Skip to content
Cloudflare API
Start here
API Reference

Origin CA Certificates

resource cloudflare_origin_ca_certificate

required Expand Collapse
csr: String

The Certificate Signing Request (CSR). Must be newline-encoded.

request_type: String

Signature type desired on certificate ("origin-rsa" (rsa), "origin-ecc" (ecdsa), or "keyless-certificate" (for Keyless SSL servers).

hostnames: List[String]

Array of hostnames or wildcard names bound to the certificate. Hostnames must be fully qualified domain names (FQDNs) belonging to zones on your account (e.g., example.com or sub.example.com). Wildcards are supported only as a *. prefix for a single level (e.g., *.example.com). Double wildcards (*.*.example.com) and interior wildcards (foo.*.example.com) are not allowed. The wildcard suffix must be a multi-label domain (*.example.com is valid, but *.com is not). Unicode/IDN hostnames are accepted and automatically converted to punycode.

optional Expand Collapse
requested_validity?: Float64

The number of days for which the certificate should be valid.

computed Expand Collapse
id: String

Identifier.

certificate: String

The Origin CA certificate. Will be newline-encoded.

expires_on: String

When the certificate will expire.

cloudflare_origin_ca_certificate

resource "cloudflare_origin_ca_certificate" "example_origin_ca_certificate" {
  csr = <<EOT
  -----BEGIN CERTIFICATE REQUEST-----
  MIICxzCCAa8CAQAwSDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lz
  Y28xCzAJBgNVBAcTAkNBMRQwEgYDVQQDEwtleGFtcGxlLm5ldDCCASIwDQYJKoZI
  hvcNAQEBBQADggEPADCCAQoCggEBALxejtu4b+jPdFeFi6OUsye8TYJQBm3WfCvL
  Hu5EvijMO/4Z2TImwASbwUF7Ir8OLgH+mGlQZeqyNvGoSOMEaZVXcYfpR1hlVak8
  4GGVr+04IGfOCqaBokaBFIwzclGZbzKmLGwIQioNxGfqFm6RGYGA3be2Je2iseBc
  N8GV1wYmvYE0RR+yWweJCTJ157exyRzu7sVxaEW9F87zBQLyOnwXc64rflXslRqi
  g7F7w5IaQYOl8yvmk/jEPCAha7fkiUfEpj4N12+oPRiMvleJF98chxjD4MH39c5I
  uOslULhrWunfh7GB1jwWNA9y44H0snrf+xvoy2TcHmxvma9Eln8CAwEAAaA6MDgG
  CSqGSIb3DQEJDjErMCkwJwYDVR0RBCAwHoILZXhhbXBsZS5uZXSCD3d3dy5leGFt
  cGxlLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEAcBaX6dOnI8ncARrI9ZSF2AJX+8mx
  pTHY2+Y2C0VvrVDGMtbBRH8R9yMbqWtlxeeNGf//LeMkSKSFa4kbpdx226lfui8/
  auRDBTJGx2R1ccUxmLZXx4my0W5iIMxunu+kez+BDlu7bTT2io0uXMRHue4i6quH
  yc5ibxvbJMjR7dqbcanVE10/34oprzXQsJ/VmSuZNXtjbtSKDlmcpw6To/eeAJ+J
  hXykcUihvHyG4A1m2R6qpANBjnA0pHexfwM/SgfzvpbvUg0T1ubmer8BgTwCKIWs
  dcWYTthM51JIqRBfNqy4QcBnX+GY05yltEEswQI55wdiS3CjTTA67sdbcQ==
  -----END CERTIFICATE REQUEST-----
  EOT
  hostnames = ["example.com", "*.example.com", "sub.example.com"]
  request_type = "origin-rsa"
  requested_validity = 5475
}

data cloudflare_origin_ca_certificate

optional Expand Collapse
certificate_id?: String

Identifier.

filter?: Attributes
zone_id: String

Identifier.

limit?: Int64

Limit to the number of records returned.

offset?: Int64

Offset the results

computed Expand Collapse
id: String

Identifier.

certificate: String

The Origin CA certificate. Will be newline-encoded.

csr: String

The Certificate Signing Request (CSR). Must be newline-encoded.

expires_on: String

When the certificate will expire.

request_type: String

Signature type desired on certificate ("origin-rsa" (rsa), "origin-ecc" (ecdsa), or "keyless-certificate" (for Keyless SSL servers).

requested_validity: Float64

The number of days for which the certificate should be valid.

hostnames: List[String]

Array of hostnames or wildcard names bound to the certificate. Hostnames must be fully qualified domain names (FQDNs) belonging to zones on your account (e.g., example.com or sub.example.com). Wildcards are supported only as a *. prefix for a single level (e.g., *.example.com). Double wildcards (*.*.example.com) and interior wildcards (foo.*.example.com) are not allowed. The wildcard suffix must be a multi-label domain (*.example.com is valid, but *.com is not). Unicode/IDN hostnames are accepted and automatically converted to punycode.

cloudflare_origin_ca_certificate

data "cloudflare_origin_ca_certificate" "example_origin_ca_certificate" {
  certificate_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_origin_ca_certificates

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
limit?: Int64

Limit to the number of records returned.

offset?: Int64

Offset the results

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

csr: String

The Certificate Signing Request (CSR). Must be newline-encoded.

hostnames: List[String]

Array of hostnames or wildcard names bound to the certificate. Hostnames must be fully qualified domain names (FQDNs) belonging to zones on your account (e.g., example.com or sub.example.com). Wildcards are supported only as a *. prefix for a single level (e.g., *.example.com). Double wildcards (*.*.example.com) and interior wildcards (foo.*.example.com) are not allowed. The wildcard suffix must be a multi-label domain (*.example.com is valid, but *.com is not). Unicode/IDN hostnames are accepted and automatically converted to punycode.

request_type: String

Signature type desired on certificate ("origin-rsa" (rsa), "origin-ecc" (ecdsa), or "keyless-certificate" (for Keyless SSL servers).

requested_validity: Float64

The number of days for which the certificate should be valid.

id: String

Identifier.

certificate: String

The Origin CA certificate. Will be newline-encoded.

expires_on: String

When the certificate will expire.

cloudflare_origin_ca_certificates

data "cloudflare_origin_ca_certificates" "example_origin_ca_certificates" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  limit = 10
  offset = 10
}