointType String
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
excludeCnFromSans Boolean
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
format String
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
ipSans String
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuer String
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuingCertificatesUrlsEncoded Boolean
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
keyBits Number
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
keyType String
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
localities List<String>
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
maxPathLength Number
The maximum path length to encode in the generated certificate. -1 means no limit.
name String
A human-readable unique name to assign to the intermediate CA configuration.
organizations List<String>
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
otherSans List<String>
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
ous List<String>
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
permittedDnsDomains List<String>
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
postalCodes List<String>
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
privateKeyFormat String
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
provinces List<String>
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
region String
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
smPrivateCertificateConfigurationIntermediateCaId String
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
streetAddresses List<String>
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
ttl String
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
uriSans String
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
useCsrValues Boolean
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

Outputs

All input properties are implicitly available as output properties. Additionally, the SmPrivateCertificateConfigurationIntermediateCa resource produces the following output properties:

ConfigType string
The configuration type.
CrlExpirySeconds double
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
Datas List<SmPrivateCertificateConfigurationIntermediateCaData>
(List) The configuration data of your Private Certificate. Nested scheme for data:
ExpirationDate string
The date a secret is expired. The date format follows RFC 3339.
Id string
The provider-assigned unique ID for this managed resource.
MaxTtlSeconds double
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
SecretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
SerialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
Status string
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
ConfigType string
The configuration type.
CrlExpirySeconds float64
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
Datas []SmPrivateCertificateConfigurationIntermediateCaData
(List) The configuration data of your Private Certificate. Nested scheme for data:
ExpirationDate string
The date a secret is expired. The date format follows RFC 3339.
Id string
The provider-assigned unique ID for this managed resource.
MaxTtlSeconds float64
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
SecretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
SerialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
Status string
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
configType String
The configuration type.
crlExpirySeconds Double
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
datas List<SmPrivateCertificateConfigurationIntermediateCaData>
(List) The configuration data of your Private Certificate. Nested scheme for data:
expirationDate String
The date a secret is expired. The date format follows RFC 3339.
id String
The provider-assigned unique ID for this managed resource.
maxTtlSeconds Double
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
secretType String
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber String
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
status String
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
configType string
The configuration type.
crlExpirySeconds number
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
datas SmPrivateCertificateConfigurationIntermediateCaData[]
(List) The configuration data of your Private Certificate. Nested scheme for data:
expirationDate string
The date a secret is expired. The date format follows RFC 3339.
id string
The provider-assigned unique ID for this managed resource.
maxTtlSeconds number
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
secretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
status string
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
config_type str
The configuration type.
crl_expiry_seconds float
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
datas Sequence[SmPrivateCertificateConfigurationIntermediateCaData]
(List) The configuration data of your Private Certificate. Nested scheme for data:
expiration_date str
The date a secret is expired. The date format follows RFC 3339.
id str
The provider-assigned unique ID for this managed resource.
max_ttl_seconds float
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
secret_type str
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serial_number str
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
status str
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
configType String
The configuration type.
crlExpirySeconds Number
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
datas List<Property Map>
(List) The configuration data of your Private Certificate. Nested scheme for data:
expirationDate String
The date a secret is expired. The date format follows RFC 3339.
id String
The provider-assigned unique ID for this managed resource.
maxTtlSeconds Number
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
secretType String
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber String
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
status String
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.

