Client certificate

akamai_mtlskeystore_client_certificate

📘
Beta
Hello. Just a note to let you know the underlying API on which this data source is built is general release and has been vetted, but because this is a new feature for our Terraform provider, we've given it beta label.
This status just means we've paused for a bit to get your feedback to make sure this data source works like you need and expect.

Get details of a client certificate with its versions.

data "akamai_mtlskeystore_client_certificate" "my-cert" {
  certificate_id = 123
}

output "my-cert" {
  value = data.akamai_mtlskeystore_client_certificate.my-cert
}

my-cert = {
  certificate_id                = 123
  certificate_name              = "my-akamai-client-cert"
  created_by                    = "jsmith@example.com"
  created_date                  = "2025-07-01T10:21:34Z"
  current                       = {
    certificate_block          = {
      certificate   = <<-EOT
        -----BEGIN CERTIFICATE-----
        nMIID <sample - removed for readability> .... nMweq
        -----END CERTIFICATE-----
      EOT
      key_algorithm = "RSA"
      trust_chain   = <<-EOT
        -----BEGIN CERTIFICATE-----
        nMIID <sample - removed for readability> .... nMweq
        -----END CERTIFICATE-----
      EOT
    }
    certificate_submitted_by   = null
    certificate_submitted_date = null
    created_by                 = "jsmith@example.com"
    created_date               = "2025-07-01T10:21:37Z"
    csr_block                  = null
    delete_requested_date      = null
    expiry_date                = "2025-10-01T10:21:36Z"
    issued_date                = "2025-07-01T10:21:36Z"
    issuer                     = "23456 Account CA G1"
    key_algorithm              = "RSA"
    elliptic_curve             = ""
    key_size_in_bytes          = "2048"
    scheduled_delete_date      = null
    signature_algorithm        = "SHA256_WITH_RSA"
    status                     = "DEPLOYED"
    subject                    = "/C=US/O=Akamai Technologies, Inc./OU=23456 A-CCT1234 12345/CN=my-akamai-client-cert/"
    validation                 = {
      errors   = null
      warnings = null
    }
    version                    = 1
    version_guid               = "1abcdef2-g34h-56ij7k-l89m-no0pqr12346"
  }
  geography                     = "CORE"
  key_algorithm                 = "RSA"
  notification_emails           = [
    "jsmith@example.com",
  ]
  previous                      = null
  secure_network                = "STANDARD_TLS"
  signer                        = "AKAMAI"
  subject                       = "/C=US/O=Akamai Technologies, Inc./OU=23456 A-CCT1234 12345/CN=my-akamai-client-cert/"
  versions                      = null
}

