Create a Certificate Authority pool using all fields
Stay organized with collections
Save and categorize content based on your preferences.
This sample shows all the possible fields for a Certificate Authority pool.
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Create a Certificate Authority pool using all fields\n\nThis sample shows all the possible fields for a Certificate Authority pool.\n\nCode sample\n-----------\n\n### Terraform\n\n\nTo learn how to apply or remove a Terraform configuration, see\n[Basic Terraform commands](/docs/terraform/basic-commands).\n\n\nFor more information, see the\n[Terraform provider reference documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs).\n\n resource \"google_privateca_ca_pool\" \"default\" {\n name = \"ca-pool-all-fields\"\n location = \"us-central1\"\n tier = \"ENTERPRISE\"\n publishing_options {\n publish_ca_cert = false\n publish_crl = true\n }\n labels = {\n foo = \"bar\"\n }\n issuance_policy {\n allowed_key_types {\n elliptic_curve {\n signature_algorithm = \"ECDSA_P256\"\n }\n }\n allowed_key_types {\n rsa {\n min_modulus_size = 5\n max_modulus_size = 10\n }\n }\n maximum_lifetime = \"50000s\"\n allowed_issuance_modes {\n allow_csr_based_issuance = true\n allow_config_based_issuance = true\n }\n identity_constraints {\n allow_subject_passthrough = true\n allow_subject_alt_names_passthrough = true\n cel_expression {\n expression = \"subject_alt_names.all(san, san.type == DNS || san.type == EMAIL )\"\n title = \"My title\"\n }\n }\n baseline_values {\n aia_ocsp_servers = [\"example.com\"]\n additional_extensions {\n critical = true\n value = \"asdf\"\n object_id {\n object_id_path = [1, 7]\n }\n }\n policy_ids {\n object_id_path = [1, 5]\n }\n policy_ids {\n object_id_path = [1, 5, 7]\n }\n ca_options {\n is_ca = true\n max_issuer_path_length = 10\n }\n key_usage {\n base_key_usage {\n digital_signature = true\n content_commitment = true\n key_encipherment = false\n data_encipherment = true\n key_agreement = true\n cert_sign = false\n crl_sign = true\n decipher_only = true\n }\n extended_key_usage {\n server_auth = true\n client_auth = false\n email_protection = true\n code_signing = true\n time_stamping = true\n }\n }\n }\n }\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=privateca)."]]