Look up Existing SmPrivateCertificateConfigurationIntermediateCa Resource

Get an existing SmPrivateCertificateConfigurationIntermediateCa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SmPrivateCertificateConfigurationIntermediateCaState, opts?: CustomResourceOptions): SmPrivateCertificateConfigurationIntermediateCa
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alt_names: Optional[Sequence[str]] = None,
        common_name: Optional[str] = None,
        config_type: Optional[str] = None,
        countries: Optional[Sequence[str]] = None,
        crl_disable: Optional[bool] = None,
        crl_distribution_points_encoded: Optional[bool] = None,
        crl_expiry: Optional[str] = None,
        crl_expiry_seconds: Optional[float] = None,
        crypto_key: Optional[SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs] = None,
        datas: Optional[Sequence[SmPrivateCertificateConfigurationIntermediateCaDataArgs]] = None,
        endpoint_type: Optional[str] = None,
        exclude_cn_from_sans: Optional[bool] = None,
        expiration_date: Optional[str] = None,
        format: Optional[str] = None,
        instance_id: Optional[str] = None,
        ip_sans: Optional[str] = None,
        issuer: Optional[str] = None,
        issuing_certificates_urls_encoded: Optional[bool] = None,
        key_bits: Optional[float] = None,
        key_type: Optional[str] = None,
        localities: Optional[Sequence[str]] = None,
        max_path_length: Optional[float] = None,
        max_ttl: Optional[str] = None,
        max_ttl_seconds: Optional[float] = None,
        name: Optional[str] = None,
        organizations: Optional[Sequence[str]] = None,
        other_sans: Optional[Sequence[str]] = None,
        ous: Optional[Sequence[str]] = None,
        permitted_dns_domains: Optional[Sequence[str]] = None,
        postal_codes: Optional[Sequence[str]] = None,
        private_key_format: Optional[str] = None,
        provinces: Optional[Sequence[str]] = None,
        region: Optional[str] = None,
        secret_type: Optional[str] = None,
        serial_number: Optional[str] = None,
        signing_method: Optional[str] = None,
        sm_private_certificate_configuration_intermediate_ca_id: Optional[str] = None,
        status: Optional[str] = None,
        street_addresses: Optional[Sequence[str]] = None,
        ttl: Optional[str] = None,
        uri_sans: Optional[str] = None,
        use_csr_values: Optional[bool] = None) -> SmPrivateCertificateConfigurationIntermediateCa
func GetSmPrivateCertificateConfigurationIntermediateCa(ctx *Context, name string, id IDInput, state *SmPrivateCertificateConfigurationIntermediateCaState, opts ...ResourceOption) (*SmPrivateCertificateConfigurationIntermediateCa, error)
public static SmPrivateCertificateConfigurationIntermediateCa Get(string name, Input<string> id, SmPrivateCertificateConfigurationIntermediateCaState? state, CustomResourceOptions? opts = null)
public static SmPrivateCertificateConfigurationIntermediateCa get(String name, Output<String> id, SmPrivateCertificateConfigurationIntermediateCaState state, CustomResourceOptions options)
resources:  _:    type: ibm:SmPrivateCertificateConfigurationIntermediateCa    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AltNames List<string>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
CommonName string
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
ConfigType string
The configuration type.
Countries List<string>
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
CrlDisable bool
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
CrlDistributionPointsEncoded bool
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
CrlExpiry string
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
CrlExpirySeconds double
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
CryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
Datas List<SmPrivateCertificateConfigurationIntermediateCaData>
(List) The configuration data of your Private Certificate. Nested scheme for data:
EndpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
ExcludeCnFromSans bool
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
ExpirationDate string
The date a secret is expired. The date format follows RFC 3339.
Format string
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
InstanceId string
The GUID of the Secrets Manager instance.
IpSans string
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
Issuer string
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
IssuingCertificatesUrlsEncoded bool
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
KeyBits double
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
KeyType string
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
Localities List<string>
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
MaxPathLength double
The maximum path length to encode in the generated certificate. -1 means no limit.
MaxTtl string
The maximum time-to-live (TTL) for certificates that are created by this CA.
MaxTtlSeconds double
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
Name string
A human-readable unique name to assign to the intermediate CA configuration.
Organizations List<string>
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
OtherSans List<string>
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
Ous List<string>
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
PermittedDnsDomains List<string>
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
PostalCodes List<string>
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
PrivateKeyFormat string
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
Provinces List<string>
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
SecretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
SerialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
SigningMethod string
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
SmPrivateCertificateConfigurationIntermediateCaId string
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
Status string
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
StreetAddresses List<string>
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Ttl string
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
UriSans string
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
UseCsrValues bool
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
AltNames []string
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
CommonName string
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
ConfigType string
The configuration type.
Countries []string
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
CrlDisable bool
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
CrlDistributionPointsEncoded bool
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
CrlExpiry string
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
CrlExpirySeconds float64
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
CryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
Datas []SmPrivateCertificateConfigurationIntermediateCaDataArgs
(List) The configuration data of your Private Certificate. Nested scheme for data:
EndpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
ExcludeCnFromSans bool
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
ExpirationDate string
The date a secret is expired. The date format follows RFC 3339.
Format string
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
InstanceId string
The GUID of the Secrets Manager instance.
IpSans string
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
Issuer string
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
IssuingCertificatesUrlsEncoded bool
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
KeyBits float64
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
KeyType string
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
Localities []string
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
MaxPathLength float64
The maximum path length to encode in the generated certificate. -1 means no limit.
MaxTtl string
The maximum time-to-live (TTL) for certificates that are created by this CA.
MaxTtlSeconds float64
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
Name string
A human-readable unique name to assign to the intermediate CA configuration.
Organizations []string
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
OtherSans []string
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
Ous []string
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
PermittedDnsDomains []string
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
PostalCodes []string
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
PrivateKeyFormat string
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
Provinces []string
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
SecretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
SerialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
SigningMethod string
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
SmPrivateCertificateConfigurationIntermediateCaId string
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
Status string
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
StreetAddresses []string
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
Ttl string
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
UriSans string
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
UseCsrValues bool
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
altNames List<String>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
commonName String
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
configType String
