Resource: Certificate
A Certificate
corresponds to a signed X.509 certificate issued by a CertificateAuthority
.
JSON representation |
---|
{ "name": string, "issuerCertificateAuthority": string, "lifetime": string, "certificateTemplate": string, "subjectMode": enum ( |
Fields | |
---|---|
name |
Output only. The resource name for this |
issuerCertificateAuthority |
Output only. The resource name of the issuing |
lifetime |
Required. Immutable. The desired lifetime of a certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain. A duration in seconds with up to nine fractional digits, ending with ' |
certificateTemplate |
Immutable. The resource name for a |
subjectMode |
Immutable. Specifies how the |
revocationDetails |
Output only. Details regarding the revocation of this |
pemCertificate |
Output only. The pem-encoded, signed X.509 certificate. |
certificateDescription |
Output only. A structured description of the issued X.509 certificate. |
pemCertificateChain[] |
Output only. The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246. |
createTime |
Output only. The time at which this A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
Output only. The time at which this A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
labels |
Optional. Labels with user-defined metadata. An object containing a list of |
Union field certificate_config . The config used to create a signed X.509 certificate. certificate_config can be only one of the following: |
|
pemCsr |
Immutable. A pem-encoded X.509 certificate signing request (CSR). |
config |
Immutable. A description of the certificate and key that does not require X.509 or ASN.1. |
SubjectRequestMode
Describes the way in which a Certificate
's Subject
and/or SubjectAltNames
will be resolved.
Enums | |
---|---|
SUBJECT_REQUEST_MODE_UNSPECIFIED |
Not specified. |
DEFAULT |
The default mode used in most cases. Indicates that the certificate's Subject and/or SubjectAltNames are specified in the certificate request. This mode requires the caller to have the privateca.certificates.create permission. |
REFLECTED_SPIFFE |
A mode reserved for special cases. Indicates that the certificate should have one SPIFFE SubjectAltNames set by the service based on the caller's identity. This mode will ignore any explicitly specified Subject and/or SubjectAltNames in the certificate request. This mode requires the caller to have the privateca.certificates.createForSelf permission. |
RevocationDetails
Describes fields that are relavent to the revocation of a Certificate
.
JSON representation |
---|
{
"revocationState": enum ( |
Fields | |
---|---|
revocationState |
Indicates why a |
revocationTime |
The time at which this A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Methods |
|
---|---|
|
Create a new Certificate in a given Project, Location from a particular CaPool . |
|
Returns a Certificate . |
|
Lists Certificates . |
|
Update a Certificate . |
|
Revoke a Certificate . |