Origin
Provides a Cloudflare Origin CA certificate used to protect traffic to your origin without involving a third party Certificate Authority.
Since v3.32.0 all authentication schemes are supported for managing Origin CA certificates. Versions prior to v3.32.0 will still need to use
api_user_service_key.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
import * as tls from "@pulumi/tls";
const example = new tls.index.PrivateKey("example", {algorithm: "RSA"});
const exampleCertRequest = new tls.index.CertRequest("example", {
privateKeyPem: example.privateKeyPem,
subject: [{
commonName: "",
organization: "Terraform Test",
}],
});
const exampleOriginCaCertificate = new cloudflare.OriginCaCertificate("example", {
csr: exampleCertRequest.certRequestPem,
hostnames: ["example.com"],
requestType: "origin-rsa",
requestedValidity: 7,
});Content copied to clipboard
import pulumi
import pulumi_cloudflare as cloudflare
import pulumi_tls as tls
example = tls.index.PrivateKey("example", algorithm=RSA)
example_cert_request = tls.index.CertRequest("example",
private_key_pem=example.private_key_pem,
subject=[{
commonName: ,
organization: Terraform Test,
}])
example_origin_ca_certificate = cloudflare.OriginCaCertificate("example",
csr=example_cert_request["certRequestPem"],
hostnames=["example.com"],
request_type="origin-rsa",
requested_validity=7)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var example = new Tls.Index.PrivateKey("example", new()
{
Algorithm = "RSA",
});
var exampleCertRequest = new Tls.Index.CertRequest("example", new()
{
PrivateKeyPem = example.PrivateKeyPem,
Subject = new[]
{
{
{ "commonName", "" },
{ "organization", "Terraform Test" },
},
},
});
var exampleOriginCaCertificate = new Cloudflare.OriginCaCertificate("example", new()
{
Csr = exampleCertRequest.CertRequestPem,
Hostnames = new[]
{
"example.com",
},
RequestType = "origin-rsa",
RequestedValidity = 7,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := tls.NewPrivateKey(ctx, "example", &tls.PrivateKeyArgs{
Algorithm: "RSA",
})
if err != nil {
return err
}
exampleCertRequest, err := tls.NewCertRequest(ctx, "example", &tls.CertRequestArgs{
PrivateKeyPem: example.PrivateKeyPem,
Subject: []map[string]interface{}{
map[string]interface{}{
"commonName": "",
"organization": "Terraform Test",
},
},
})
if err != nil {
return err
}
_, err = cloudflare.NewOriginCaCertificate(ctx, "example", &cloudflare.OriginCaCertificateArgs{
Csr: exampleCertRequest.CertRequestPem,
Hostnames: pulumi.StringArray{
pulumi.String("example.com"),
},
RequestType: pulumi.String("origin-rsa"),
RequestedValidity: pulumi.Int(7),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.privateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.certRequest;
import com.pulumi.tls.CertRequestArgs;
import com.pulumi.cloudflare.OriginCaCertificate;
import com.pulumi.cloudflare.OriginCaCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new PrivateKey("example", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
var exampleCertRequest = new CertRequest("exampleCertRequest", CertRequestArgs.builder()
.privateKeyPem(example.privateKeyPem())
.subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build());
var exampleOriginCaCertificate = new OriginCaCertificate("exampleOriginCaCertificate", OriginCaCertificateArgs.builder()
.csr(exampleCertRequest.certRequestPem())
.hostnames("example.com")
.requestType("origin-rsa")
.requestedValidity(7)
.build());
}
}Content copied to clipboard
resources:
example:
type: tls:privateKey
properties:
algorithm: RSA
exampleCertRequest:
type: tls:certRequest
name: example
properties:
privateKeyPem: ${example.privateKeyPem}
subject:
- commonName: ""
organization: Terraform Test
exampleOriginCaCertificate:
type: cloudflare:OriginCaCertificate
name: example
properties:
csr: ${exampleCertRequest.certRequestPem}
hostnames:
- example.com
requestType: origin-rsa
requestedValidity: 7Content copied to clipboard
Import
$ pulumi import cloudflare:index/originCaCertificate:OriginCaCertificate example <certificate_id>Content copied to clipboard
Properties
Link copied to clipboard
The Origin CA certificate.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The number of days for which the certificate should be valid. Available values: 7, 30, 90, 365, 730, 1095, 5475. Modifying this attribute will force creation of a new resource.
Link copied to clipboard
The signature type desired on the certificate. Available values: origin-rsa, origin-ecc, keyless-certificate. Modifying this attribute will force creation of a new resource.