public sealed class Certificate : IMessage<Certificate>, IEquatable<Certificate>, IDeepCloneable<Certificate>, IBufferMessage, IMessage
Reference documentation and code samples for the Certificate Authority v1 API class Certificate.
A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds
to a signed X.509 certificate issued by a
[CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
Immutable. The resource name for a
[CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
used to issue this certificate, in the format
projects/*/locations/*/certificateTemplates/*.
If this is specified, the caller must have the necessary permission to
use this template. If this is omitted, no template will be used.
This template must be in the same location as the
[Certificate][google.cloud.security.privateca.v1.Certificate].
public string IssuerCertificateAuthority { get; set; }
Output only. The resource name of the issuing
[CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
in the format projects/*/locations/*/caPools/*/certificateAuthorities/*.
Required. Immutable. The desired lifetime of a certificate. Used to create
the "not_before_time" and "not_after_time" fields inside an X.509
certificate. Note that the lifetime may be truncated if it would extend
past the life of any certificate authority in the issuing chain.
Identifier. The resource name for this
[Certificate][google.cloud.security.privateca.v1.Certificate] in the format
projects/*/locations/*/caPools/*/certificates/*.
public Certificate.Types.RevocationDetails RevocationDetails { get; set; }
Output only. Details regarding the revocation of this
[Certificate][google.cloud.security.privateca.v1.Certificate]. This
[Certificate][google.cloud.security.privateca.v1.Certificate] is considered
revoked if and only if this field is present.
public SubjectRequestMode SubjectMode { get; set; }
Immutable. Specifies how the
[Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
fields are to be decided. If this is omitted, the DEFAULT subject mode
will be used.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe latest version of the \u003ccode\u003eCertificate\u003c/code\u003e class within the \u003ccode\u003eGoogle.Cloud.Security.PrivateCA.V1\u003c/code\u003e namespace is 3.9.0, with previous versions available from 3.8.0 down to 1.0.0.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eCertificate\u003c/code\u003e class represents a signed X.509 certificate issued by a Certificate Authority, as described by the Google Cloud Security Private CA v1 API.\u003c/p\u003e\n"],["\u003cp\u003eThis class provides methods for managing certificate configurations, including setting certificate lifetime, defining subject identity fields, and using certificate templates.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eCertificate\u003c/code\u003e class provides methods to access various details about a certificate, such as its creation time, update time, issuer, and revocation details, along with its pem-encoded representation and chain.\u003c/p\u003e\n"],["\u003cp\u003eThe Certificate class inherits from \u003ccode\u003eobject\u003c/code\u003e and implements \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Certificate Authority v1 API - Class Certificate (3.10.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.10.0 (latest)](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.9.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.9.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.8.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.8.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.7.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.7.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.6.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.6.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.5.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.5.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.4.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.4.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.3.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.2.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.1.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/3.0.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/2.3.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/2.2.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [2.1.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/2.1.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [2.0.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/2.0.0/Google.Cloud.Security.PrivateCA.V1.Certificate)\n- [1.0.0](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/1.0.0/Google.Cloud.Security.PrivateCA.V1.Certificate) \n\n public sealed class Certificate : IMessage\u003cCertificate\u003e, IEquatable\u003cCertificate\u003e, IDeepCloneable\u003cCertificate\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Certificate Authority v1 API class Certificate.\n\nA \\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\] corresponds\nto a signed X.509 certificate issued by a\n\\[CertificateAuthority\\]\\[google.cloud.security.privateca.v1.CertificateAuthority\\]. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e Certificate \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[Certificate](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.Certificate), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[Certificate](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.Certificate), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[Certificate](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.Certificate), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Security.PrivateCA.V1](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Security.PrivateCA.V1.dll\n\nConstructors\n------------\n\n### Certificate()\n\n public Certificate()\n\n### Certificate(Certificate)\n\n public Certificate(Certificate other)\n\nProperties\n----------\n\n### CertificateConfigCase\n\n public Certificate.CertificateConfigOneofCase CertificateConfigCase { get; }\n\n### CertificateDescription\n\n public CertificateDescription CertificateDescription { get; set; }\n\nOutput only. A structured description of the issued X.509 certificate.\n\n### CertificateName\n\n public CertificateName CertificateName { get; set; }\n\n[CertificateName](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateName)-typed view over the [Name](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.Certificate#Google_Cloud_Security_PrivateCA_V1_Certificate_Name) resource name property.\n\n### CertificateTemplate\n\n public string CertificateTemplate { get; set; }\n\nImmutable. The resource name for a\n\\[CertificateTemplate\\]\\[google.cloud.security.privateca.v1.CertificateTemplate\\]\nused to issue this certificate, in the format\n`projects/*/locations/*/certificateTemplates/*`.\nIf this is specified, the caller must have the necessary permission to\nuse this template. If this is omitted, no template will be used.\nThis template must be in the same location as the\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\].\n\n### CertificateTemplateAsCertificateTemplateName\n\n public CertificateTemplateName CertificateTemplateAsCertificateTemplateName { get; set; }\n\n[CertificateTemplateName](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateTemplateName)-typed view over the [CertificateTemplate](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.Certificate#Google_Cloud_Security_PrivateCA_V1_Certificate_CertificateTemplate) resource name\nproperty.\n\n### Config\n\n public CertificateConfig Config { get; set; }\n\nImmutable. A description of the certificate and key that does not require\nX.509 or ASN.1.\n\n### CreateTime\n\n public Timestamp CreateTime { get; set; }\n\nOutput only. The time at which this\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\] was created.\n\n### HasPemCsr\n\n public bool HasPemCsr { get; }\n\nGets whether the \"pem_csr\" field is set\n\n### IssuerCertificateAuthority\n\n public string IssuerCertificateAuthority { get; set; }\n\nOutput only. The resource name of the issuing\n\\[CertificateAuthority\\]\\[google.cloud.security.privateca.v1.CertificateAuthority\\]\nin the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.\n\n### IssuerCertificateAuthorityAsCertificateAuthorityName\n\n public CertificateAuthorityName IssuerCertificateAuthorityAsCertificateAuthorityName { get; set; }\n\n[CertificateAuthorityName](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.CertificateAuthorityName)-typed view over the [IssuerCertificateAuthority](/dotnet/docs/reference/Google.Cloud.Security.PrivateCA.V1/latest/Google.Cloud.Security.PrivateCA.V1.Certificate#Google_Cloud_Security_PrivateCA_V1_Certificate_IssuerCertificateAuthority) resource\nname property.\n\n### Labels\n\n public MapField\u003cstring, string\u003e Labels { get; }\n\nOptional. Labels with user-defined metadata.\n\n### Lifetime\n\n public Duration Lifetime { get; set; }\n\nRequired. Immutable. The desired lifetime of a certificate. Used to create\nthe \"not_before_time\" and \"not_after_time\" fields inside an X.509\ncertificate. Note that the lifetime may be truncated if it would extend\npast the life of any certificate authority in the issuing chain.\n\n### Name\n\n public string Name { get; set; }\n\nIdentifier. The resource name for this\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\] in the format\n`projects/*/locations/*/caPools/*/certificates/*`.\n\n### PemCertificate\n\n public string PemCertificate { get; set; }\n\nOutput only. The pem-encoded, signed X.509 certificate.\n\n### PemCertificateChain\n\n public RepeatedField\u003cstring\u003e PemCertificateChain { get; }\n\nOutput only. The chain that may be used to verify the X.509 certificate.\nExpected to be in issuer-to-root order according to RFC 5246.\n\n### PemCsr\n\n public string PemCsr { get; set; }\n\nImmutable. A pem-encoded X.509 certificate signing request (CSR).\n\n### RevocationDetails\n\n public Certificate.Types.RevocationDetails RevocationDetails { get; set; }\n\nOutput only. Details regarding the revocation of this\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\]. This\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\] is considered\nrevoked if and only if this field is present.\n\n### SubjectMode\n\n public SubjectRequestMode SubjectMode { get; set; }\n\nImmutable. Specifies how the\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\]'s identity\nfields are to be decided. If this is omitted, the `DEFAULT` subject mode\nwill be used.\n\n### UpdateTime\n\n public Timestamp UpdateTime { get; set; }\n\nOutput only. The time at which this\n\\[Certificate\\]\\[google.cloud.security.privateca.v1.Certificate\\] was updated."]]
