Cloudflare v6.0.1, Apr 16 25

Cloudflare v6.0.1 published on Wednesday, Apr 16, 2025 by Pulumi

cloudflare.getCustomSsl

Explore with Pulumi AI

Cloudflare v6.0.1 published on Wednesday, Apr 16, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleCustomSsl = cloudflare.getCustomSsl({
    zoneId: "023e105f4ecef8ad9ca31a8372d0c353",
    customCertificateId: "023e105f4ecef8ad9ca31a8372d0c353",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_custom_ssl = cloudflare.get_custom_ssl(zone_id="023e105f4ecef8ad9ca31a8372d0c353",
    custom_certificate_id="023e105f4ecef8ad9ca31a8372d0c353")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupCustomSsl(ctx, &cloudflare.LookupCustomSslArgs{
			ZoneId:              "023e105f4ecef8ad9ca31a8372d0c353",
			CustomCertificateId: pulumi.StringRef("023e105f4ecef8ad9ca31a8372d0c353"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleCustomSsl = Cloudflare.GetCustomSsl.Invoke(new()
    {
        ZoneId = "023e105f4ecef8ad9ca31a8372d0c353",
        CustomCertificateId = "023e105f4ecef8ad9ca31a8372d0c353",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetCustomSslArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleCustomSsl = CloudflareFunctions.getCustomSsl(GetCustomSslArgs.builder()
            .zoneId("023e105f4ecef8ad9ca31a8372d0c353")
            .customCertificateId("023e105f4ecef8ad9ca31a8372d0c353")
            .build());

    }
}

variables:
  exampleCustomSsl:
    fn::invoke:
      function: cloudflare:getCustomSsl
      arguments:
        zoneId: 023e105f4ecef8ad9ca31a8372d0c353
        customCertificateId: 023e105f4ecef8ad9ca31a8372d0c353

Using getCustomSsl

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getCustomSsl(args: GetCustomSslArgs, opts?: InvokeOptions): Promise<GetCustomSslResult>
function getCustomSslOutput(args: GetCustomSslOutputArgs, opts?: InvokeOptions): Output<GetCustomSslResult>

def get_custom_ssl(custom_certificate_id: Optional[str] = None,
                   filter: Optional[GetCustomSslFilter] = None,
                   zone_id: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetCustomSslResult
def get_custom_ssl_output(custom_certificate_id: Optional[pulumi.Input[str]] = None,
                   filter: Optional[pulumi.Input[GetCustomSslFilterArgs]] = None,
                   zone_id: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetCustomSslResult]

func LookupCustomSsl(ctx *Context, args *LookupCustomSslArgs, opts ...InvokeOption) (*LookupCustomSslResult, error)
func LookupCustomSslOutput(ctx *Context, args *LookupCustomSslOutputArgs, opts ...InvokeOption) LookupCustomSslResultOutput

> Note: This function is named LookupCustomSsl in the Go SDK.

public static class GetCustomSsl 
{
    public static Task<GetCustomSslResult> InvokeAsync(GetCustomSslArgs args, InvokeOptions? opts = null)
    public static Output<GetCustomSslResult> Invoke(GetCustomSslInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetCustomSslResult> getCustomSsl(GetCustomSslArgs args, InvokeOptions options)
public static Output<GetCustomSslResult> getCustomSsl(GetCustomSslArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getCustomSsl:getCustomSsl
  arguments:
    # arguments dictionary

The following arguments are supported:

ZoneId string: Identifier
CustomCertificateId string: Identifier
Filter GetCustomSslFilter

ZoneId string: Identifier
CustomCertificateId string: Identifier
Filter GetCustomSslFilter

zoneId String: Identifier
customCertificateId String: Identifier
filter GetCustomSslFilter

zoneId string: Identifier
customCertificateId string: Identifier
filter GetCustomSslFilter

zone_id str: Identifier
custom_certificate_id str: Identifier
filter GetCustomSslFilter

zoneId String: Identifier
customCertificateId String: Identifier
filter Property Map

getCustomSsl Result

The following output properties are available:

BundleMethod string: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
ExpiresOn string: When the certificate from the authority expires.
GeoRestrictions GetCustomSslGeoRestrictions: Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
Hosts List<string>
Id string: Identifier
Issuer string: The certificate authority that issued the certificate.
KeylessServer GetCustomSslKeylessServer
ModifiedOn string: When the certificate was last modified.
Policy string: Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO3166-1alpha-2#Officiallyassignedcode_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.
Priority double: The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacycustom' certificates, but 'legacycustom' certificates will always supercede 'sni_custom' certificates.
Signature string: The type of hash used for the certificate.
Status string: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".
UploadedOn string: When the certificate was uploaded to Cloudflare.
ZoneId string: Identifier
CustomCertificateId string: Identifier
Filter GetCustomSslFilter

