tls_locally_signed_cert (Resource)

Creates a TLS certificate in PEM (RFC 1421) format using a Certificate Signing Request (CSR) and signs it with a provided (local) Certificate Authority (CA).

Example Usage

# DO NOT EDIT. Code generated by 'cdktf convert' - Please report bugs at https://cdk.tf/bug
from constructs import Construct
from cdktf import Fn, Token, TerraformStack
#
# Provider bindings are generated by running `cdktf get`.
# See https://cdk.tf/provider-generation for more details.
#
from imports.tls.locally_signed_cert import LocallySignedCert
class MyConvertedCode(TerraformStack):
    def __init__(self, scope, name):
        super().__init__(scope, name)
        LocallySignedCert(self, "example",
            allowed_uses=["key_encipherment", "digital_signature", "server_auth"],
            ca_cert_pem=Token.as_string(Fn.file("ca_cert.pem")),
            ca_private_key_pem=Token.as_string(Fn.file("ca_private_key.pem")),
            cert_request_pem=Token.as_string(Fn.file("cert_request.pem")),
            validity_period_hours=12
        )

Schema

Required

Optional

Read-Only

Automatic Renewal

This resource considers its instances to have been deleted after either their validity periods ends (i.e. beyond the validity_period_hours) or the early renewal period is reached (i.e. within the early_renewal_hours): when this happens, the ready_for_renewal attribute will be true. At this time, applying the Terraform configuration will cause a new certificate to be generated for the instance.

Therefore in a development environment with frequent deployments it may be convenient to set a relatively-short expiration time and use early renewal to automatically provision a new certificate when the current one is about to expire.

The creation of a new certificate may of course cause dependent resources to be updated or replaced, depending on the lifecycle rules applying to those resources.