Client certificate

akamai_mtlskeystore_client_certificate

📘

Hello. Just a note to let you know the underlying API on which this data source is built is general release and has been vetted, but because this is a new feature for our Terraform provider, we've given it beta label.

This status just means we've paused for a bit to get your feedback to make sure this data source works like you need and expect.

Get details of a client certificate with its versions.

data "akamai_mtlskeystore_client_certificate" "my-cert" {
  certificate_id = 123
}

output "my-cert" {
  value = data.akamai_mtlskeystore_client_certificate.my-cert
}
Changes to Outputs:
  + my-cert = {
      + certificate_id                = 123
      + certificate_name              = "my-akamai-client-cert"
      + created_by                    = "jsmith@example.com"
      + created_date                  = "2025-07-01T10:21:34Z"
      + current                       = {
          + certificate_block          = {
              + certificate   = <<-EOT
                    -----BEGIN CERTIFICATE-----
                    nMIID <sample - removed for readability> .... nMweq
                    -----END CERTIFICATE-----
                EOT
              + key_algorithm = "RSA"
              + trust_chain   = <<-EOT
                    -----BEGIN CERTIFICATE-----
                    nMIID <sample - removed for readability> .... nMweq
                    -----END CERTIFICATE-----
                EOT
            }
          + certificate_submitted_by   = null
          + certificate_submitted_date = null
          + created_by                 = "jsmith@example.com"
          + created_date               = "2025-07-01T10:21:37Z"
          + csr_block                  = null
          + delete_requested_date      = null
          + expiry_date                = "2025-10-01T10:21:36Z"
          + issued_date                = "2025-07-01T10:21:36Z"
          + issuer                     = "23456 Account CA G1"
          + key_algorithm              = "RSA"
          + elliptic_curve             = ""
          + key_size_in_bytes          = "2048"
          + scheduled_delete_date      = null
          + signature_algorithm        = "SHA256_WITH_RSA"
          + status                     = "DEPLOYED"
          + subject                    = "/C=US/O=Akamai Technologies, Inc./OU=23456 A-CCT1234 12345/CN=my-akamai-client-cert/"
          + validation                 = {
              + errors   = null
              + warnings = null
            }
          + version                    = 1
          + version_guid               = "1abcdef2-g34h-56ij7k-l89m-no0pqr12346"
        }
      + geography                     = "CORE"
      + key_algorithm                 = "RSA"
      + notification_emails           = [
          + "jsmith@example.com",
        ]
      + previous                      = null
      + secure_network                = "STANDARD_TLS"
      + signer                        = "AKAMAI"
      + subject                       = "/C=US/O=Akamai Technologies, Inc./OU=23456 A-CCT1234 12345/CN=my-akamai-client-cert/"
      + versions                      = null
    }
Changes to Outputs:
  + my-cert = {
      + certificate_id                = 987
      + certificate_name              = "my-third-party-client-cert"
      + created_by                    = "jsmith@example.com"
      + created_date                  = "2025-07-28T14:15:03Z"
      + current                       = {
          + certificate_block          = {
              + certificate   = <<-EOT
                    -----BEGIN CERTIFICATE-----
                    nMIID <sample - removed for readability> .... nMweq
                    -----END CERTIFICATE-----
                EOT
              + key_algorithm = "RSA"
              + trust_chain   = ""
            }
          + certificate_submitted_by   = "jsmith@example.com"
          + certificate_submitted_date = "2025-07-29T15:09:43Z"
          + created_by                 = "jsmith@example.com"
          + created_date               = "2025-07-28T14:15:04Z"
          + csr_block                  = {
              + csr           = <<-EOT
                    -----BEGIN CERTIFICATE REQUEST-----
                    nMIID <sample - removed for readability> .... nMweq
                    -----END CERTIFICATE REQUEST-----
                EOT
              + key_algorithm = "RSA"
            }
          + delete_requested_date      = null
          + expiry_date                = "2027-10-29T15:02:19Z"
          + issued_date                = "2025-07-29T15:02:19Z"
          + issuer                     = ""
          + key_algorithm              = "RSA"
          + elliptic_curve             = ""
          + key_size_in_bytes          = "2048"
          + properties                 = null
          + scheduled_delete_date      = null
          + signature_algorithm        = "SHA256_WITH_RSA"
          + status                     = "DEPLOYED"
          + subject                    = "/CN=my-third-party-client-cert/OU=23456 A-CCT1234 12345/O=Akamai Technologies, Inc./C=US/"
          + validation                 = {
              + errors   = null
              + warnings = null
            }
          + version                    = 1
          + version_guid               = "1abcdef2-g34h-56ij7k-l89m-no0pqr12346"
        }
      + geography                     = "CORE"
      + include_associated_properties = null
      + key_algorithm                 = "RSA"
      + notification_emails           = [
          + "jsmith@example.com",
        ]
      + previous                      = null
      + secure_network                = "STANDARD_TLS"
      + signer                        = "THIRD_PARTY"
      + subject                       = "/C=US/O=Akamai Technologies, Inc./OU=23456 A-CCT1234 12345/CN=my-third-party-client-cert/"
      + versions                      = [
          + {
              + certificate_block          = {
                  + certificate   = <<-EOT
                        -----BEGIN CERTIFICATE-----
                       nMIID <sample - removed for readability> .... nMweq
                        -----END CERTIFICATE-----
                    EOT
                  + key_algorithm = "RSA"
                  + trust_chain   = ""
                }
              + certificate_submitted_by   = "jsmith@example.com"
              + certificate_submitted_date = "2025-07-29T15:09:43Z"
              + created_by                 = "jsmith@example.com"
              + created_date               = "2025-07-28T14:15:04Z"
              + csr_block                  = {
                  + csr           = <<-EOT
                        -----BEGIN CERTIFICATE REQUEST-----
                        nMIID <sample - removed for readability> .... nMweq
                        -----END CERTIFICATE REQUEST-----
                    EOT
                  + key_algorithm = "RSA"
                }
              + delete_requested_date      = null
              + expiry_date                = "2027-10-29T15:02:19Z"
              + issued_date                = "2025-07-29T15:02:19Z"
              + issuer                     = ""
              + key_algorithm              = "RSA"
              + elliptic_curve             = ""
              + key_size_in_bytes          = "2048"
              + properties                 = null
              + scheduled_delete_date      = null
              + signature_algorithm        = "SHA256_WITH_RSA"
              + status                     = "DEPLOYED"
              + subject                    = "/CN=my-third-party-client-cert/OU=23456 A-CCT1234 12345/O=Akamai Technologies, Inc./C=US/"
              + validation                 = {
                  + errors   = null
                  + warnings = null
                }
              + version                    = 1
              + version_guid               = "9zyxwvu8-t76s-54r3q-p21on-m0lkj98i7654"
            },
        ]
    }

