tls.getCertificate

Start a Neo task

Explain and create a tls.getCertificate resource

TLS v5.2.2 published on Tuesday, Sep 2, 2025 by Pulumi

pulumi/pulumi-tls

Using getCertificate

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCertificate(args: GetCertificateArgs, opts?: InvokeOptions): Promise<GetCertificateResult>
function getCertificateOutput(args: GetCertificateOutputArgs, opts?: InvokeOptions): Output<GetCertificateResult>

def get_certificate(content: Optional[str] = None,
                    url: Optional[str] = None,
                    verify_chain: Optional[bool] = None,
                    opts: Optional[InvokeOptions] = None) -> GetCertificateResult
def get_certificate_output(content: Optional[pulumi.Input[str]] = None,
                    url: Optional[pulumi.Input[str]] = None,
                    verify_chain: Optional[pulumi.Input[bool]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetCertificateResult]

func GetCertificate(ctx *Context, args *GetCertificateArgs, opts ...InvokeOption) (*GetCertificateResult, error)
func GetCertificateOutput(ctx *Context, args *GetCertificateOutputArgs, opts ...InvokeOption) GetCertificateResultOutput

> Note: This function is named GetCertificate in the Go SDK.

public static class GetCertificate 
{
    public static Task<GetCertificateResult> InvokeAsync(GetCertificateArgs args, InvokeOptions? opts = null)
    public static Output<GetCertificateResult> Invoke(GetCertificateInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetCertificateResult> getCertificate(GetCertificateArgs args, InvokeOptions options)
public static Output<GetCertificateResult> getCertificate(GetCertificateArgs args, InvokeOptions options)

fn::invoke:
  function: tls:index/getCertificate:getCertificate
  arguments:
    # arguments dictionary

The following arguments are supported:

Content string: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
Url string: The URL of the website to get the certificates from. Cannot be used with content.
VerifyChain bool: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

Content string: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
Url string: The URL of the website to get the certificates from. Cannot be used with content.
VerifyChain bool: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

content String: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
url String: The URL of the website to get the certificates from. Cannot be used with content.
verifyChain Boolean: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

content string: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
url string: The URL of the website to get the certificates from. Cannot be used with content.
verifyChain boolean: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

content str: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
url str: The URL of the website to get the certificates from. Cannot be used with content.
verify_chain bool: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

content String: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
url String: The URL of the website to get the certificates from. Cannot be used with content.
verifyChain Boolean: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

getCertificate Result

The following output properties are available:

Certificates List<GetCertificateCertificate>: The certificates protecting the site, with the root of the chain first.
Id string: Unique identifier of this data source: hashing of the certificates in the chain.
Content string: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
Url string: The URL of the website to get the certificates from. Cannot be used with content.
VerifyChain bool: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

Certificates []GetCertificateCertificate: The certificates protecting the site, with the root of the chain first.
Id string: Unique identifier of this data source: hashing of the certificates in the chain.
Content string: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
Url string: The URL of the website to get the certificates from. Cannot be used with content.
VerifyChain bool: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

certificates List<GetCertificateCertificate>: The certificates protecting the site, with the root of the chain first.
id String: Unique identifier of this data source: hashing of the certificates in the chain.
content String: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
url String: The URL of the website to get the certificates from. Cannot be used with content.
verifyChain Boolean: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

certificates GetCertificateCertificate[]: The certificates protecting the site, with the root of the chain first.
id string: Unique identifier of this data source: hashing of the certificates in the chain.
content string: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
url string: The URL of the website to get the certificates from. Cannot be used with content.
verifyChain boolean: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

certificates Sequence[GetCertificateCertificate]: The certificates protecting the site, with the root of the chain first.
id str: Unique identifier of this data source: hashing of the certificates in the chain.
content str: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
url str: The URL of the website to get the certificates from. Cannot be used with content.
verify_chain bool: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

certificates List<Property Map>: The certificates protecting the site, with the root of the chain first.
id String: Unique identifier of this data source: hashing of the certificates in the chain.
content String: The content of the certificate in PEM (RFC 1421) format. Cannot be used with url.
url String: The URL of the website to get the certificates from. Cannot be used with content.
verifyChain Boolean: Whether to verify the certificate chain while parsing it or not (default: true). Cannot be used with content.

Supporting Types

GetCertificateCertificate

CertPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
IsCa bool: true if the certificate is of a CA (Certificate Authority).
Issuer string: Who verified and signed the certificate, roughly following RFC2253.
NotAfter string: The time until which the certificate is invalid, as an RFC3339 timestamp.
NotBefore string: The time after which the certificate is valid, as an RFC3339 timestamp.
PublicKeyAlgorithm string: The key algorithm used to create the certificate.
SerialNumber string: Number that uniquely identifies the certificate with the CA's system. The format function can be used to convert this base 10 number into other bases, such as hex.
Sha1Fingerprint string: The SHA1 fingerprint of the public key of the certificate.
SignatureAlgorithm string: The algorithm used to sign the certificate.
Subject string: The entity the certificate belongs to, roughly following RFC2253.
Version int: The version the certificate is in.

CertPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
IsCa bool: true if the certificate is of a CA (Certificate Authority).
Issuer string: Who verified and signed the certificate, roughly following RFC2253.
NotAfter string: The time until which the certificate is invalid, as an RFC3339 timestamp.
NotBefore string: The time after which the certificate is valid, as an RFC3339 timestamp.
PublicKeyAlgorithm string: The key algorithm used to create the certificate.
SerialNumber string: Number that uniquely identifies the certificate with the CA's system. The format function can be used to convert this base 10 number into other bases, such as hex.
Sha1Fingerprint string: The SHA1 fingerprint of the public key of the certificate.
SignatureAlgorithm string: The algorithm used to sign the certificate.
Subject string: The entity the certificate belongs to, roughly following RFC2253.
Version int: The version the certificate is in.

certPem String: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
isCa Boolean: true if the certificate is of a CA (Certificate Authority).
issuer String: Who verified and signed the certificate, roughly following RFC2253.
notAfter String: The time until which the certificate is invalid, as an RFC3339 timestamp.
notBefore String: The time after which the certificate is valid, as an RFC3339 timestamp.
publicKeyAlgorithm String: The key algorithm used to create the certificate.
serialNumber String: Number that uniquely identifies the certificate with the CA's system. The format function can be used to convert this base 10 number into other bases, such as hex.
sha1Fingerprint String: The SHA1 fingerprint of the public key of the certificate.
signatureAlgorithm String: The algorithm used to sign the certificate.
subject String: The entity the certificate belongs to, roughly following RFC2253.
version Integer: The version the certificate is in.

certPem string: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
isCa boolean: true if the certificate is of a CA (Certificate Authority).
issuer string: Who verified and signed the certificate, roughly following RFC2253.
notAfter string: The time until which the certificate is invalid, as an RFC3339 timestamp.
notBefore string: The time after which the certificate is valid, as an RFC3339 timestamp.
publicKeyAlgorithm string: The key algorithm used to create the certificate.
serialNumber string: Number that uniquely identifies the certificate with the CA's system. The format function can be used to convert this base 10 number into other bases, such as hex.
sha1Fingerprint string: The SHA1 fingerprint of the public key of the certificate.
signatureAlgorithm string: The algorithm used to sign the certificate.
subject string: The entity the certificate belongs to, roughly following RFC2253.
version number: The version the certificate is in.

cert_pem str: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
is_ca bool: true if the certificate is of a CA (Certificate Authority).
issuer str: Who verified and signed the certificate, roughly following RFC2253.
not_after str: The time until which the certificate is invalid, as an RFC3339 timestamp.
not_before str: The time after which the certificate is valid, as an RFC3339 timestamp.
public_key_algorithm str: The key algorithm used to create the certificate.
serial_number str: Number that uniquely identifies the certificate with the CA's system. The format function can be used to convert this base 10 number into other bases, such as hex.
sha1_fingerprint str: The SHA1 fingerprint of the public key of the certificate.
signature_algorithm str: The algorithm used to sign the certificate.
subject str: The entity the certificate belongs to, roughly following RFC2253.
version int: The version the certificate is in.

certPem String: Certificate data in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a \n at the end of the PEM. In case this disrupts your use case, we recommend using trimspace().
isCa Boolean: true if the certificate is of a CA (Certificate Authority).
issuer String: Who verified and signed the certificate, roughly following RFC2253.
notAfter String: The time until which the certificate is invalid, as an RFC3339 timestamp.
notBefore String: The time after which the certificate is valid, as an RFC3339 timestamp.
publicKeyAlgorithm String: The key algorithm used to create the certificate.
serialNumber String: Number that uniquely identifies the certificate with the CA's system. The format function can be used to convert this base 10 number into other bases, such as hex.
sha1Fingerprint String: The SHA1 fingerprint of the public key of the certificate.
signatureAlgorithm String: The algorithm used to sign the certificate.
subject String: The entity the certificate belongs to, roughly following RFC2253.
version Number: The version the certificate is in.

Package Details

Repository: TLS pulumi/pulumi-tls
License: Apache-2.0
Notes: This Pulumi package is based on the tls Terraform Provider.

TLS v5.2.2 published on Tuesday, Sep 2, 2025 by Pulumi

pulumi/pulumi-tls

tls.getCertificate

On this page

On this page

Using getCertificate

getCertificate Result

Supporting Types

GetCertificateCertificate

Package Details

On this page

On this page