Third-party client certificate

Create, update, or delete a third-party client certificate.

You can only update the certificate_name and notification_emails arguments, as well as add or delete entries in the versions argument in the resource.

📘
Running terraform destroy removes the resource immediately from your state file. Its status then changes to DELETE_PENDING for up to 24 hours before the resource is permanently deleted from the server. If you attempt to recreate the resource during this 24-hour window while the deletion is in progress, you receive an error.

resource "akamai_mtlskeystore_client_certificate_third_party" "my-third-party-client-cert" {
  certificate_name    = "my-third-party-client-cert"
  contract_id         = "C-0N7RAC7"
  group_id            = 12345
  geography           = "CORE"
  key_algorithm       = "RSA"
  notification_emails = ["jsmith@example.com"]
  secure_network      = "STANDARD_TLS"
  versions = {
    "my-client-cert-v1" = {},
    "my-client-cert-v2" = {}
  }
}

Arguments

Send all the required arguments to create a third-party client certificate.

Argument	Required	Description
`certificate_name`	✔	A descriptive, human-readable name for your client certificate.
`contract_id`	✔	Your contract's ID.
`group_id`	✔	Your group's ID.
`notification_emails`	✔	Email addresses of users that get notified about any issues with the client certificate.
`secure_network`	✔	The type of security on a deployment network. Possible values: `STANDARD_TLS`. Not PCI compliant. `ENHANCED_TLS`. PCI compliant.
`geography`	✔	Your client certificate's deployment location. Possible values: `CORE`. To specify worldwide deployment, including China and Russia. `RUSSIA_AND_CORE`. To specify worldwide deployment and Russia. `CHINA_AND_CORE`. To specify worldwide deployment and China. Any non-core deployment must be enabled on your Akamai contract based on approval from the Chinese or Russian government.
`versions`	✔	A map of user-defined identifiers as keys and client certificate versions as values. Each version represents a specific iteration of the client certificate. The identifier helps you manage the client certificate versions, for example, when rotating or deleting a version. You can have up to five versions.
`key_algorithm`		The cryptographic algorithm used for key generation, either `RSA` or `ECDSA`. Defaults to `RSA` if not set.
`subject`		Your CA certificate’s key value details. The subject must begin and end with a forward slash (`/`). The `CN` (common name) attribute is required and can't exceed 64 characters. The `C` (country) attribute must be a valid two-letter ISO country code representing the country of the organization or individual that owns the domain or server for which the certificate is issued. When `null`, the subject is auto-generated in this format: `/C=US/O=Akamai Technologies, Inc./OU={vcdId}{contractId}{groupId}/CN={certificateName}/`.

Attributes

There is no default standard output. Upon creation, the last line of the process log contains a success message.

Adding an output block returns the third-party client certificate's details you provided on create and the computed attributes.

🚧
Setting an output on the entire resource may lead to unexpected plan differences after uploading a signed client certificate. This is due to the API's handling process for certificate version updates, which may result in modifications to the certificate details during the update.

Attribute	Description
`certificate_id`	The client certificate's ID.
`created_by`	The user that created the client certificate.
`created_date`	The ISO 8601 timestamp indicating when the client certificate was created.
`versions`	The client certificate's versions. Each version record contains: `version`. The client certificate's version number. `version_guid`. The client certificate's version ID. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior. `status`. The client certificate's version status. Possible values: `AWAITING_SIGNED_CERTIFICATE` `DEPLOYMENT_PENDING` `DEPLOYED` `DELETE_PENDING` `expiry_date`. The ISO 8601 timestamp indicating when the client certificate expires. `issuer`. The signing entity of the client certificate version. `key_algorithm`. The client certificate version's encryption algorithm, either `RSA` or `ECDSA`. `certificate_submitted_by`. The user that uploaded the client certificate. Appears as `null` if not specified. `certificate_submitted_date`. The ISO 8601 timestamp indicating when the client certificate was submitted. Appears as `null` if the certificate wasn't submitted. `created_by`. The user that created the client certificate's version. `created_date`. The ISO 8601 timestamp indicating when the client certificate's version was created. `delete_requested_date`. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as `null` if the delete request wasn't made. `issued_date`. The ISO 8601 timestamp indicating when the client certificate's version was issued. `elliptic_curve`. The key elliptic curve when the `ECDSA` key algorithm is used. `key_size_in_bytes`. The private key length of the client certificate version when the `RSA` key algorithm is used. `scheduled_delete_date`. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as `null` if the schedule request wasn't made. `signature_algorithm`. The algorithm that secures the data exchange between the edge server and the origin. `subject`. The public key's entity stored in the client certificate version's subject public key field. `certificate_block`. Details of the certificate block for the client certificate version. Contains: `certificate`. A text representation of the client certificate in PEM format. `trust_chain`. A text representation of the trust chain in PEM format. `csr_block`. Details of the certificate signing request (CSR) for the client certificate version. Contains: `csr`. A text representation of the CSR in PEM format. `key_algorithm`. The client certificate's encryption algorithm. The only currently supported value is `RSA`.

Updated 3 months ago