The configuration type.
countries List<String>
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
crlDisable Boolean
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
crlDistributionPointsEncoded Boolean
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
crlExpiry String
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
crlExpirySeconds Double
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
cryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
datas List<SmPrivateCertificateConfigurationIntermediateCaData>
(List) The configuration data of your Private Certificate. Nested scheme for data:
endpointType String
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
excludeCnFromSans Boolean
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
expirationDate String
The date a secret is expired. The date format follows RFC 3339.
format String
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
instanceId String
The GUID of the Secrets Manager instance.
ipSans String
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuer String
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuingCertificatesUrlsEncoded Boolean
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
keyBits Double
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
keyType String
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
localities List<String>
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
maxPathLength Double
The maximum path length to encode in the generated certificate. -1 means no limit.
maxTtl String
The maximum time-to-live (TTL) for certificates that are created by this CA.
maxTtlSeconds Double
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
name String
A human-readable unique name to assign to the intermediate CA configuration.
organizations List<String>
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
otherSans List<String>
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
ous List<String>
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
permittedDnsDomains List<String>
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
postalCodes List<String>
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
privateKeyFormat String
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
provinces List<String>
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
region String
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
secretType String
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber String
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingMethod String
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
smPrivateCertificateConfigurationIntermediateCaId String
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
status String
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
streetAddresses List<String>
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
ttl String
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
uriSans String
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
useCsrValues Boolean
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
altNames string[]
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
commonName string
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
configType string
The configuration type.
countries string[]
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
crlDisable boolean
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
crlDistributionPointsEncoded boolean
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
crlExpiry string
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
crlExpirySeconds number
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
cryptoKey SmPrivateCertificateConfigurationIntermediateCaCryptoKey
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
datas SmPrivateCertificateConfigurationIntermediateCaData[]
(List) The configuration data of your Private Certificate. Nested scheme for data:
endpointType string
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
excludeCnFromSans boolean
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
expirationDate string
The date a secret is expired. The date format follows RFC 3339.
format string
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
instanceId string
The GUID of the Secrets Manager instance.
ipSans string
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuer string
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuingCertificatesUrlsEncoded boolean
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
keyBits number
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
keyType string
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
localities string[]
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
maxPathLength number
The maximum path length to encode in the generated certificate. -1 means no limit.
maxTtl string
The maximum time-to-live (TTL) for certificates that are created by this CA.
maxTtlSeconds number
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
name string
A human-readable unique name to assign to the intermediate CA configuration.
organizations string[]
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
otherSans string[]
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
ous string[]
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
permittedDnsDomains string[]
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
postalCodes string[]
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
privateKeyFormat string
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
provinces string[]
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
region string
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
secretType string
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber string
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingMethod string
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
smPrivateCertificateConfigurationIntermediateCaId string
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
status string
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
streetAddresses string[]
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
ttl string
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
uriSans string
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
useCsrValues boolean
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
alt_names Sequence[str]
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
common_name str
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
config_type str
The configuration type.
countries Sequence[str]
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
crl_disable bool
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
crl_distribution_points_encoded bool
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
crl_expiry str
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
crl_expiry_seconds float
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
crypto_key SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
datas Sequence[SmPrivateCertificateConfigurationIntermediateCaDataArgs]
(List) The configuration data of your Private Certificate. Nested scheme for data:
endpoint_type str
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
exclude_cn_from_sans bool
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
expiration_date str
The date a secret is expired. The date format follows RFC 3339.
format str
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
instance_id str
The GUID of the Secrets Manager instance.
ip_sans str
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuer str
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuing_certificates_urls_encoded bool
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
key_bits float
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
key_type str
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
localities Sequence[str]
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
max_path_length float
The maximum path length to encode in the generated certificate. -1 means no limit.
max_ttl str
The maximum time-to-live (TTL) for certificates that are created by this CA.
max_ttl_seconds float
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
name str
A human-readable unique name to assign to the intermediate CA configuration.
organizations Sequence[str]
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
other_sans Sequence[str]
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
ous Sequence[str]
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
permitted_dns_domains Sequence[str]
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
postal_codes Sequence[str]
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
private_key_format str
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
provinces Sequence[str]
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
region str
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
secret_type str
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serial_number str
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
signing_method str
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
sm_private_certificate_configuration_intermediate_ca_id str
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
status str
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
street_addresses Sequence[str]
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
ttl str
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
uri_sans str
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
use_csr_values bool
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.
altNames List<String>
With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.

