GuideReference
Guide

Third-party client certificate

akamai_mtlskeystore_client_certificate_third_party

Suggest Edits

📘

Hello. Just a note to let you know the underlying API on which this resource is built is general release and has been vetted, but because this is a new feature for our Terraform provider, we've given it beta label.

This status just means we've paused for a bit to get your feedback to make sure this resource works like you need and expect.

Create, update, or delete a third-party client certificate.

You can only update the certificate_name and notification_emails arguments, as well as add or delete entries in the versions argument in the resource.

📘

Running terraform destroy removes the resource immediately from your state file. Its status then changes to DELETE_PENDING for up to 24 hours before the resource is permanently deleted from the server. If you attempt to recreate the resource during this 24-hour window while the deletion is in progress, you receive an error.

resource "akamai_mtlskeystore_client_certificate_third_party" "my-third-party-client-cert" {
  certificate_name    = "my-third-party-client-cert"
  contract_id         = "C-0N7RAC7"
  group_id            = 12345
  geography           = "CORE"
  key_algorithm       = "RSA"
  notification_emails = ["jsmith@example.com"]
  secure_network      = "STANDARD_TLS"
  versions = {
    "my-client-cert-v1" = {},
    "my-client-cert-v2" = {}
  }
}

Arguments

Send all the required arguments to create a third-party client certificate.

Argument Required Description
certificate_name A descriptive, human-readable name for your client certificate.
contract_id Your contract's ID.
group_id Your group's ID.
notification_emails Email addresses of users that get notified about any issues with the client certificate.
secure_network The type of security on a deployment network. Possible values:
  • STANDARD_TLS. Not PCI compliant.
  • ENHANCED_TLS. PCI compliant.
geography Your client certificate's deployment location. Possible values:
  • CORE. To specify worldwide deployment, including China and Russia.
  • RUSSIA_AND_CORE. To specify worldwide deployment and Russia.
  • CHINA_AND_CORE. To specify worldwide deployment and China.
Any non-core deployment must be enabled on your Akamai contract based on approval from the Chinese or Russian government.
versions A map of user-defined identifiers as keys and client certificate versions as values. Each version represents a specific iteration of the client certificate. The identifier helps you manage the client certificate versions, for example, when rotating or deleting a version. You can have up to five versions.
key_algorithm The cryptographic algorithm used for key generation, either RSA or ECDSA. Defaults to RSA if not set.
subject Your CA certificate’s key value details. The CN attribute is required and can't exceed 64 characters. When null, the subject is constructed in this format: /C=US/O=Akamai Technologies, Inc./OU={vcd_id} {contract_id} {group_id}/CN={certificate_name}/.

Attributes

There is no default standard output. Upon creation, the last line of the process log contains a success message.

Adding an output block returns the third-party client certificate's details you provided on create and the computed attributes.

🚧

Setting an output on the entire resource may lead to unexpected plan differences after uploading a signed client certificate. This is due to the API's handling process for certificate version updates, which may result in modifications to the certificate details during the update.

Attribute Description
certificate_id The client certificate's ID.
versions The client certificate's versions. Each version record contains:
  • version. The client certificate's version number.
  • version_guid. The client certificate's version ID. Use this argument's value to configure the mutual authentication (mTLS) session between the origin and edge servers in Property Manager's mTLS Origin Keystore behavior.
  • status. The client certificate's version status. Possible values:
    • AWAITING_SIGNED_CERTIFICATE
    • DEPLOYMENT_PENDING
    • DEPLOYED
    • DELETE_PENDING
  • expiry_date. The ISO 8601 timestamp indicating when the client certificate expires.
  • issuer. The signing entity of the client certificate version.
  • key_algorithm. The client certificate version's encryption algorithm, either RSA or ECDSA.
  • certificate_submitted_by. The user that uploaded the client certificate. Appears as null if not specified.
  • certificate_submitted_date. The ISO 8601 timestamp indicating when the client certificate was submitted. Appears as null if the certificate wasn't submitted.
  • created_by. The user that created the client certificate's version.
  • created_date. The ISO 8601 timestamp indicating when the client certificate's version was created.
  • delete_requested_date. The ISO 8601 timestamp indicating when the request for deleting the client certificate's version was submitted. Appears as null if the delete request wasn't made.
  • issued_date. The ISO 8601 timestamp indicating when the client certificate's version was issued.
  • elliptic_curve. The key elliptic curve when the ECDSA key algorithm is used.
  • key_size_in_bytes. The private key length of the client certificate version when the RSA key algorithm is used.
  • scheduled_delete_date. The ISO 8601 timestamp indicating when the client certificate's version is scheduled for deletion. Appears as null if the schedule request wasn't made.
  • signature_algorithm. The algorithm that secures the data exchange between the edge server and the origin.
  • subject. The public key's entity stored in the client certificate version's subject public key field.
  • certificate_block. Details of the certificate block for the client certificate version. Contains:
    • certificate. A text representation of the client certificate in PEM format.
    • trust_chain. A text representation of the trust chain in PEM format.
  • csr_block. Details of the certificate signing request (CSR) for the client certificate version. Contains:
    • csr. A text representation of the CSR in PEM format.
    • key_algorithm. The client certificate's encryption algorithm. The only currently supported value is RSA.

Updated 2 days ago