Method: regionSslCertificates.get

Returns the specified SslCertificate resource in the specified region. regionSslCertificates.get a list of available SSL certificates by making a list() request.

HTTP request

GET https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/sslCertificates/{sslCertificate}

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
project

string

Project ID for this request.

region

string

Name of the region scoping this request.

sslCertificate

string

Name of the SslCertificate resource to return.

Request body

The request body must be empty.

Response body

Represents an SSL certificate resource.

Google Compute Engine has two SSL certificate resources:

The global SSL certificates (sslCertificates) are used by:

  • Global external Application Load Balancers
  • Classic Application Load Balancers
  • Proxy Network Load Balancers (with target SSL proxies)

The regional SSL certificates (regionSslCertificates) are used by:

  • Regional external Application Load Balancers
  • Regional internal Application Load Balancers

Optionally, certificate file contents that you upload can contain a set of up to five PEM-encoded certificates. The API call creates an object (sslCertificate) that holds this data. You can use SSL keys and certificates to secure connections to a load balancer. For more information, read Creating and using SSL certificates, SSL certificates quotas and limits, and Troubleshooting SSL certificates.

If successful, the response body contains data with the following structure:

JSON representation
{
  "kind": string,
  "id": string,
  "creationTimestamp": string,
  "name": string,
  "description": string,
  "selfLink": string,
  "certificate": string,
  "privateKey": string,
  "managed": {
    "domains": [
      string
    ],
    "status": enum,
    "domainStatus": {
      string: enum,
      ...
    }
  },
  "selfManaged": {
    "certificate": string,
    "privateKey": string
  },
  "type": enum,
  "subjectAlternativeNames": [
    string
  ],
  "expireTime": string,
  "region": string
}
Fields
kind

string

[Output Only] Type of the resource. Always compute#sslCertificate for SSL certificates.

id

string (uint64 format)

[Output Only] The unique identifier for the resource. This identifier is defined by the server.

creationTimestamp

string

[Output Only] Creation timestamp in RFC3339 text format.

name

string

Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

description

string

An optional description of this resource. Provide this property when you create the resource.

certificate

string

A value read into memory from a certificate file. The certificate file must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.

privateKey

string

A value read into memory from a write-only private key file. The private key file must be in PEM format. For security, only insert requests include this field.

managed

object

Configuration and status of a managed SSL certificate.

managed.domains[]

string

The domains for which a managed SSL certificate will be generated. Each Google-managed SSL certificate supports up to the maximum number of domains per Google-managed SSL certificate.

managed.status

enum

[Output only] Status of the managed certificate resource.

managed.domainStatus

map (key: string, value: enum)

[Output only] Detailed statuses of the domains specified for managed certificate resource.

selfManaged

object

Configuration and status of a self-managed SSL certificate.

selfManaged.certificate

string

A local certificate file. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.

selfManaged.privateKey

string

A write-only private key in PEM format. Only insert requests will include this field.

type

enum

(Optional) Specifies the type of SSL certificate, either "SELF_MANAGED" or "MANAGED". If not specified, the certificate is self-managed and the fields certificate and privateKey are used.

subjectAlternativeNames[]

string

[Output Only] Domains associated with the certificate via Subject Alternative Name.

expireTime

string

[Output Only] Expire time of the certificate. RFC3339

region

string

[Output Only] URL of the region where the regional SSL Certificate resides. This field is not applicable to global SSL Certificate.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/compute.readonly
  • https://www.googleapis.com/auth/compute
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

In addition to any permissions specified on the fields above, authorization requires one or more of the following IAM permissions:

  • compute.regionSslCertificates.get

To find predefined roles that contain those permissions, see Compute Engine IAM Roles.