Arguments

Pass the certificate ID in the data block to get its details. Optionally, pass the include_associated_properties argument to include properties active on production linked to the client certificate's version.

ArgumentRequiredDescription
certificate_idYour client certificate's ID.
include_associated_propertiesWhen set to true, this also lists properties active on production linked to the client certificate's version.

Attributes

Returned to you are the details of the client certificate.

Attribute Description
certificate_id The client certificate's ID.
certificate_name A descriptive, human-readable name for the client certificate.
include_associated_properties When true, this lists properties active on production linked to the client certificate's version.
created_by The user that created the client certificate.
created_date The ISO 8601 timestamp indicating when the client certificate was created.
geography Your client certificate's deployment location. Possible values:
  • CORE. To specify worldwide deployment, including China and Russia.
  • RUSSIA_AND_CORE. To specify worldwide deployment and Russia.
  • CHINA_AND_CORE. To specify worldwide deployment and China.
Any non-core deployment must be enabled on your Akamai contract based on approval from the Chinese or Russian government.
key_algorithm The cryptographic algorithm used for key generation, either RSA or ECDSA.
notification_emails Email addresses of users that get notified about any issues with the client certificate.
secure_network The type of security on a deployment network. Possible values:
  • STANDARD_TLS. Not PCI compliant.
  • ENHANCED_TLS. PCI compliant.
subject The CA certificate’s key value details.
signer The signing entity of the client certificate. Possible values: AKAMAI or THIRD_PARTY.
current/previous Details of the current or previous client certificate version, containing an alias version. Includes:
  • version. The client certificate's version number.
  • version_guid. The client certificate's version ID. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior.
  • status. The client certificate's version status. Possible values:
    • AWAITING_SIGNED_CERTIFICATE
    • DEPLOYMENT_PENDING
    • DEPLOYED
    • DELETE_PENDING
  • expiry_date. The ISO 8601 timestamp indicating when the client certificate expires.
  • issuer. The signing entity of the client certificate version.
  • key_algorithm. The client certificate version's encryption algorithm, either RSA or ECDSA.
  • certificate_submitted_by. The user that uploaded the client certificate. Appears as null if not specified.
  • certificate_submitted_date. The ISO 8601 timestamp indicating when the client certificate was submitted. Appears as null if the certificate wasn't submitted.
  • created_by. The user that created the client certificate's version.
  • created_date. The ISO 8601 timestamp indicating when the client certificate's version was created.
  • delete_requested_date. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as null if the delete request wasn't made.
  • issued_date. The ISO 8601 timestamp indicating when the client certificate's version was issued.
  • elliptic_curve. The key elliptic curve when the ECDSA key algorithm is used.
  • key_size_in_bytes. The private key length of the client certificate version when the RSA key algorithm is used.
  • scheduled_delete_date. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as null if the schedule request wasn't made.
  • signature_algorithm. The algorithm that secures the data exchange between the edge server and the origin.
  • subject. The public key's entity stored in the client certificate version's subject public key field.
  • certificate_block. Details of the certificate block for the client certificate version. Contains:
    • certificate. A text representation of the client certificate in PEM format.
    • key_algorithm. The CA certificate's encryption algorithm. The only currently supported value is RSA.
    • trust_chain. A text representation of the trust chain in PEM format.
  • csr_block. Details of the certificate signing request (CSR) for the client certificate version. Contains:
    • csr. A text representation of the CSR in PEM format.
    • key_algorithm. The client certificate's encryption algorithm. The only currently supported value is RSA.
