gateway_certificates
Creates, updates, deletes, gets or lists a gateway_certificates resource.
Overview
| Name | gateway_certificates |
| Type | Resource |
| Id | cloudflare.zero_trust.gateway_certificates |
Fields
The following fields are returned by SELECT queries:
- get
Gets Zero Trust certificate details response.
| Name | Datatype | Description |
|---|---|---|
id | string | Identify the certificate with a UUID. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415) |
binding_status | string | Indicate the read-only deployment status of the certificate on Cloudflare's edge. Gateway TLS interception can use certificates in the 'available' (previously called 'active') state. (pending_deployment, available, pending_deletion, inactive) |
certificate | string | Provide the CA certificate (read-only). (example: -----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----\n) |
created_at | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
expires_on | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
fingerprint | string | Provide the SHA256 fingerprint of the certificate (read-only). (example: E9:19:49:AA:DD:D8:1E:C1:20:2A:D8:22:BF:A5:F8:FC:1A:F7:10:9F:C7:5B:69:AB:0:31:91:8B:61:B4:BF:1C) |
in_use | boolean | Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only). (x-stainless-terraform-configurability: computed) |
issuer_org | string | Indicate the organization that issued the certificate (read-only). (example: Example Inc.) |
issuer_raw | string | Provide the entire issuer field of the certificate (read-only). (example: O=Example Inc.,L=California,ST=San Francisco,C=US) |
type | string | Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed. (custom, gateway_managed) (example: gateway_managed) |
updated_at | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
uploaded_on | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | certificate_id, account_id | Get a single Zero Trust certificate. | |
create | insert | account_id | Create a new Zero Trust certificate. | |
delete | delete | certificate_id, account_id | Delete a gateway-managed Zero Trust certificate. You must deactivate the certificate from the edge (inactive) before deleting it. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
certificate_id | string | The certificate ID. |
SELECT examples
- get
Get a single Zero Trust certificate.
SELECT
id,
binding_status,
certificate,
created_at,
expires_on,
fingerprint,
in_use,
issuer_org,
issuer_raw,
type,
updated_at,
uploaded_on
FROM cloudflare.zero_trust.gateway_certificates
WHERE certificate_id = '{{ certificate_id }}' -- required
AND account_id = '{{ account_id }}' -- required
;
INSERT examples
- create
- Manifest
Create a new Zero Trust certificate.
INSERT INTO cloudflare.zero_trust.gateway_certificates (
validity_period_days,
account_id
)
SELECT
{{ validity_period_days }},
'{{ account_id }}'
RETURNING
errors,
messages,
result,
success
;
# Description fields are for documentation purposes
- name: gateway_certificates
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the gateway_certificates resource.
- name: validity_period_days
value: {{ validity_period_days }}
description: |
Sets the certificate validity period in days (range: 1-10,950 days / ~30 years). Defaults to 1,825 days (5 years). **Important**: This field is only settable during the certificate creation. Certificates becomes immutable after creation - use the `/activate` and `/deactivate` endpoints to manage certificate lifecycle.
DELETE examples
- delete
Delete a gateway-managed Zero Trust certificate. You must deactivate the certificate from the edge (inactive) before deleting it.
DELETE FROM cloudflare.zero_trust.gateway_certificates
WHERE certificate_id = '{{ certificate_id }}' --required
AND account_id = '{{ account_id }}' --required
;