  • Constraints: The list items must match regular expression /^(.*?)$/. The maximum length is 99 items. The minimum length is 0 items.
commonName String
The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 4 characters. The value must match regular expression /(.*?)/.
configType String
The configuration type.
countries List<String>
The Country (C) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
crlDisable Boolean
Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL.
crlDistributionPointsEncoded Boolean
Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority.
crlExpiry String
The time until the certificate revocation list (CRL) expires.The value can be supplied as a string representation of a duration in hours, such as 48h. The default is 72 hours.
crlExpirySeconds Number
(Integer) The time until the certificate revocation list (CRL) expires, in seconds.
cryptoKey Property Map
The data that is associated with a cryptographic key. Nested scheme for crypto_key:
datas List<Property Map>
(List) The configuration data of your Private Certificate. Nested scheme for data:
endpointType String
The endpoint type. If not provided the endpoint type is determined by the visibility argument provided in the provider configuration.

  • Constraints: Allowable values are: private, public.
excludeCnFromSans Boolean
Controls whether the common name is excluded from Subject Alternative Names (SANs).If the common name set to true, it is not included in DNS or Email SANs if they apply. This field can be useful if the common name is a human-readable identifier, instead of a hostname or an email address.
expirationDate String
The date a secret is expired. The date format follows RFC 3339.
format String
The format of the returned data.

  • Constraints: Allowable values are: pem, pem_bundle.
instanceId String
The GUID of the Secrets Manager instance.
ipSans String
The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuer String
The distinguished name that identifies the entity that signed and issued the certificate.

  • Constraints: The maximum length is 128 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
issuingCertificatesUrlsEncoded Boolean
Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority.
keyBits Number
The number of bits to use to generate the private key.Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384, and 521. The default for RSA keys is 2048. The default for EC keys is 256.
keyType String
The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
localities List<String>
The Locality (L) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
maxPathLength Number
The maximum path length to encode in the generated certificate. -1 means no limit.
maxTtl String
The maximum time-to-live (TTL) for certificates that are created by this CA.
maxTtlSeconds Number
(Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds.
name String
A human-readable unique name to assign to the intermediate CA configuration.
organizations List<String>
The Organization (O) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
otherSans List<String>
The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA certificate.The alternative names must match the values that are specified in the allowed_other_sans field in the associated certificate template. The format is the same as OpenSSL: <oid>:<type>:<value> where the current valid type is UTF8.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 100 items. The minimum length is 0 items.
ous List<String>
The Organizational Unit (OU) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
permittedDnsDomains List<String>
The allowed DNS domains or subdomains for the certificates that are to be signed and issued by this CA certificate.
postalCodes List<String>
The postal code values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
privateKeyFormat String
The format of the generated private key.

  • Constraints: The default value is der. Allowable values are: der, pkcs8.
provinces List<String>
The Province (ST) values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
region String
The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration.
secretType String
(String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.

  • Constraints: Allowable values are: arbitrary, imported_cert, public_cert, iam_credentials, kv, username_password, private_cert.
serialNumber String
(String) The unique serial number that was assigned to a certificate by the issuing certificate authority.

  • Constraints: The maximum length is 64 characters. The minimum length is 32 characters. The value must match regular expression /[^a-fA-F0-9]/.
signingMethod String
The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the docs.