    Note: The csr_block attribute returns values only for the THIRD-PARTY client certificate.
  • properties. Properties active on production linked to the client certificate version. Each property record includes:
    • asset_id. An alternative ID for the property.
    • group_id. The group's ID.
    • property_name. The property's name.
    • property_version. The property's version number.
  • validation. Validation results for the client certificate version. Includes:
    • errors. Validation errors you need to resolve for the request to succeed. Each error record includes:
      • message. Details of the error.
      • reason. The root cause of the error.
      • type. The category of the error.
    • warnings. Validation warnings you can resolve. Each warning record includes:
      • message. Details of the warning.
      • reason. The root cause of the warning.
      • type. The category of the warning.
versions The client certificate's versions. Each version record contains:
  • version. The client certificate's version number.
  • version_guid. The client certificate's version ID. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior.
  • status. The client certificate's version status. Possible values:
    • AWAITING_SIGNED_CERTIFICATE
    • DEPLOYMENT_PENDING
    • DEPLOYED
    • DELETE_PENDING
  • expiry_date. The ISO 8601 timestamp indicating when the client certificate expires.
  • issuer. The signing entity of the client certificate version.
  • key_algorithm. The client certificate version's encryption algorithm, either RSA or ECDSA.
  • certificate_submitted_by. The user that uploaded the client certificate. Appears as null if not specified.
  • certificate_submitted_date. The ISO 8601 timestamp indicating when the client certificate was submitted. Appears as null if the certificate wasn't submitted.
  • created_by. The user that created the client certificate's version.
  • created_date. The ISO 8601 timestamp indicating when the client certificate's version was created.
  • delete_requested_date. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as null if the delete request wasn't made.
  • issued_date. The ISO 8601 timestamp indicating when the client certificate's version was issued.
  • elliptic_curve. The key elliptic curve when the ECDSA key algorithm is used.
  • key_size_in_bytes. The private key length of the client certificate version when the RSA key algorithm is used.
  • scheduled_delete_date. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as null if the schedule request wasn't made.
  • signature_algorithm. The algorithm that secures the data exchange between the edge server and the origin.
  • subject. The public key's entity stored in the client certificate version's subject public key field.
  • certificate_block. Details of the certificate block for the client certificate version. Contains:
    • certificate. A text representation of the client certificate in PEM format.
    • key_algorithm. The CA certificate's encryption algorithm. The only currently supported value is RSA.
    • trust_chain. A text representation of the trust chain in PEM format.
  • csr_block. Details of the certificate signing request (CSR) for the client certificate version. Contains:
    • csr. A text representation of the CSR in PEM format.
    • key_algorithm. The client certificate's encryption algorithm. The only currently supported value is RSA.
    Note: The csr_block attribute returns values only for the THIRD-PARTY client certificate.
  • properties. Properties active on production linked to the client certificate version. Each property record includes:
    • asset_id. An alternative ID for the property.
    • group_id. The group's ID.
    • property_name. The property's name.
    • property_version. The property's version number.
  • validation. Validation results for the client certificate version. Includes:
    • errors. Validation errors you need to resolve for the request to succeed. Each error record includes:
      • message. Details of the error.
      • reason. The root cause of the error.
      • type. The category of the error.
    • warnings. Validation warnings you can resolve. Each warning record includes:
      • message. Details of the warning.
      • reason. The root cause of the warning.
      • type. The category of the warning.