BundleMethod string: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
ExpiresOn string: When the certificate from the authority expires.
GeoRestrictions GetCustomSslGeoRestrictions: Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
Hosts []string
Id string: Identifier
Issuer string: The certificate authority that issued the certificate.
KeylessServer GetCustomSslKeylessServer
ModifiedOn string: When the certificate was last modified.
Policy string: Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO3166-1alpha-2#Officiallyassignedcode_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.
Priority float64: The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacycustom' certificates, but 'legacycustom' certificates will always supercede 'sni_custom' certificates.
Signature string: The type of hash used for the certificate.
Status string: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".
UploadedOn string: When the certificate was uploaded to Cloudflare.
ZoneId string: Identifier
CustomCertificateId string: Identifier
Filter GetCustomSslFilter

bundleMethod String: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
expiresOn String: When the certificate from the authority expires.
geoRestrictions GetCustomSslGeoRestrictions: Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
hosts List<String>
id String: Identifier
issuer String: The certificate authority that issued the certificate.
keylessServer GetCustomSslKeylessServer
modifiedOn String: When the certificate was last modified.
policy String: Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO3166-1alpha-2#Officiallyassignedcode_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.
priority Double: The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacycustom' certificates, but 'legacycustom' certificates will always supercede 'sni_custom' certificates.
signature String: The type of hash used for the certificate.
status String: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".
uploadedOn String: When the certificate was uploaded to Cloudflare.
zoneId String: Identifier
customCertificateId String: Identifier
filter GetCustomSslFilter

bundleMethod string: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
expiresOn string: When the certificate from the authority expires.
geoRestrictions GetCustomSslGeoRestrictions: Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
hosts string[]
id string: Identifier
issuer string: The certificate authority that issued the certificate.
keylessServer GetCustomSslKeylessServer
modifiedOn string: When the certificate was last modified.
policy string: Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO3166-1alpha-2#Officiallyassignedcode_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.
priority number: The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacycustom' certificates, but 'legacycustom' certificates will always supercede 'sni_custom' certificates.
signature string: The type of hash used for the certificate.
status string: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".
uploadedOn string: When the certificate was uploaded to Cloudflare.
zoneId string: Identifier
customCertificateId string: Identifier
filter GetCustomSslFilter

bundle_method str: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
expires_on str: When the certificate from the authority expires.
geo_restrictions GetCustomSslGeoRestrictions: Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
hosts Sequence[str]
id str: Identifier
issuer str: The certificate authority that issued the certificate.
keyless_server GetCustomSslKeylessServer
modified_on str: When the certificate was last modified.
policy str: Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO3166-1alpha-2#Officiallyassignedcode_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.
priority float: The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacycustom' certificates, but 'legacycustom' certificates will always supercede 'sni_custom' certificates.
signature str: The type of hash used for the certificate.
status str: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".
uploaded_on str: When the certificate was uploaded to Cloudflare.
zone_id str: Identifier
custom_certificate_id str: Identifier
filter GetCustomSslFilter

bundleMethod String: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it. Available values: "ubiquitous", "optimal", "force".
expiresOn String: When the certificate from the authority expires.
geoRestrictions Property Map: Specify the region where your private key can be held locally for optimal TLS performance. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Options allow distribution to only to U.S. data centers, only to E.U. data centers, or only to highest security data centers. Default distribution is to all Cloudflare datacenters, for optimal performance.
hosts List<String>
id String: Identifier
issuer String: The certificate authority that issued the certificate.
keylessServer Property Map
modifiedOn String: When the certificate was last modified.
policy String: Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO3166-1alpha-2#Officiallyassignedcode_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.
priority Number: The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacycustom' certificates, but 'legacycustom' certificates will always supercede 'sni_custom' certificates.
signature String: The type of hash used for the certificate.
status String: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".
uploadedOn String: When the certificate was uploaded to Cloudflare.
zoneId String: Identifier
customCertificateId String: Identifier
filter Property Map

Supporting Types

GetCustomSslFilter

Match string: Whether to match all search requirements or at least one (any). Available values: "any", "all".
Status string: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".

Match string: Whether to match all search requirements or at least one (any). Available values: "any", "all".
Status string: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".

match String: Whether to match all search requirements or at least one (any). Available values: "any", "all".
status String: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".

match string: Whether to match all search requirements or at least one (any). Available values: "any", "all".
status string: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".

match str: Whether to match all search requirements or at least one (any). Available values: "any", "all".
status str: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".

match String: Whether to match all search requirements or at least one (any). Available values: "any", "all".
status String: Status of the zone's custom SSL. Available values: "active", "expired", "deleted", "pending", "initializing".

GetCustomSslGeoRestrictions

Label string: Available values: "us", "eu", "highest_security".

