- Resource: Certificate
- SelfManagedCertificate
- ManagedCertificate
- State
- ProvisioningIssue
- Reason
- AuthorizationAttemptInfo
- State
- FailureReason
- Scope
- UsedBy
- Methods
Resource: Certificate
Defines TLS certificate.
| JSON representation |
|---|
{ "name": string, "description": string, "createTime": string, "updateTime": string, "labels": { string: string, ... }, "sanDnsnames": [ string ], "pemCertificate": string, "expireTime": string, "scope": enum ( |
| Fields | |
|---|---|
name |
Identifier. A user-defined name of the certificate. Certificate names must be unique globally and match pattern |
description |
Optional. One or more paragraphs of text description of a certificate. |
createTime |
Output only. The creation timestamp of a Certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
updateTime |
Output only. The last update timestamp of a Certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
labels |
Optional. Set of labels associated with a Certificate. An object containing a list of |
sanDnsnames[] |
Output only. The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6). Managed certificates that haven't been provisioned yet have this field populated with a value of the managed.domains field. |
pemCertificate |
Output only. The PEM-encoded certificate chain. |
expireTime |
Output only. The expiry timestamp of a Certificate. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
scope |
Optional. Immutable. The scope of the certificate. |
usedBy[] |
Output only. The list of resources that use this Certificate. |
Union field type. Type of the certificate. Required. type can be only one of the following: |
|
selfManaged |
If set, defines data of a self-managed certificate. |
managed |
If set, contains configuration and state of a managed certificate. |
SelfManagedCertificate
Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility.
| JSON representation |
|---|
{ "pemCertificate": string, "pemPrivateKey": string } |
| Fields | |
|---|---|
pemCertificate |
Optional. Input only. The PEM-encoded certificate chain. Leaf certificate comes first, followed by intermediate ones if any. |
pemPrivateKey |
Optional. Input only. The PEM-encoded private key of the leaf certificate. |
ManagedCertificate
Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so.
| JSON representation |
|---|
{ "domains": [ string ], "dnsAuthorizations": [ string ], "issuanceConfig": string, "state": enum ( |
| Fields | |
|---|---|
domains[] |
Optional. Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution. |
dnsAuthorizations[] |
Optional. Immutable. Authorizations that will be used for performing domain authorization. |
issuanceConfig |
Optional. Immutable. The resource name for a |
state |
Output only. State of the managed certificate resource. |
provisioningIssue |
Output only. Information about issues with provisioning a Managed Certificate. |
authorizationAttemptInfo[] |
Output only. Detailed state of the latest authorization attempt for each domain specified for managed certificate resource. |
State
State of the managed certificate resource.
| Enums | |
|---|---|
STATE_UNSPECIFIED |
State is unspecified. |
PROVISIONING |
Certificate Manager attempts to provision or renew the certificate. If the process takes longer than expected, consult the provisioningIssue field. |
FAILED |
Multiple certificate provisioning attempts failed and Certificate Manager gave up. To try again, delete and create a new managed Certificate resource. For details see the provisioningIssue field. |
ACTIVE |
The certificate management is working, and a certificate has been provisioned. |
ProvisioningIssue
Information about issues with provisioning a Managed Certificate.
| JSON representation |
|---|
{
"reason": enum ( |
| Fields | |
|---|---|
reason |
Output only. Reason for provisioning failures. |
details |
Output only. Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum. |
Reason
Reason for provisioning failures.
| Enums | |
|---|---|
REASON_UNSPECIFIED |
Reason is unspecified. |
AUTHORIZATION_ISSUE |
Certificate provisioning failed due to an issue with one or more of the domains on the certificate. For details of which domains failed, consult the authorizationAttemptInfo field. |
RATE_LIMITED |
Exceeded Certificate Authority quotas or internal rate limits of the system. Provisioning may take longer to complete. |
AuthorizationAttemptInfo
State of the latest attempt to authorize a domain for certificate issuance.
| JSON representation |
|---|
{ "domain": string, "state": enum ( |
| Fields | |
|---|---|
domain |
Output only. Domain name of the authorization attempt. |
state |
Output only. State of the domain for managed certificate issuance. |
failureReason |
Output only. Reason for failure of the authorization attempt for the domain. |
details |
Output only. Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use FailureReason enum. |
State
State of the domain for managed certificate issuance.
| Enums | |
|---|---|
STATE_UNSPECIFIED |
State is unspecified. |
AUTHORIZING |
Certificate provisioning for this domain is under way. Google Cloud will attempt to authorize the domain. |
AUTHORIZED |
A managed certificate can be provisioned, no issues for this domain. |
FAILED |
Attempt to authorize the domain failed. This prevents the Managed Certificate from being issued. See failureReason and details fields for more information. |
FailureReason
Reason for failure of the authorization attempt for the domain.
| Enums | |
|---|---|
FAILURE_REASON_UNSPECIFIED |
FailureReason is unspecified. |
CONFIG |
There was a problem with the user's DNS or load balancer configuration for this domain. |
CAA |
Certificate issuance forbidden by an explicit CAA record for the domain or a failure to check CAA records for the domain. |
RATE_LIMITED |
Reached a CA or internal rate-limit for the domain, e.g. for certificates per top-level private domain. |
Scope
Certificate scope.
| Enums | |
|---|---|
DEFAULT |
Use the DEFAULT scope if you plan to use the certificate with global external Application Load Balancer, global external proxy Network Load Balancer, or any of the regional Google Cloud services. |
EDGE_CACHE |
Use the EDGE_CACHE scope if you plan to use the certificate with Media CDN. The certificates are served from Edge Points of Presence. See https://cloud.google.com/vpc/docs/edge-locations. |
ALL_REGIONS |
Use the ALL_REGIONS scope if you plan to use the certificate with cross-region internal Application Load Balancer. The certificates are served from all Google Cloud regions. See https://cloud.google.com/compute/docs/regions-zones. |
CLIENT_AUTH |
Associated with certificates used as client certificates in Backend mTLS. |
UsedBy
Defines a resource that uses the certificate.
| JSON representation |
|---|
{ "name": string } |
| Fields | |
|---|---|
name |
Output only. Full name of the resource https://google.aip.dev/122#full-resource-names, e.g. |