Skip to main content

certificates

Creates, updates, deletes, gets or lists a certificates resource.

Overview

Namecertificates
TypeResource
Idcloudflare.zero_trust.certificates

Fields

The following fields are returned by SELECT queries:

Get an mTLS certificate response

NameDatatypeDescription
idstringThe ID of the application that will use this certificate.
namestringThe name of the certificate. (example: Allow devs)
associated_hostnamesarrayThe hostnames of the applications that will use this certificate.
created_atstring (date-time) (example: 2014-01-01T05:20:00.12345Z)
expires_onstring (date-time) (example: 2014-01-01T05:20:00.12345Z)
fingerprintstringThe MD5 fingerprint of the certificate. (example: MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91)
updated_atstring (date-time) (example: 2014-01-01T05:20:00.12345Z)

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
getselectcertificate_id, zone_idFetches a single mTLS certificate.
createinsertzone_id, name, certificateAdds a new mTLS root certificate to Access.
editupdatezone_id, enabledEnable Zero Trust Clients to provision a certificate, containing a x509 subject, and referenced by Access device posture policies when the client visits MTLS protected domains. This facilitates device posture without a WARP session.
update_by_accountreplacecertificate_id, account_id, associated_hostnamesUpdates a configured mTLS certificate.
update_by_zonereplacecertificate_id, zone_id, associated_hostnamesUpdates a configured mTLS certificate.
deletedeletecertificate_id, zone_idDeletes an mTLS certificate.
activateexeccertificate_id, account_idBind a single Zero Trust certificate to the edge.
deactivateexeccertificate_id, account_idUnbind a single Zero Trust certificate from the edge.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
account_idstringThe Cloudflare account ID.
certificate_idstringThe certificate ID.
zone_idstringThe Cloudflare zone ID.

SELECT examples

Fetches a single mTLS certificate.

SELECT
id,
name,
associated_hostnames,
created_at,
expires_on,
fingerprint,
updated_at
FROM cloudflare.zero_trust.certificates
WHERE certificate_id = '{{ certificate_id }}' -- required
AND zone_id = '{{ zone_id }}' -- required
;

INSERT examples

Adds a new mTLS root certificate to Access.

INSERT INTO cloudflare.zero_trust.certificates (
associated_hostnames,
certificate,
name,
zone_id
)
SELECT 
'{{ associated_hostnames }}',
'{{ certificate }}' /* required */,
'{{ name }}' /* required */,
'{{ zone_id }}'
RETURNING
errors,
messages,
result,
success
;

UPDATE examples

Enable Zero Trust Clients to provision a certificate, containing a x509 subject, and referenced by Access device posture policies when the client visits MTLS protected domains. This facilitates device posture without a WARP session.

UPDATE cloudflare.zero_trust.certificates
SET 
enabled = {{ enabled }}
WHERE 
zone_id = '{{ zone_id }}' --required
AND enabled = {{ enabled }} --required
RETURNING
errors,
messages,
result,
success;

REPLACE examples

Updates a configured mTLS certificate.

REPLACE cloudflare.zero_trust.certificates
SET 
associated_hostnames = '{{ associated_hostnames }}',
name = '{{ name }}'
WHERE 
certificate_id = '{{ certificate_id }}' --required
AND account_id = '{{ account_id }}' --required
AND associated_hostnames = '{{ associated_hostnames }}' --required
RETURNING
errors,
messages,
result,
success;

DELETE examples

Deletes an mTLS certificate.

DELETE FROM cloudflare.zero_trust.certificates
WHERE certificate_id = '{{ certificate_id }}' --required
AND zone_id = '{{ zone_id }}' --required
;

Lifecycle Methods

Bind a single Zero Trust certificate to the edge.

EXEC cloudflare.zero_trust.certificates.activate 
@certificate_id='{{ certificate_id }}' --required, 
@account_id='{{ account_id }}' --required
;