Label string: Available values: "us", "eu", "highest_security".

label String: Available values: "us", "eu", "highest_security".

label string: Available values: "us", "eu", "highest_security".

label str: Available values: "us", "eu", "highest_security".

label String: Available values: "us", "eu", "highest_security".

GetCustomSslKeylessServer

CreatedOn string: When the Keyless SSL was created.
Enabled bool: Whether or not the Keyless SSL is on or off.
Host string: The keyless SSL name.
Id string: Keyless certificate identifier tag.
ModifiedOn string: When the Keyless SSL was last modified.
Name string: The keyless SSL name.
Permissions List<string>: Available permissions for the Keyless SSL for the current user requesting the item.
Port double: The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
Status string: Status of the Keyless SSL. Available values: "active", "deleted".
Tunnel GetCustomSslKeylessServerTunnel: Configuration for using Keyless SSL through a Cloudflare Tunnel

CreatedOn string: When the Keyless SSL was created.
Enabled bool: Whether or not the Keyless SSL is on or off.
Host string: The keyless SSL name.
Id string: Keyless certificate identifier tag.
ModifiedOn string: When the Keyless SSL was last modified.
Name string: The keyless SSL name.
Permissions []string: Available permissions for the Keyless SSL for the current user requesting the item.
Port float64: The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
Status string: Status of the Keyless SSL. Available values: "active", "deleted".
Tunnel GetCustomSslKeylessServerTunnel: Configuration for using Keyless SSL through a Cloudflare Tunnel

createdOn String: When the Keyless SSL was created.
enabled Boolean: Whether or not the Keyless SSL is on or off.
host String: The keyless SSL name.
id String: Keyless certificate identifier tag.
modifiedOn String: When the Keyless SSL was last modified.
name String: The keyless SSL name.
permissions List<String>: Available permissions for the Keyless SSL for the current user requesting the item.
port Double: The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
status String: Status of the Keyless SSL. Available values: "active", "deleted".
tunnel GetCustomSslKeylessServerTunnel: Configuration for using Keyless SSL through a Cloudflare Tunnel

createdOn string: When the Keyless SSL was created.
enabled boolean: Whether or not the Keyless SSL is on or off.
host string: The keyless SSL name.
id string: Keyless certificate identifier tag.
modifiedOn string: When the Keyless SSL was last modified.
name string: The keyless SSL name.
permissions string[]: Available permissions for the Keyless SSL for the current user requesting the item.
port number: The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
status string: Status of the Keyless SSL. Available values: "active", "deleted".
tunnel GetCustomSslKeylessServerTunnel: Configuration for using Keyless SSL through a Cloudflare Tunnel

created_on str: When the Keyless SSL was created.
enabled bool: Whether or not the Keyless SSL is on or off.
host str: The keyless SSL name.
id str: Keyless certificate identifier tag.
modified_on str: When the Keyless SSL was last modified.
name str: The keyless SSL name.
permissions Sequence[str]: Available permissions for the Keyless SSL for the current user requesting the item.
port float: The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
status str: Status of the Keyless SSL. Available values: "active", "deleted".
tunnel GetCustomSslKeylessServerTunnel: Configuration for using Keyless SSL through a Cloudflare Tunnel

createdOn String: When the Keyless SSL was created.
enabled Boolean: Whether or not the Keyless SSL is on or off.
host String: The keyless SSL name.
id String: Keyless certificate identifier tag.
modifiedOn String: When the Keyless SSL was last modified.
name String: The keyless SSL name.
permissions List<String>: Available permissions for the Keyless SSL for the current user requesting the item.
port Number: The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.
status String: Status of the Keyless SSL. Available values: "active", "deleted".
tunnel Property Map: Configuration for using Keyless SSL through a Cloudflare Tunnel

GetCustomSslKeylessServerTunnel

PrivateIp string: Private IP of the Key Server Host
VnetId string: Cloudflare Tunnel Virtual Network ID

PrivateIp string: Private IP of the Key Server Host
VnetId string: Cloudflare Tunnel Virtual Network ID

privateIp String: Private IP of the Key Server Host
vnetId String: Cloudflare Tunnel Virtual Network ID

privateIp string: Private IP of the Key Server Host
vnetId string: Cloudflare Tunnel Virtual Network ID

private_ip str: Private IP of the Key Server Host
vnet_id str: Cloudflare Tunnel Virtual Network ID

privateIp String: Private IP of the Key Server Host
vnetId String: Cloudflare Tunnel Virtual Network ID

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.0.1 published on Wednesday, Apr 16, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.getCustomSsl

On this page

On this page

Example Usage

Using getCustomSsl

getCustomSsl Result

Supporting Types

GetCustomSslFilter

GetCustomSslGeoRestrictions

GetCustomSslKeylessServer

GetCustomSslKeylessServerTunnel

Package Details

On this page

On this page