Certificates
akamai_cloudcertificates_certificates
Beta
Hello. Just a note to let you know the underlying API on which this data source is built is general release and has been vetted, but because this is a new feature for our Terraform provider, we've given it beta label.
This status just means we've paused for a bit to get your feedback to make sure this data source works like you need and expect.
List all certificates available to you.
data "akamai_cloudcertificates_certificates" "my-certs" {
certificate_status = ["ACTIVE"]
include_certificate_materials = true
}
output "my-certs" {
value = data.akamai_cloudcertificates_certificates.my-certs
}
my-certs = {
certificate_name = null
certificate_status = [
"ACTIVE",
]
certificates = [
{
account_id = "A-CCT1234"
certificate_id = "12345"
certificate_name = "my-cert"
certificate_status = "ACTIVE"
certificate_type = "THIRD_PARTY"
contract_id = "C-0N7RAC7"
created_by = "jsmith"
created_date = "2025-10-24T17:10:47.940678Z"
csr_expiration_date = "2026-12-26T17:10:48Z"
csr_pem = <<-EOT
-----BEGIN CERTIFICATE REQUEST-----
MIID <sample - removed for readability> .... Mweq
-----END CERTIFICATE REQUEST-----
EOT
key_size = "P-256"
key_type = "ECDSA"
modified_by = "jsmith"
modified_date = "2025-10-24T17:14:47.941736Z"
sans = [
"example.com",
]
secure_network = "ENHANCED_TLS"
signed_certificate_issuer = "CN=example.com CA,O=Main Street Corporation,C=US"
signed_certificate_not_valid_after_date = "2026-01-22T23:59:59Z"
signed_certificate_not_valid_before_date = "2025-10-24T00:00:00Z"
signed_certificate_pem = <<-EOT
-----BEGIN CERTIFICATE-----
MIID <sample - removed for readability> .... Mweq
-----END CERTIFICATE-----
EOT
signed_certificate_serial_number = "a1:23:4b:56:78:9c:0d:12:e3:45:67:89:f0:1g:hi:jk"
signed_certificate_sha256_fingerprint = "A1:23:4B:5C:67:89:00:12:3D:45:F6:G7:89:HI:J0:K1:L2:M3:45:67:NO"
subject = {
common_name = "example.com"
country = "US"
locality = "Cambridge"
organization = "Main Street Corporation"
state = "MA"
}
trust_chain_pem = <<-EOT
-----BEGIN CERTIFICATE-----
MIID <sample - removed for readability> .... Mweq
-----END CERTIFICATE-----
EOT
},
]
contract_id = null
domain = null
expiring_in_days = null
group_id = null
include_certificate_materials = true
issuer = null
key_type = null
sort = null
}
Arguments
Leave the data source empty to return all certificates or provide optional arguments to filter your results.
| Argument | Required | Description |
|---|---|---|
contract_id | Returns certificates created under the specified contract ID. | |
group_id | Returns certificates that belong to the specified group ID. | |
certificate_name | Returns certificates matching the specified name. Supports partial matches. | |
certificate_status | Returns certificates by the specified status. Possible values are: CSR_READY, READY_FOR_USE, or ACTIVE. | |
domain | Returns certificates whose subject common name (CN) or any subject alternative name (SAN) matches the specified domain. The matches are case-insensitive and support partial values and wildcards. | |
expiring_in_days | Returns certificates that expire within the specified number of days from the request date. For example, a value of 5 returns certificates that expire in the next five days or less. A value of 0 returns only expired certificates. | |
include_certificate_materials | If true, the response includes full certificate data, like the CSR, signed certificate, and trust chain. | |
issuer | Returns certificates matching the specified issuer field. Supports partial matches. | |
key_type | Returns certificates by the specified key type, either RSA or ECDSA. | |
sort | Sorts results by one or more comma-separated certificate fields. Supported fields are modified_date, expiration_date, created_date, and certificate_name. Prefix a field with a minus sign (-) for descending order or a plus sign (+) for ascending order. If not specified, by default, the results are sorted by modified_date in descending order. |
Attributes
Returned to you is a set of certificates with their details.
| Attribute | Description |
|---|---|
account_id |
The account's ID. |
contract_id |
The contract's ID. |
certificate_id |
The certificate's ID. |
certificate_name |
The certificate's name. |
certificate_status |
The certificate's status. Possible values are:
|
certificate_type |
The certificate type. This attribute populates only with the THIRD_PARTY value. |
created_by |
The user who created the certificate. |
created_date |
The timestamp indicating when the certificate was created. |
csr_expiration_date |
The timestamp indicating when the CSR will expire. |
csr_pem |
A text representation of the certificate signing request (CSR) in PEM format. |
key_size |
Your certificate's key size. Possible values are:
|
key_type |
Your certificate's key type, either RSA or ECDSA. |
modified_by |
The user who modified the certificate. |
modified_date |
The timestamp indicating when the certificate was modified. |
sans |
A list of the subject alternative names (SANs) secured by a certificate. |
secure_network |
The type of security on a deployment network. Only ENHANCED_TLS is supported. |
signed_certificate_not_valid_after_date |
The timestamp indicating the end of the signed certificate's valid period. |
signed_certificate_not_valid_before_date |
The timestamp indicating the start of the signed certificate's valid period. |
signed_certificate_serial_number |
The signed certificate's serial number in hex format. |
signed_certificate_sha256_fingerprint |
The signed certificate's SHA-256 fingerprint. |
signed_certificate_issuer |
The signed certificate's issuer field. |
signed_certificate_pem |
The PEM-encoded signed certificate you uploaded. |
trust_chain_pem |
The PEM-encoded trust chain for the signed certificate. |
subject |
Subject fields as defined in X.509 certificates (RFC 5280). Includes:
|
Updated about 2 hours ago