  • Constraints: Allowable values are: internal, external.
smPrivateCertificateConfigurationIntermediateCaId String
The unique identifier of the PrivateCertificateConfigurationIntermediateCA.
status String
(String) The status of the certificate authority. The status of a root certificate authority is either configured or expired. For intermediate certificate authorities, possible statuses include signing_required,signed_certificate_required, certificate_template_required, configured, expired or revoked.

  • Constraints: Allowable values are: signing_required, signed_certificate_required, certificate_template_required, configured, expired, revoked.
streetAddresses List<String>
The street address values to define in the subject field of the resulting certificate.

  • Constraints: The list items must match regular expression /(.*?)/. The maximum length is 10 items. The minimum length is 0 items.
ttl String
Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. 24h) or the number of seconds as a string (e.g. 86400). The value cannot exceed the value of max_ttl.
uriSans String
The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list.

  • Constraints: The maximum length is 2048 characters. The minimum length is 2 characters. The value must match regular expression /(.*?)/.
useCsrValues Boolean
Determines whether to use values from a certificate signing request (CSR) to complete a private_cert_configuration_action_sign_csr action.

Supporting Types

SmPrivateCertificateConfigurationIntermediateCaCryptoKey
, SmPrivateCertificateConfigurationIntermediateCaCryptoKeyArgs

AllowGenerateKey bool
The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.
Id string
The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
Label string
The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.

  • Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.
Provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider
The data that is associated with a cryptographic provider. Nested scheme for provider:
AllowGenerateKey bool
The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.
Id string
The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
Label string
The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.

  • Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.
Provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider
The data that is associated with a cryptographic provider. Nested scheme for provider:
allowGenerateKey Boolean
The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.
id String
The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
label String
The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.

  • Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.
provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider
The data that is associated with a cryptographic provider. Nested scheme for provider:
allowGenerateKey boolean
The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.
id string
The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
label string
The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.

  • Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.
provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider
The data that is associated with a cryptographic provider. Nested scheme for provider:
allow_generate_key bool
The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.
id str
The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
label str
The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.

  • Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.
provider SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider
The data that is associated with a cryptographic provider. Nested scheme for provider:
allowGenerateKey Boolean
The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is false.
id String
The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
label String
The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.

  • Constraints: The maximum length is 255 characters. The minimum length is 1 characters. The value must match regular expression /^[A-Za-z0-9._ /-]+$/.
provider Property Map
The data that is associated with a cryptographic provider. Nested scheme for provider:

SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProvider
, SmPrivateCertificateConfigurationIntermediateCaCryptoKeyProviderArgs

InstanceCrn string
The HPCS instance CRN.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.
PinIamCredentialsSecretId string
The secret Id of iam credentials with api key to access HPCS instance.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
PrivateKeystoreId string
The HPCS private key store space id.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
Type string
The type of cryptographic provider.

  • Constraints: Allowable values are: hyper_protect_crypto_services.
InstanceCrn string
The HPCS instance CRN.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.
PinIamCredentialsSecretId string
The secret Id of iam credentials with api key to access HPCS instance.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
PrivateKeystoreId string
The HPCS private key store space id.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
Type string
The type of cryptographic provider.

  • Constraints: Allowable values are: hyper_protect_crypto_services.
instanceCrn String
The HPCS instance CRN.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.
pinIamCredentialsSecretId String
The secret Id of iam credentials with api key to access HPCS instance.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
privateKeystoreId String
The HPCS private key store space id.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
type String
The type of cryptographic provider.

  • Constraints: Allowable values are: hyper_protect_crypto_services.
instanceCrn string
The HPCS instance CRN.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.
pinIamCredentialsSecretId string
The secret Id of iam credentials with api key to access HPCS instance.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
privateKeystoreId string
The HPCS private key store space id.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
type string
The type of cryptographic provider.

  • Constraints: Allowable values are: hyper_protect_crypto_services.
instance_crn str
The HPCS instance CRN.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.
pin_iam_credentials_secret_id str
The secret Id of iam credentials with api key to access HPCS instance.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
private_keystore_id str
The HPCS private key store space id.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
type str
The type of cryptographic provider.

  • Constraints: Allowable values are: hyper_protect_crypto_services.
instanceCrn String
The HPCS instance CRN.

  • Constraints: The maximum length is 512 characters. The minimum length is 9 characters. The value must match regular expression ^crn:v0-9*+,;=@/]|%[0-9A-Z]{2})*){8}$.
pinIamCredentialsSecretId String
The secret Id of iam credentials with api key to access HPCS instance.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
privateKeystoreId String
The HPCS private key store space id.

