REST Resource: projects.locations.certificates

Resource: Certificate

Defines TLS certificate.

JSON representation
{
  "name": string,
  "description": string,
  "createTime": string,
  "updateTime": string,
  "labels": {
    string: string,
    ...
  },
  "sanDnsnames": [
    string
  ],
  "pemCertificate": string,
  "expireTime": string,
  "scope": enum (Scope),

  // Union field type can be only one of the following:
  "selfManaged": {
    object (SelfManagedCertificate)
  },
  "managed": {
    object (ManagedCertificate)
  }
  // End of list of possible types for union field type.
}
Fields
name

string

A user-defined name of the certificate. Certificate names must be unique globally and match pattern projects/*/locations/*/certificates/*.

description

string

One or more paragraphs of text description of a certificate.

createTime

string (Timestamp format)

Output only. The creation timestamp of a Certificate.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. The last update timestamp of a Certificate.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

labels

map (key: string, value: string)

Set of labels associated with a Certificate.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

sanDnsnames[]

string

Output only. The list of Subject Alternative Names of dnsName type defined in the certificate (see RFC 5280 4.2.1.6)

pemCertificate

string

Output only. The PEM-encoded certificate chain.

expireTime

string (Timestamp format)

Output only. The expiry timestamp of a Certificate.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

scope

enum (Scope)

Immutable. The scope of the certificate.

Union field type.

type can be only one of the following:

selfManaged

object (SelfManagedCertificate)

If set, defines data of a self-managed certificate.

managed

object (ManagedCertificate)

If set, contains configuration and state of a managed certificate.

SelfManagedCertificate

Certificate data for a SelfManaged Certificate. SelfManaged Certificates are uploaded by the user. Updating such certificates before they expire remains the user's responsibility.

JSON representation
{
  "pemCertificate": string,
  "pemPrivateKey": string
}
Fields
pemCertificate

string

Input only. The PEM-encoded certificate chain. Leaf certificate comes first, followed by intermediate ones if any.

pemPrivateKey

string

Input only. The PEM-encoded private key of the leaf certificate.

ManagedCertificate

Configuration and state of a Managed Certificate. Certificate Manager provisions and renews Managed Certificates automatically, for as long as it's authorized to do so.

JSON representation
{
  "domains": [
    string
  ],
  "dnsAuthorizations": [
    string
  ],
  "state": enum (State),
  "provisioningIssue": {
    object (ProvisioningIssue)
  },
  "authorizationAttemptInfo": [
    {
      object (AuthorizationAttemptInfo)
    }
  ]
}
Fields
domains[]

string

Immutable. The domains for which a managed SSL certificate will be generated. Wildcard domains are only supported with DNS challenge resolution.

dnsAuthorizations[]

string

Immutable. Authorizations that will be used for performing domain authorization.

state

enum (State)

Output only. State of the managed certificate resource.

provisioningIssue

object (ProvisioningIssue)

Information about issues with provisioning a Managed Certificate.

authorizationAttemptInfo[]

object (AuthorizationAttemptInfo)

Output only. Detailed state of the latest authorization attempt for each domain specified for managed certificate resource.

State

Enums
STATE_UNSPECIFIED
PROVISIONING Certificate Manager attempts to provision or renew the certificate. If the process takes longer than expected, consult the provisioningIssue field.
FAILED Multiple certificate provisioning attempts failed and Certificate Manager gave up. To try again, delete and create a new managed Certificate resource. For details see the provisioningIssue field.
ACTIVE The certificate management is working, and a certificate has been provisioned.

ProvisioningIssue

Information about issues with provisioning a Managed Certificate.

JSON representation
{
  "reason": enum (Reason),
  "details": string
}
Fields
reason

enum (Reason)

Reason for provisioning failures.

details

string

Human readable explanation about the issue. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum.

Reason

Enums
REASON_UNSPECIFIED
AUTHORIZATION_ISSUE Certificate provisioning failed due to an issue with one or more of the domains on the certificate. For details of which domains failed, consult the authorizationAttemptInfo field.
RATE_LIMITED Exceeded Certificate Authority quotas or internal rate limits of the system. Provisioning may take longer to complete.

AuthorizationAttemptInfo

State of the latest attempt to authorize a domain for certificate issuance.

JSON representation
{
  "domain": string,
  "state": enum (State),
  "failureReason": enum (FailureReason),
  "details": string
}
Fields
domain

string

Domain name of the authorization attempt.

state

enum (State)

State of the domain for managed certificate issuance.

failureReason

enum (FailureReason)

Output only. Reason for failure of the authorization attempt for the domain.

details

string

Human readable explanation for reaching the state. Provided to help address the configuration issues. Not guaranteed to be stable. For programmatic access use Reason enum.

State

Enums
STATE_UNSPECIFIED
AUTHORIZING Certificate provisioning for this domain is under way. GCP will attempt to authorize the domain.
AUTHORIZED A managed certificate can be provisioned, no issues for this domain.
FAILED Attempt to authorize the domain failed. This prevents the Managed Certificate from being issued. See failureReason and details fields for more information.

FailureReason

Enums
FAILURE_REASON_UNSPECIFIED
CONFIG There was a problem with the user's DNS or load balancer configuration for this domain.
CAA Certificate issuance forbidden by an explicit CAA record for the domain or a failure to check CAA records for the domain.
RATE_LIMITED Reached a CA or internal rate-limit for the domain, e.g. for certificates per top-level private domain.

Scope

Certificate scope.

Enums
DEFAULT Certificates with default scope are served from core Google data centers. If unsure, choose this option.
EDGE_CACHE Certificates with scope EDGE_CACHE are special-purposed certificates, served from non-core Google data centers.

Methods

create

Creates a new Certificate in a given project and location.

delete

Deletes a single Certificate.

get

Gets details of a single Certificate.

list

Lists Certificates in a given project and location.

patch

Updates a Certificate.