Class CertificateAuthority

A CertificateAuthority represents an individual Certificate Authority. A CertificateAuthority can be used to create Certificates.

Attributes
NameDescription
strname
Output only. The resource name for this CertificateAuthority in the format ``projects/*/locations/*/certificateAuthorities/*``.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.Typetype_
Required. Immutable. The Type of this CertificateAuthority.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.Tiertier
Required. Immutable. The Tier of this CertificateAuthority.
google.cloud.security.privateca_v1beta1.types.CertificateConfigconfig
Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
google.protobuf.duration_pb2.Durationlifetime
Required. The desired lifetime of the CA certificate. Used to create the "not_before_time" and "not_after_time" fields inside an X.509 certificate.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.KeyVersionSpeckey_spec
Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.CertificateAuthorityPolicycertificate_policy
Optional. The CertificateAuthorityPolicy to enforce when issuing Certificates from this CertificateAuthority.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.IssuingOptionsissuing_options
Optional. The IssuingOptions to follow when issuing Certificates from this CertificateAuthority.
google.cloud.security.privateca_v1beta1.types.SubordinateConfigsubordinate_config
Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.Statestate
Output only. The State for this CertificateAuthority.
Sequence[str]pem_ca_certificates
Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.
Sequence[google.cloud.security.privateca_v1beta1.types.CertificateDescription]ca_certificate_descriptions
Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.
strgcs_bucket
Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as ``gs://``) or suffixes (such as ``.googleapis.com``). For example, to use a bucket named ``my-bucket``, you would simply specify ``my-bucket``. If not specified, a managed bucket will be created.
google.cloud.security.privateca_v1beta1.types.CertificateAuthority.AccessUrlsaccess_urls
Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs.
google.protobuf.timestamp_pb2.Timestampcreate_time
Output only. The time at which this CertificateAuthority was created.
google.protobuf.timestamp_pb2.Timestampupdate_time
Output only. The time at which this CertificateAuthority was updated.
google.protobuf.timestamp_pb2.Timestampdelete_time
Output only. The time at which this CertificateAuthority will be deleted, if scheduled for deletion.
Sequence[google.cloud.security.privateca_v1beta1.types.CertificateAuthority.LabelsEntry]labels
Optional. Labels with user-defined metadata.

Inheritance

builtins.object > proto.message.Message > CertificateAuthority

Classes

AccessUrls

AccessUrls(mapping=None, *, ignore_unknown_fields=False, **kwargs)

URLs where a CertificateAuthority will publish content.

CertificateAuthorityPolicy

CertificateAuthorityPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The issuing policy for a CertificateAuthority. Certificates will not be successfully issued from this CertificateAuthority if they violate the policy.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

IssuingOptions

IssuingOptions(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Options that affect all certificates issued by a CertificateAuthority.

KeyVersionSpec

KeyVersionSpec(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A Cloud KMS key configuration that a CertificateAuthority will use.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

LabelsEntry

LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

API documentation for security.privateca_v1beta1.types.CertificateAuthority.LabelsEntry class.

SignHashAlgorithm

SignHashAlgorithm(value)

The algorithm of a Cloud KMS CryptoKeyVersion of a CryptoKey with the CryptoKeyPurpose value ASYMMETRIC_SIGN. These values correspond to the CryptoKeyVersionAlgorithm values. For RSA signing algorithms, the PSS algorithms should be preferred, use PKCS1 algorithms if required for compatibility. For further recommandations, see https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.

State

State(value)

The state of a CertificateAuthority, indicating if it can be used.

Tier

Tier(value)

The tier of a CertificateAuthority, indicating its supported functionality and/or billing SKU.

Type

Type(value)

The type of a CertificateAuthority, indicating its issuing chain.