Third-party client certificate

akamai_mtlskeystore_client_certificate_third_party

📘
Hello. Just a note to let you know the underlying API on which this resource is built is general release and has been vetted, but because this is a new feature for our Terraform provider, we've given it beta label.
This status just means we've paused for a bit to get your feedback to make sure this resource works like you need and expect.

Create, update, or delete a third-party client certificate.

You can only update the certificate_name and notification_emails arguments, as well as add or delete entries in the versions argument in the resource.

📘
Running terraform destroy removes the resource immediately from your state file. Its status then changes to PENDING_DELETION for up to 24 hours before the resource is permanently deleted from the server. If you attempt to recreate the resource during this 24-hour window while the deletion is in progress, you receive an error.

resource "akamai_mtlskeystore_client_certificate_third_party" "my-third-party-client-cert" {
  certificate_name    = "my-third-party-client-cert"
  contract_id         = "C-0N7RAC7"
  group_id            = 12345
  geography           = "CORE"
  key_algorithm       = "RSA"
  notification_emails = ["jsmith@example.com"]
  secure_network      = "STANDARD_TLS"
  versions = {
    "my-client-cert-v1" = {},
    "my-client-cert-v2" = {}
  }
}

Arguments

Send all the required arguments to create a third-party client certificate.

Argument	Required	Description
`certificate_name`	✔	A descriptive, human-readable name for your client certificate.
`contract_id`	✔	Your contract's ID.
`group_id`	✔	Your group's ID.
`notification_emails`	✔	Email addresses of users that get notified about any issues with the client certificate.
`secure_network`	✔	The type of security on a deployment network. Possible values: `STANDARD_TLS`. Not PCI compliant. `ENHANCED_TLS`. PCI compliant.
`geography`	✔	Your client certificate's deployment location. Possible values: `CORE`. To specify worldwide deployment, including China and Russia. `RUSSIA_AND_CORE`. To specify worldwide deployment and Russia. `CHINA_AND_CORE`. To specify worldwide deployment and China. Any non-core deployment must be enabled on your Akamai contract based on approval from the Chinese or Russian government.
`versions`	✔	A map of user-defined identifiers as keys and client certificate versions as values. Each version represents a specific iteration of the client certificate. The identifier helps you manage the client certificate versions, for example, when rotating or deleting a version. You can have up to five versions.
`key_algorithm`		The cryptographic algorithm used for key generation, either `RSA` or `ECDSA`. Defaults to `RSA` if not set.
`subject`		Your CA certificate’s key value details. The `CN` attribute is required and can't exceed 64 characters. When `null`, the subject is constructed in this format: `/C=US/O=Akamai Technologies, Inc./OU={vcd_id} {contract_id} {group_id}/CN={certificate_name}/`.

Attributes

There is no default standard output. Upon creation, the last line of the process log contains a success message.

Adding an output block returns the third-party client certificate's details you provided on create and the computed attributes.

🚧
Setting an output on the entire resource may lead to unexpected plan differences after uploading a signed client certificate. This is due to the API's handling process for certificate version updates, which may result in modifications to the certificate details during the update.

Attribute Description

certificate_id The client certificate's ID.

Attribute	Description
`certificate_id`	The client certificate's ID.
`versions`	The client certificate's versions. Each version record contains: `version`. The client certificate's version number. `version_guid`. The client certificate's version ID. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior. `status`. The client certificate's version status. Possible values: `AWAITING_SIGNED_CERTIFICATE` `DEPLOYMENT_PENDING` `DEPLOYED` `DELETE_PENDING` `expiry_date`. The ISO 8601 timestamp indicating when the client certificate expires. `issuer`. The signing entity of the client certificate version. `key_algorithm`. The client certificate version's encryption algorithm, either `RSA` or `ECDSA`. `certificate_submitted_by`. The user that uploaded the client certificate. Appears as `null` if not specified. `certificate_submitted_date`. The ISO 8601 timestamp indicating when the client certificate was submitted. Appears as `null` if the certificate wasn't submitted. `created_by`. The user that created the client certificate's version. `created_date`. The ISO 8601 timestamp indicating when the client certificate's version was created. `delete_requested_date`. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as `null` if the delete request wasn't made. `issued_date`. The ISO 8601 timestamp indicating when the client certificate's version was issued. `elliptic_curve`. The key elliptic curve when the `ECDSA` key algorithm is used. `key_size_in_bytes`. The private key length of the client certificate version when the `RSA` key algorithm is used. `scheduled_delete_date`. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as `null` if the schedule request wasn't made. `signature_algorithm`. The algorithm that secures the data exchange between the edge server and the origin. `subject`. The public key's entity stored in the client certificate version's subject public key field. `certificate_block`. Details of the certificate block for the client certificate version. Contains: `certificate`. A text representation of the client certificate in PEM format. `trust_chain`. A text representation of the trust chain in PEM format. `csr_block`. Details of the certificate signing request (CSR) for the client certificate version. Contains: `csr`. A text representation of the CSR in PEM format. `key_algorithm`. The client certificate's encryption algorithm. The only currently supported value is `RSA`.

versions

The client certificate's versions. Each version record contains:

version. The client certificate's version number.
version_guid. The client certificate's version ID. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior.
status. The client certificate's version status. Possible values:
- AWAITING_SIGNED_CERTIFICATE
- DEPLOYMENT_PENDING
- DEPLOYED
- DELETE_PENDING
expiry_date. The ISO 8601 timestamp indicating when the client certificate expires.
issuer. The signing entity of the client certificate version.
key_algorithm. The client certificate version's encryption algorithm, either RSA or ECDSA.
certificate_submitted_by. The user that uploaded the client certificate. Appears as null if not specified.
certificate_submitted_date. The ISO 8601 timestamp indicating when the client certificate was submitted. Appears as null if the certificate wasn't submitted.
created_by. The user that created the client certificate's version.
created_date. The ISO 8601 timestamp indicating when the client certificate's version was created.
delete_requested_date. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as null if the delete request wasn't made.
issued_date. The ISO 8601 timestamp indicating when the client certificate's version was issued.
elliptic_curve. The key elliptic curve when the ECDSA key algorithm is used.
key_size_in_bytes. The private key length of the client certificate version when the RSA key algorithm is used.
scheduled_delete_date. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as null if the schedule request wasn't made.
signature_algorithm. The algorithm that secures the data exchange between the edge server and the origin.
subject. The public key's entity stored in the client certificate version's subject public key field.
certificate_block. Details of the certificate block for the client certificate version. Contains:
- certificate. A text representation of the client certificate in PEM format.
- trust_chain. A text representation of the trust chain in PEM format.
csr_block. Details of the certificate signing request (CSR) for the client certificate version. Contains:
- csr. A text representation of the CSR in PEM format.
- key_algorithm. The client certificate's encryption algorithm. The only currently supported value is RSA.

Updated 3 days ago