tls_locally_signed_cert (Resource)

Creates a TLS certificate in PEM (RFC 1421) format using a Certificate Signing Request (CSR) and signs it with a provided (local) Certificate Authority (CA).

Example Usage

// DO NOT EDIT. Code generated by 'cdktf convert' - Please report bugs at https://cdk.tf/bug
import { Construct } from "constructs";
import { Fn, Token, TerraformStack } from "cdktf";
/*
 * Provider bindings are generated by running `cdktf get`.
 * See https://cdk.tf/provider-generation for more details.
 */
import { LocallySignedCert } from "./.gen/providers/tls/locally-signed-cert";
class MyConvertedCode extends TerraformStack {
  constructor(scope: Construct, name: string) {
    super(scope, name);
    new LocallySignedCert(this, "example", {
      allowedUses: ["key_encipherment", "digital_signature", "server_auth"],
      caCertPem: Token.asString(Fn.file("ca_cert.pem")),
      caPrivateKeyPem: Token.asString(Fn.file("ca_private_key.pem")),
      certRequestPem: Token.asString(Fn.file("cert_request.pem")),
      validityPeriodHours: 12,
    });
  }
}

Schema

Required

Optional

Read-Only

Automatic Renewal

This resource considers its instances to have been deleted after either their validity periods ends (i.e. beyond the validityPeriodHours) or the early renewal period is reached (i.e. within the earlyRenewalHours): when this happens, the readyForRenewal attribute will be true. At this time, applying the Terraform configuration will cause a new certificate to be generated for the instance.

Therefore in a development environment with frequent deployments it may be convenient to set a relatively-short expiration time and use early renewal to automatically provision a new certificate when the current one is about to expire.

The creation of a new certificate may of course cause dependent resources to be updated or replaced, depending on the lifecycle rules applying to those resources.