Class CertificateAuthority (1.1.0)

CertificateAuthority(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.

Attributes
Name	Description
`name`	`str` Output only. The resource name for this CertificateAuthority in the format `projects//locations//caPools//certificateAuthorities/`.
`type_`	`google.cloud.security.privateca_v1.types.CertificateAuthority.Type` Required. Immutable. The Type of this CertificateAuthority.
`config`	`google.cloud.security.privateca_v1.types.CertificateConfig` Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
`lifetime`	`google.protobuf.duration_pb2.Duration` Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
`key_spec`	`google.cloud.security.privateca_v1.types.CertificateAuthority.KeyVersionSpec` Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
`subordinate_config`	`google.cloud.security.privateca_v1.types.SubordinateConfig` Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
`tier`	`google.cloud.security.privateca_v1.types.CaPool.Tier` Output only. The CaPool.Tier of the CaPool that includes this CertificateAuthority.
`state`	`google.cloud.security.privateca_v1.types.CertificateAuthority.State` Output only. The State for this CertificateAuthority.
`pem_ca_certificates`	`Sequence[str]` Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
`ca_certificate_descriptions`	`Sequence[google.cloud.security.privateca_v1.types.CertificateDescription]` Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
`gcs_bucket`	`str` Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created.
`access_urls`	`google.cloud.security.privateca_v1.types.CertificateAuthority.AccessUrls` Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs.
`create_time`	`google.protobuf.timestamp_pb2.Timestamp` Output only. The time at which this CertificateAuthority was created.
`update_time`	`google.protobuf.timestamp_pb2.Timestamp` Output only. The time at which this CertificateAuthority was last updated.
`delete_time`	`google.protobuf.timestamp_pb2.Timestamp` Output only. The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.
`expire_time`	`google.protobuf.timestamp_pb2.Timestamp` Output only. The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.
`labels`	`Sequence[google.cloud.security.privateca_v1.types.CertificateAuthority.LabelsEntry]` Optional. Labels with user-defined metadata.

Classes

AccessUrls

AccessUrls(mapping=None, *, ignore_unknown_fields=False, **kwargs)

URLs where a CertificateAuthority will publish content.

KeyVersionSpec

KeyVersionSpec(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A Cloud KMS key configuration that a CertificateAuthority will use.

LabelsEntry

LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The abstract base class for a message.

Parameters
Name	Description
`kwargs`	`dict` Keys and values corresponding to the fields of the message.
`mapping`	`Union[dict, .Message]` A dictionary or message to be used to determine the values for this message.
`ignore_unknown_fields`	`Optional(bool)` If True, do not raise errors for unknown fields. Only applied if `mapping` is a mapping type or there are keyword parameters.

SignHashAlgorithm

SignHashAlgorithm(value)

The algorithm of a Cloud KMS CryptoKeyVersion of a CryptoKey with the CryptoKeyPurpose value ASYMMETRIC_SIGN. These values correspond to the CryptoKeyVersionAlgorithm values. For RSA signing algorithms, the PSS algorithms should be preferred, use PKCS1 algorithms if required for compatibility. For further recommandations, see https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.

State

State(value)

The state of a CertificateAuthority, indicating if it can be used.

Type

Type(value)

The type of a CertificateAuthority, indicating its issuing chain.