SslCertificate

JSON representation
ManagedSslCertificate
- JSON representation
ManagedCertificateStatus
DomainStatus
SelfManagedSslCertificate
- JSON representation
Type

Represents an SSL certificate resource.

Trusted Cloud Compute Engine has two SSL certificate resources:

The global SSL certificates (

sslCertificates

) are used by:

Global external Application Load Balancers
Classic Application Load Balancers
Proxy Network Load Balancers (with target SSL proxies)

The regional SSL certificates (

regionSslCertificates

) are used by:

Regional external Application Load Balancers
Regional internal Application Load Balancers

Optionally, certificate file contents that you upload can contain a set of up to five PEM-encoded certificates. The API call creates an object (sslCertificate) that holds this data. You can use SSL keys and certificates to secure connections to a load balancer. For more information, read Creating and using SSL certificates, SSL certificates quotas and limits, and Troubleshooting SSL certificates.

JSON representation

JSON representation
{ "kind": string, "id": string, "creationTimestamp": string, "name": string, "description": string, "selfLink": string, "certificate": string, "privateKey": string, "managed": { object (`ManagedSslCertificate`) }, "selfManaged": { object (`SelfManagedSslCertificate`) }, "type": enum (`Type`), "subjectAlternativeNames": [ string ], "expireTime": string, "region": string }

{
  "kind": string,
  "id": string,
  "creationTimestamp": string,
  "name": string,
  "description": string,
  "selfLink": string,
  "certificate": string,
  "privateKey": string,
  "managed": {
    object (ManagedSslCertificate)
  },
  "selfManaged": {
    object (SelfManagedSslCertificate)
  },
  "type": enum (Type),
  "subjectAlternativeNames": [
    string
  ],
  "expireTime": string,
  "region": string
}

Fields
`kind`	`string` [Output Only] Type of the resource. Always `compute#sslCertificate` for SSL certificates.
`id`	`string (uint64 format)` [Output Only] The unique identifier for the resource. This identifier is defined by the server.
`creationTimestamp`	`string` [Output Only] Creation timestamp in RFC3339 text format.
`name`	`string` Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
`description`	`string` An optional description of this resource. Provide this property when you create the resource.
`selfLink`	`string` [Output only] Server-defined URL for the resource.
`certificate`	`string` A value read into memory from a certificate file. The certificate file must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.
`privateKey`	`string` A value read into memory from a write-only private key file. The private key file must be in PEM format. For security, only `insert` requests include this field.
`managed`	`object (ManagedSslCertificate)` Configuration and status of a managed SSL certificate.
`selfManaged`	`object (SelfManagedSslCertificate)` Configuration and status of a self-managed SSL certificate.
`type`	`enum (Type)` (Optional) Specifies the type of SSL certificate, either "SELF_MANAGED" or "MANAGED". If not specified, the certificate is self-managed and the fields `certificate` and `privateKey` are used.
`subjectAlternativeNames[]`	`string` [Output Only] Domains associated with the certificate via Subject Alternative Name.
`expireTime`	`string` [Output Only] Expire time of the certificate. RFC3339
`region`	`string` [Output Only] URL of the region where the regional SSL Certificate resides. This field is not applicable to global SSL Certificate.

ManagedSslCertificate

Configuration and status of a managed SSL certificate.

JSON representation
{ "domains": [ string ], "status": enum (`ManagedCertificateStatus`), "domainStatus": { string: enum (`DomainStatus`), ... } }

Fields

Fields
`domains[]`	`string` The domains for which a managed SSL certificate will be generated. Each Google Cloud-powered SSL certificate supports up to the maximum number of domains per Google Cloud-powered SSL certificate.
`status`	`enum (ManagedCertificateStatus)` [Output only] Status of the managed certificate resource.
`domainStatus`	`map (key: string, value: enum (DomainStatus))` [Output only] Detailed statuses of the domains specified for managed certificate resource.

domains[]

string

The domains for which a managed SSL certificate will be generated. Each Google Cloud-powered SSL certificate supports up to the maximum number of domains per Google Cloud-powered SSL certificate.

status

enum (ManagedCertificateStatus)

[Output only] Status of the managed certificate resource.

domainStatus

map (key: string, value: enum (DomainStatus))

[Output only] Detailed statuses of the domains specified for managed certificate resource.

ManagedCertificateStatus

Managed certificate status

Enums
`MANAGED_CERTIFICATE_STATUS_UNSPECIFIED`
`ACTIVE`	The certificate management is working, and a certificate has been provisioned.
`PROVISIONING`	The certificate management is working. GCP will attempt to provision the first certificate.
`PROVISIONING_FAILED`	Certificate provisioning failed due to an issue with the DNS or load balancing configuration. For details of which domain failed, consult domainStatus field.
`PROVISIONING_FAILED_PERMANENTLY`	Certificate provisioning failed due to an issue with the DNS or load balancing configuration. It won't be retried. To try again delete and create a new managed SslCertificate resource. For details of which domain failed, consult domainStatus field.
`RENEWAL_FAILED`	Renewal of the certificate has failed due to an issue with the DNS or load balancing configuration. The existing cert is still serving; however, it will expire shortly. To provision a renewed certificate, delete and create a new managed SslCertificate resource. For details on which domain failed, consult domainStatus field.

DomainStatus

Enums
`DOMAIN_STATUS_UNSPECIFIED`
`PROVISIONING`	Certificate provisioning for this domain is under way. GCP will attempt to provision the first certificate.
`FAILED_NOT_VISIBLE`	There seems to be problem with the user's DNS or load balancer configuration for this domain.
`FAILED_CAA_FORBIDDEN`	Certificate issuance forbidden by an explicit CAA record for the domain.
`FAILED_RATE_LIMITED`	Reached rate-limit for certificates per top-level private domain.
`ACTIVE`	A managed certificate can be provisioned, no issues for this domain.
`FAILED_CAA_CHECKING`	Failed to check CAA records for the domain.

SelfManagedSslCertificate

Configuration and status of a self-managed SSL certificate.

JSON representation
{ "certificate": string, "privateKey": string }

Fields

Fields
`certificate`	`string` A local certificate file. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.
`privateKey`	`string` A write-only private key in PEM format. Only `insert` requests will include this field.

certificate

string

A local certificate file. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.

privateKey

string

A write-only private key in PEM format. Only

insert

requests will include this field.

Type

Type of the SslCertificate.

Enums
`TYPE_UNSPECIFIED`
`MANAGED`	Google Cloud-powered SSLCertificate.
`SELF_MANAGED`	Certificate uploaded by user.