REST Resource: projects.locations.caPools.certificateAuthorities

{
  "name": string,
  "type": enum (Type),
  "config": {
    object (CertificateConfig)
  },
  "lifetime": string,
  "keySpec": {
    object (KeyVersionSpec)
  },
  "subordinateConfig": {
    object (SubordinateConfig)
  },
  "tier": enum (Tier),
  "state": enum (State),
  "pemCaCertificates": [
    string
  ],
  "caCertificateDescriptions": [
    {
      object (CertificateDescription)
    }
  ],
  "gcsBucket": string,
  "accessUrls": {
    object (AccessUrls)
  },
  "createTime": string,
  "updateTime": string,
  "deleteTime": string,
  "expireTime": string,
  "labels": {
    string: string,
    ...
  }
}

string

Output only. The resource name for this CertificateAuthority in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

enum (Type)

Required. Immutable. The Type of this CertificateAuthority.

object (CertificateConfig)

Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.

string (Duration format)

Required. Immutable. The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

object (KeyVersionSpec)

Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.

object (SubordinateConfig)

Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.

enum (Tier)

Output only. The CaPool.Tier of the CaPool that includes this CertificateAuthority.

enum (State)

Output only. The State for this CertificateAuthority.

string

Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.

object (CertificateDescription)

Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.

string

Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as gs://) or suffixes (such as .googleapis.com). For example, to use a bucket named my-bucket, you would simply specify my-bucket. If not specified, a managed bucket will be created.

object (AccessUrls)

Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs.

string (Timestamp format)

Output only. The time at which this CertificateAuthority was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string (Timestamp format)

Output only. The time at which this CertificateAuthority was last updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string (Timestamp format)

Output only. The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string (Timestamp format)

Output only. The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

map (key: string, value: string)

Optional. Labels with user-defined metadata.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

{

  // Union field KeyVersion can be only one of the following:
  "cloudKmsKeyVersion": string,
  "algorithm": enum (SignHashAlgorithm)
  // End of list of possible types for union field KeyVersion.
}

string

The resource name for an existing Cloud KMS CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*. This option enables full flexibility in the key's capabilities and properties.

enum (SignHashAlgorithm)

The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as HSM.

{

  // Union field subordinate_config can be only one of the following:
  "certificateAuthority": string,
  "pemIssuerChain": {
    object (SubordinateConfigChain)
  }
  // End of list of possible types for union field subordinate_config.
}

string

Required. This can refer to a CertificateAuthority that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.

object (SubordinateConfigChain)

Required. Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.

{
  "pemCertificates": [
    string
  ]
}

string

Required. Expected to be in leaf-to-root order according to RFC 5246.

{
  "caCertificateAccessUrl": string,
  "crlAccessUrls": [
    string
  ]
}

string

The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.

string

The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.