GuideReference
Guide

Akamai client certificate

akamai_mtlskeystore_client_certificate_akamai

Suggest Edits

📘

Hello. Just a note to let you know the underlying API on which this resource is built is general release and has been vetted, but because this is a new feature for our Terraform provider, we've given it beta label.

This status just means we've paused for a bit to get your feedback to make sure this resource works like you need and expect.

 Average processing time upon create  5–10 minutes

Create, update, or delete an Akamai-signed client certificate.

You can only update the certificate_name and notification_emails arguments in the resource.

📘

Running terraform destroy removes the resource immediately from your state file. Its status then changes to DELETE_PENDING for up to 24 hours before the resource is permanently deleted from the server. If you attempt to recreate the resource during this 24-hour window while the deletion is in progress, you receive an error.

resource "akamai_mtlskeystore_client_certificate_akamai" "my-akamai-client-cert" {
  certificate_name    = "my-akamai-client-cert"
  contract_id         = "C-0N7RAC7"
  group_id            = 12345
  geography           = "CORE"
  key_algorithm       = "RSA"
  notification_emails = ["jsmith@example.com"]
  secure_network      = "STANDARD_TLS"
}

Arguments

Send all the required arguments to create an Akamai-signed client certificate.

Argument Required Description
certificate_name A descriptive, human-readable name for your client certificate.
contract_id Your contract's ID.
group_id Your group's ID.
notification_emails Email addresses of users that get notified about any issues with the client certificate.
secure_network The type of security on a deployment network. Possible values:
  • STANDARD_TLS. Not PCI compliant.
  • ENHANCED_TLS. PCI compliant.
geography Your client certificate's deployment location. Possible values:
  • CORE. To specify worldwide deployment, including China and Russia.
  • RUSSIA_AND_CORE. To specify worldwide deployment and Russia.
  • CHINA_AND_CORE. To specify worldwide deployment and China.
Any non-core deployment must be enabled on your Akamai contract based on approval from the Chinese or Russian government.
key_algorithm The cryptographic algorithm used for key generation, either RSA or ECDSA. Defaults to RSA if not set.
subject Your CA certificate’s key value details. The CN attribute is required and can't exceed 64 characters. When null, the subject is constructed in this format: /C=US/O=Akamai Technologies, Inc./OU={vcd_id} {contract_id} {group_id}/CN={certificate_name}/.

Attributes

There is no default standard output. Upon creation, the last line of the process log contains a success message.

Adding an output block returns the client certificate's details that you provided on create and the computed attributes.

🚧

Setting an output on the entire resource may lead to unexpected plan differences after creation. This is because the API automatically rotates versions, which can add new ones over time without user intervention. As a result, future plans might show changes even if you haven't made any updates.

Attribute Description
certificate_id The client certificate's ID.
created_by The user that created the client certificate.
created_date The ISO 8601 timestamp indicating when the client certificate was created.
current_guid The current client certificate's version ID.
previous_guid The previous client certificate's version ID.
versions The client certificate's versions. Each version record contains:
  • version. The client certificate's version number.
  • version_guid. The client certificate's version ID. It corresponds to the current_guid or previous_guid. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior.
  • status. The client certificate's version status. Possible values:
    • DEPLOYMENT_PENDING
    • DEPLOYED
    • DELETE_PENDING
  • expiry_date. The ISO 8601 timestamp indicating when the client certificate expires.
  • issuer. The signing entity of the client certificate version.
  • key_algorithm. he client certificate version's encryption algorithm, either RSA or ECDSA.
  • created_by. The user that created the client certificate's version.
  • created_date. The ISO 8601 timestamp indicating when the client certificate's version was created.
  • delete_requested_date. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as null if the delete request wasn't made.
  • issued_date. The ISO 8601 timestamp indicating when the client certificate's version was issued.
  • elliptic_curve. The key elliptic curve when the ECDSA key algorithm is used.
  • key_size_in_bytes. The private key length of the client certificate version when the RSA key algorithm is used.
  • scheduled_delete_date. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as null if the schedule request wasn't made.
  • signature_algorithm. The algorithm that secures the data exchange between the edge server and the origin.
  • subject. The public key's entity stored in the client certificate version's subject public key field.
  • certificate_block. Details of the certificate block for the client certificate version. Contains:
    • certificate. A text representation of the client certificate in PEM format.
    • trust_chain. A text representation of the trust chain in PEM format.

Updated 2 days ago