my-cert = {
  certificate_id                = 987
  certificate_name              = "my-third-party-client-cert"
  created_by                    = "jsmith@example.com"
  created_date                  = "2025-07-28T14:15:03Z"
  current                       = {
    certificate_block          = {
      certificate   = <<-EOT
        -----BEGIN CERTIFICATE-----
        nMIID <sample - removed for readability> .... nMweq
        -----END CERTIFICATE-----
      EOT
      key_algorithm = "RSA"
      trust_chain   = ""
    }
    certificate_submitted_by   = "jsmith@example.com"
    certificate_submitted_date = "2025-07-29T15:09:43Z"
    created_by                 = "jsmith@example.com"
    created_date               = "2025-07-28T14:15:04Z"
    csr_block                  = {
      csr           = <<-EOT
        -----BEGIN CERTIFICATE REQUEST-----
        nMIID <sample - removed for readability> .... nMweq
        -----END CERTIFICATE REQUEST-----
      EOT
      key_algorithm = "RSA"
    }
    delete_requested_date      = null
    expiry_date                = "2027-10-29T15:02:19Z"
    issued_date                = "2025-07-29T15:02:19Z"
    issuer                     = ""
    key_algorithm              = "RSA"
    elliptic_curve             = ""
    key_size_in_bytes          = "2048"
    properties                 = null
    scheduled_delete_date      = null
    signature_algorithm        = "SHA256_WITH_RSA"
    status                     = "DEPLOYED"
    subject                    = "/CN=my-third-party-client-cert/OU=23456 A-CCT1234 12345/O=Akamai Technologies, Inc./C=US/"
    validation                 = {
      errors   = null
      warnings = null
    }
    version                    = 1
    version_guid               = "1abcdef2-g34h-56ij7k-l89m-no0pqr12346"
  }
  geography                     = "CORE"
  include_associated_properties = null
  key_algorithm                 = "RSA"
  notification_emails           = [
    "jsmith@example.com",
  ]
  previous                      = null
  secure_network                = "STANDARD_TLS"
  signer                        = "THIRD_PARTY"
  subject                       = "/C=US/O=Akamai Technologies, Inc./OU=23456 A-CCT1234 12345/CN=my-third-party-client-cert/"
  versions                      = [
    {
      certificate_block          = {
        certificate   = <<-EOT
          -----BEGIN CERTIFICATE-----
          nMIID <sample - removed for readability> .... nMweq
          -----END CERTIFICATE-----
        EOT
        key_algorithm = "RSA"
        trust_chain   = ""
      }
      certificate_submitted_by   = "jsmith@example.com"
      certificate_submitted_date = "2025-07-29T15:09:43Z"
      created_by                 = "jsmith@example.com"
      created_date               = "2025-07-28T14:15:04Z"
      csr_block                  = {
        csr           = <<-EOT
          -----BEGIN CERTIFICATE REQUEST-----
          nMIID <sample - removed for readability> .... nMweq
          -----END CERTIFICATE REQUEST-----
        EOT
        key_algorithm = "RSA"
      }
      delete_requested_date      = null
      expiry_date                = "2027-10-29T15:02:19Z"
      issued_date                = "2025-07-29T15:02:19Z"
      issuer                     = ""
      key_algorithm              = "RSA"
      elliptic_curve             = ""
      key_size_in_bytes          = "2048"
      properties                 = null
      scheduled_delete_date      = null
      signature_algorithm        = "SHA256_WITH_RSA"
      status                     = "DEPLOYED"
      subject                    = "/CN=my-third-party-client-cert/OU=23456 A-CCT1234 12345/O=Akamai Technologies, Inc./C=US/"
      validation                 = {
        errors   = null
        warnings = null
      }
      version                    = 1
      version_guid               = "9zyxwvu8-t76s-54r3q-p21on-m0lkj98i7654"
    },
  ]
}

Arguments

Pass the certificate ID in the data block to get its details. Optionally, pass the include_associated_properties argument to include properties active on production linked to the client certificate's version.

Argument	Required	Description
`certificate_id`	✔	Your client certificate's ID.
`include_associated_properties`		When set to `true`, this also lists properties active on production linked to the client certificate's version.

Attributes

Returned to you are the details of the client certificate.