  • Constraints: Value length should be 36. The value must match regular expression /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/.
type String
The type of cryptographic provider.

  • Constraints: Allowable values are: hyper_protect_crypto_services.

SmPrivateCertificateConfigurationIntermediateCaData
, SmPrivateCertificateConfigurationIntermediateCaDataArgs

CaChains This property is required. List<string>
(List) The chain of certificate authorities that are associated with the certificate.

  • Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.
Certificate This property is required. string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
Csr This property is required. string
(Forces new resource, String) The certificate signing request.

  • Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
Expiration This property is required. double
(Integer) The certificate expiration time.
IssuingCa This property is required. string
(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

  • Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
PrivateKey This property is required. string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
PrivateKeyType This property is required. string
(Forces new resource, String) The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
CaChains This property is required. []string
(List) The chain of certificate authorities that are associated with the certificate.

  • Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.
Certificate This property is required. string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
Csr This property is required. string
(Forces new resource, String) The certificate signing request.

  • Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
Expiration This property is required. float64
(Integer) The certificate expiration time.
IssuingCa This property is required. string
(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

  • Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
PrivateKey This property is required. string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
PrivateKeyType This property is required. string
(Forces new resource, String) The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
caChains This property is required. List<String>
(List) The chain of certificate authorities that are associated with the certificate.

  • Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.
certificate This property is required. String
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
csr This property is required. String
(Forces new resource, String) The certificate signing request.

  • Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
expiration This property is required. Double
(Integer) The certificate expiration time.
issuingCa This property is required. String
(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

  • Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
privateKey This property is required. String
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
privateKeyType This property is required. String
(Forces new resource, String) The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
caChains This property is required. string[]
(List) The chain of certificate authorities that are associated with the certificate.

  • Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.
certificate This property is required. string
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
csr This property is required. string
(Forces new resource, String) The certificate signing request.

  • Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
expiration This property is required. number
(Integer) The certificate expiration time.
issuingCa This property is required. string
(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

  • Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
privateKey This property is required. string
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
privateKeyType This property is required. string
(Forces new resource, String) The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
ca_chains This property is required. Sequence[str]
(List) The chain of certificate authorities that are associated with the certificate.

  • Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.
certificate This property is required. str
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
csr This property is required. str
(Forces new resource, String) The certificate signing request.

  • Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
expiration This property is required. float
(Integer) The certificate expiration time.
issuing_ca This property is required. str
(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

  • Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
private_key This property is required. str
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
private_key_type This property is required. str
(Forces new resource, String) The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.
caChains This property is required. List<String>
(List) The chain of certificate authorities that are associated with the certificate.

  • Constraints: The list items must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/. The maximum length is 16 items. The minimum length is 1 item.
certificate This property is required. String
(Forces new resource, String) The PEM-encoded contents of your certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
csr This property is required. String
(Forces new resource, String) The certificate signing request.

  • Constraints: The maximum length is 4096 characters. The minimum length is 2 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
expiration This property is required. Number
(Integer) The certificate expiration time.
issuingCa This property is required. String
(String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate.

  • Constraints: The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
privateKey This property is required. String
(Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate.

  • Constraints: The maximum length is 100000 characters. The minimum length is 50 characters. The value must match regular expression /^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/.
privateKeyType This property is required. String
(Forces new resource, String) The type of private key to generate.

  • Constraints: Allowable values are: rsa, ec.

Import

You can import the ibm_sm_private_certificate_configuration_intermediate_ca resource by using region, instance_id, and name.

For more information, see the documentation

Syntax

bash

$ pulumi import ibm:index/smPrivateCertificateConfigurationIntermediateCa:SmPrivateCertificateConfigurationIntermediateCa sm_private_certificate_configuration_intermediate_ca <region>/<instance_id>/<name>
Copy

Example

bash

$ pulumi import ibm:index/smPrivateCertificateConfigurationIntermediateCa:SmPrivateCertificateConfigurationIntermediateCa sm_private_certificate_configuration_intermediate_ca us-east/6ebc4224-e983-496a-8a54-f40a0bfa9175/my_intermediate_ca
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
ibm ibm-cloud/terraform-provider-ibm
License
Notes
This Pulumi package is based on the ibm Terraform Provider.