jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2026-03-14 04:01:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
ecc4ce3657504cd885dad591f63edbc1db4097c0
opentf/website/source/docs/providers/tls/r/cert_request.html.md
Martin Atkins f6fd41e7b5 tls provider 
As of this commit this provider has only logical resources that allow
the creation of private keys, self-signed certs and certificate requests.
These can be useful when creating other resources that use TLS
certificates, such as AWS Elastic Load Balancers.

Later it could grow to include support for real certificate provision from
CAs using the LetsEncrypt ACME protocol, once it is stable.
2015-10-22 21:48:32 -07:00

2.2 KiB
Raw Blame History

layout, page_title, sidebar_current, description
layout page_title sidebar_current description
tls TLS: tls_cert_request docs-tls-resourse-cert-request Creates a PEM-encoded certificate request.

tls_cert_request

Generates a Certificate Signing Request (CSR) in PEM format, which is the typical format used to request a certificate from a certificate authority.

This resource is intended to be used in conjunction with a Terraform provider for a particular certificate authority in order to provision a new certificate. This is a logical resource, so it contributes only to the current Terraform state and does not create any external managed resources.

Example Usage

resource "tls_cert_request" "example" {
    key_algorithm = "ECDSA"
    private_key_pem = "${file(\"private_key.pem\")}"

    subject {
        common_name = "example.com"
        organization = "ACME Examples, Inc"
    }
}

Argument Reference

The following arguments are supported:

  • key_algorithm - (Required) The name of the algorithm for the key provided in private_key_pem.

  • private_key_pem - (Required) PEM-encoded private key data. This can be read from a separate file using the file interpolation function. Only an irreversable secure hash of the private key will be stored in the Terraform state.

  • subject - (Required) The subject for which a certificate is being requested. This is a nested configuration block whose structure is described below.

  • dns_names - (Optional) List of DNS names for which a certificate is being requested.

  • ip_addresses - (Optional) List of IP addresses for which a certificate is being requested.

The nested subject block accepts the following arguments, all optional, with their meaning corresponding to the similarly-named attributes defined in RFC5290:

  • common_name (string)

  • organization (string)

  • organizational_unit (string)

  • street_address (list of strings)

  • locality (string)

  • province (string)

  • country (string)

  • postal_code (string)

  • serial_number (string)

Attributes Reference

The following attributes are exported:

  • cert_request_pem - The certificate request data in PEM format.
Reference in New Issue View Git Blame Copy Permalink