Skip to content

certificate.md

Latest commit

 

History

History
71 lines (51 loc) · 2.86 KB

certificate.md

File metadata and controls

71 lines (51 loc) · 2.86 KB
page_title tls_certificate Data Source - terraform-provider-tls
subcategory
description Get information about the TLS certificates securing a host. Use this data source to get information, such as SHA1 fingerprint or serial number, about the TLS certificates that protects a URL.

tls_certificate (Data Source)

Get information about the TLS certificates securing a host.

Use this data source to get information, such as SHA1 fingerprint or serial number, about the TLS certificates that protects a URL.

Example Usage

resource "aws_eks_cluster" "example" {
  name = "example"
}

data "tls_certificate" "example" {
  url = aws_eks_cluster.example.identity[0].oidc[0].issuer
}

resource "aws_iam_openid_connect_provider" "example" {
  client_id_list  = ["sts.amazonaws.com"]
  thumbprint_list = [data.tls_certificate.example.certificates[0].sha1_fingerprint]
  url             = aws_eks_cluster.example.identity[0].oidc[0].issuer
}

Schema

Required

  • url (String) The URL of the website to get the certificates from.

Optional

  • verify_chain (Boolean) Whether to verify the certificate chain while parsing it or not (default: true).

Read-Only

  • id (String) Unique identifier of this data source: randomly generated string (UTC time when data source was read).
  • certificates (List of Object) The certificates protecting the site, with the root of the chain first. (see below for nested schema)

Nested Schema for certificates

Read-Only:

  • is_ca (Boolean) true if the certificate is of a CA (Certificate Authority).
  • issuer (String) Who verified and signed the certificate, roughly following RFC2253.
  • not_after (String) The time until which the certificate is invalid, as an RFC3339 timestamp.
  • not_before (String) The time after which the certificate is valid, as an RFC3339 timestamp.
  • public_key_algorithm (String) The key algorithm used to create the certificate.
  • serial_number (String) Number that uniquely identifies the certificate with the CA's system. The format function can be used to convert this base 10 number into other bases, such as hex.
  • sha1_fingerprint (String) The SHA1 fingerprint of the public key of the certificate.
  • signature_algorithm (String) The algorithm used to sign the certificate.
  • subject (String) The entity the certificate belongs to, roughly following RFC2253.
  • version (Number) The version the certificate is in.