Class CertificateAuthority (0.4.0)

Stay organized with collections Save and categorize content based on your preferences.
CertificateAuthority(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.


name str
Output only. The resource name for this CertificateAuthority in the format ``projects/*/locations/*/caPools/*/certificateAuthorities/*``.
Required. Immutable. The Type of this CertificateAuthority.
Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
lifetime google.protobuf.duration_pb2.Duration
Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
Output only. The CaPool.Tier of the CaPool that includes this CertificateAuthority.
Output only. The State for this CertificateAuthority.
pem_ca_certificates Sequence[str]
Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
ca_certificate_descriptions Sequence[]
Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
gcs_bucket str
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as ``gs://``) or suffixes (such as ````). For example, to use a bucket named ``my-bucket``, you would simply specify ``my-bucket``. If not specified, a managed bucket will be created.
Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs.
create_time google.protobuf.timestamp_pb2.Timestamp
Output only. The time at which this CertificateAuthority was created.
update_time google.protobuf.timestamp_pb2.Timestamp
Output only. The time at which this CertificateAuthority was last updated.
delete_time google.protobuf.timestamp_pb2.Timestamp
Output only. The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
expire_time google.protobuf.timestamp_pb2.Timestamp
Output only. The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
labels Sequence[]
Optional. Labels with user-defined metadata.


builtins.object > proto.message.Message > CertificateAuthority



AccessUrls(mapping=None, *, ignore_unknown_fields=False, **kwargs)

URLs where a CertificateAuthority will publish content.


KeyVersionSpec(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A Cloud KMS key configuration that a CertificateAuthority will use.


LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The abstract base class for a message.

kwargs dict

Keys and values corresponding to the fields of the message.

mapping Union[dict, `.Message`]

A dictionary or message to be used to determine the values for this message.

ignore_unknown_fields Optional(bool)

If True, do not raise errors for unknown fields. Only applied if mapping is a mapping type or there are keyword parameters.



The algorithm of a Cloud KMS CryptoKeyVersion of a CryptoKey with the CryptoKeyPurpose value ASYMMETRIC_SIGN. These values correspond to the CryptoKeyVersionAlgorithm values. For RSA signing algorithms, the PSS algorithms should be preferred, use PKCS1 algorithms if required for compatibility. For further recommandations, see



The state of a CertificateAuthority, indicating if it can be used.



The type of a CertificateAuthority, indicating its issuing chain.