Attribute	Description
`certificate_id`	The client certificate's ID.
`certificate_name`	A descriptive, human-readable name for the client certificate.
`include_associated_properties`	When `true`, this lists properties active on production linked to the client certificate's version.
`created_by`	The user that created the client certificate.
`created_date`	The ISO 8601 timestamp indicating when the client certificate was created.
`geography`	Your client certificate's deployment location. Possible values: `CORE`. To specify worldwide deployment, including China and Russia. `RUSSIA_AND_CORE`. To specify worldwide deployment and Russia. `CHINA_AND_CORE`. To specify worldwide deployment and China. Any non-core deployment must be enabled on your Akamai contract based on approval from the Chinese or Russian government.
`key_algorithm`	The cryptographic algorithm used for key generation, either `RSA` or `ECDSA`.
`notification_emails`	Email addresses of users that get notified about any issues with the client certificate.
`secure_network`	The type of security on a deployment network. Possible values: `STANDARD_TLS`. Not PCI compliant. `ENHANCED_TLS`. PCI compliant.
`subject`	The CA certificate’s key value details.
`signer`	The signing entity of the client certificate. Possible values: `AKAMAI` or `THIRD_PARTY`.
`current`/`previous`	Details of the current or previous client certificate version, containing an alias version. Includes: `version`. The client certificate's version number. `version_guid`. The client certificate's version ID. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior. `status`. The client certificate's version status. Possible values: `AWAITING_SIGNED_CERTIFICATE` `DEPLOYMENT_PENDING` `DEPLOYED` `DELETE_PENDING` `expiry_date`. The ISO 8601 timestamp indicating when the client certificate expires. `issuer`. The signing entity of the client certificate version. `key_algorithm`. The client certificate version's encryption algorithm, either `RSA` or `ECDSA`. `certificate_submitted_by`. The user that uploaded the client certificate. Appears as `null` if not specified. `certificate_submitted_date`. The ISO 8601 timestamp indicating when the client certificate was submitted. Appears as `null` if the certificate wasn't submitted. `created_by`. The user that created the client certificate's version. `created_date`. The ISO 8601 timestamp indicating when the client certificate's version was created. `delete_requested_date`. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as `null` if the delete request wasn't made. `issued_date`. The ISO 8601 timestamp indicating when the client certificate's version was issued. `elliptic_curve`. The key elliptic curve when the `ECDSA` key algorithm is used. `key_size_in_bytes`. The private key length of the client certificate version when the `RSA` key algorithm is used. `scheduled_delete_date`. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as `null` if the schedule request wasn't made. `signature_algorithm`. The algorithm that secures the data exchange between the edge server and the origin. `subject`. The public key's entity stored in the client certificate version's subject public key field. `certificate_block`. Details of the certificate block for the client certificate version. Contains: `certificate`. A text representation of the client certificate in PEM format. `key_algorithm`. The CA certificate's encryption algorithm. The only currently supported value is `RSA`. `trust_chain`. A text representation of the trust chain in PEM format. `csr_block`. Details of the certificate signing request (CSR) for the client certificate version. Contains: `csr`. A text representation of the CSR in PEM format. `key_algorithm`. The client certificate's encryption algorithm. The only currently supported value is `RSA`. Note: The `csr_block` attribute returns values only for the `THIRD-PARTY` client certificate. `properties`. Properties active on production linked to the client certificate version. Each property record includes: `asset_id`. An alternative ID for the property. `group_id`. The group's ID. `property_name`. The property's name. `property_version`. The property's version number. `validation`. Validation results for the client certificate version. Includes: `errors`. Validation errors you need to resolve for the request to succeed. Each error record includes: `message`. Details of the error. `reason`. The root cause of the error. `type`. The category of the error. `warnings`. Validation warnings you can resolve. Each warning record includes: `message`. Details of the warning. `reason`. The root cause of the warning. `type`. The category of the warning.
`versions`	The client certificate's versions. Each version record contains: `version`. The client certificate's version number. `version_guid`. The client certificate's version ID. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior. `status`. The client certificate's version status. Possible values: `AWAITING_SIGNED_CERTIFICATE` `DEPLOYMENT_PENDING` `DEPLOYED` `DELETE_PENDING` `expiry_date`. The ISO 8601 timestamp indicating when the client certificate expires. `issuer`. The signing entity of the client certificate version. `key_algorithm`. The client certificate version's encryption algorithm, either `RSA` or `ECDSA`. `certificate_submitted_by`. The user that uploaded the client certificate. Appears as `null` if not specified. `certificate_submitted_date`. The ISO 8601 timestamp indicating when the client certificate was submitted. Appears as `null` if the certificate wasn't submitted. `created_by`. The user that created the client certificate's version. `created_date`. The ISO 8601 timestamp indicating when the client certificate's version was created. `delete_requested_date`. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as `null` if the delete request wasn't made. `issued_date`. The ISO 8601 timestamp indicating when the client certificate's version was issued. `elliptic_curve`. The key elliptic curve when the `ECDSA` key algorithm is used. `key_size_in_bytes`. The private key length of the client certificate version when the `RSA` key algorithm is used. `scheduled_delete_date`. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as `null` if the schedule request wasn't made. `signature_algorithm`. The algorithm that secures the data exchange between the edge server and the origin. `subject`. The public key's entity stored in the client certificate version's subject public key field. `certificate_block`. Details of the certificate block for the client certificate version. Contains: `certificate`. A text representation of the client certificate in PEM format. `key_algorithm`. The CA certificate's encryption algorithm. The only currently supported value is `RSA`. `trust_chain`. A text representation of the trust chain in PEM format. `csr_block`. Details of the certificate signing request (CSR) for the client certificate version. Contains: `csr`. A text representation of the CSR in PEM format. `key_algorithm`. The client certificate's encryption algorithm. The only currently supported value is `RSA`. Note: The `csr_block` attribute returns values only for the `THIRD-PARTY` client certificate. `properties`. Properties active on production linked to the client certificate version. Each property record includes: `asset_id`. An alternative ID for the property. `group_id`. The group's ID. `property_name`. The property's name. `property_version`. The property's version number. `validation`. Validation results for the client certificate version. Includes: `errors`. Validation errors you need to resolve for the request to succeed. Each error record includes: `message`. Details of the error. `reason`. The root cause of the error. `type`. The category of the error. `warnings`. Validation warnings you can resolve. Each warning record includes: `message`. Details of the warning. `reason`. The root cause of the warning. `type`. The category of the warning.

Updated 16 days ago

📘Beta

Arguments

Attributes

📘
Beta