Docs Home
Self Signed Certificate
Pulumi’s Self Signed Certificate Package makes it simple for you to quickly create a self signed certificate. The guide below will quickly you through how to provision a self signed certificate with the minimal set of inputs. Please refer to the API Docs for more detailed information on this Packages’s usage.
Quick Start
The following steps will get you started with a self signed certificate.
Configure Environment
Before you get started using Pulumi, let’s run through a few quick steps to ensure your environment is set up correctly.
Install Pulumi
$ brew install pulumi/tap/pulumi$ curl -fsSL https://get.pulumi.com | sh> choco install pulumiOther installation options are available. When the installation completes, you can test it out by reading the current version:
$ pulumi version
v2.23.1$ pulumi version
v2.23.1> pulumi version
v2.23.1If this doesn't work, you may need to restart your terminal to ensure the folder containing
the pulumi command is on your PATH.
Next, install the required language runtime, if you have not already.
Install Language Runtime
Choose Your Language
Install Node.js.
If you're having trouble setting up Node.js up on your machine, see Installing Node.js via Package Manager for alternative installation options.
Install Python. To reduce potential issues with setting up your Python environment on Windows or macOS, you should install Python through the official Python installer.
pip is required to install dependencies. If you installed Python from source, with an installer from
python.org, or via Homebrew you should
already have pip. If Python is installed using your OS package manager, you may have to install pip separately, see
Installing pip/setuptools/wheel with Linux Package Managers. For example, on Debian/Ubuntu you must run sudo apt install python3-venv python3-pip.
If you're having trouble setting up Python on your machine, see Python 3 Installation & Setup Guide for detailed installation instructions on various operating systems and distributions.
Install Go.
Pulumi requires a supported version of Go— this typically refers to the two most recent major releases. Note that Go calls 1.20, 1.21, etc. major releases, unlike semantic versioning. If
you're using Linux, your distribution may not provide an up to date version of the Go compiler. To check what version of Go you have installed, use:
go version.
Install .NET SDK.
Pulumi will need the dotnet executable in order to build and run your Pulumi .NET application. Ensure that the dotnet executable can be found
on your path after installation.
Create New Project
Now that you have set up your environment by installing Pulumi and installing your preferred language runtime, let’s create your Pulumi program.
$ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new typescript
$ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new python
# from within your $GOPATH
$ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new go
$ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new csharp
$ mkdir tls-self-signed-cert-quickstart && cd tls-self-signed-cert-quickstart
$ pulumi new yaml
The pulumi new command creates a new Pulumi project with some basic scaffolding based on the cloud and language specified.
If this is your first time running pulumi new or other pulumi commands, you may be prompted to log in to
Pulumi Cloud. The Pulumi CLI and Pulumi Cloud work in tandem to deliver a
reliable experience. It's free for individual use, with features available for teams, and
self-managed options are also available. Hitting Enter at the prompt opens a browser for you to sign in or sign up.
After logging in, the CLI will proceed with walking you through creating a new project.
First, you will be asked for a project name and description. Hit ENTER to accept the default values or specify new values.
Next, you will be asked for the name of a stack. Hit ENTER to accept the default value of dev.
What are projects and stacks? Pulumi projects and stacks let you organize Pulumi code. Consider a Pulumi project to be analogous to a GitHub repo—a single place for code—and a stack to be an instance of that code with a separate configuration. For instance, Project Foo may have multiple stacks for different development environments (Dev, Test, or Prod), or perhaps for different cloud configurations (geographic region for example). See Organizing Projects and Stacks for some best practices on organizing your Pulumi projects and stacks.
After some dependency installations from npm, your project and stack will be ready.
Install the Self Signed Certificate Package
Next you will need to install the Self Signed Certificate Package so you can use it in your program.
Yarn
$ yarn add @pulumi/tls-self-signed-cert
NPM
$ npm install @pulumi/tls-self-signed-cert
After the command completes, the project and stack will be ready.
Install the Self Signed Certificate Package
Next you will need to install the Self Signed Certificate Package so you can use it in your program.
$ pip3 install pulumi_tls_self_signed_cert
After the command completes, the project and stack will be ready.
Install the Self Signed Certificate Package
Next you will need to install the Self Signed Certificate Package so you can use it in your program.
$ go get -u github.com/pulumi/pulumi-tls-self-signed-cert/sdk
After the command completes, the project and stack will be ready.
Install the Self Signed Certificate Package
Next you will need to install the Self Signed Certificate Package so you can use it in your program.
$ dotnet add package Pulumi.TlsSelfSignedCert
Update Code
Now that you have all your dependencies installed and your project configured, you can now add the code that will provision your self signed certificate.
Replace your index.ts with the following:
import * as pulumi from "@pulumi/pulumi";
import * as tls_self_signed_cert from "@pulumi/tls-self-signed-cert";
const cert = new tls_self_signed_cert.SelfSignedCertificate("cert", {
dnsName: "cert.example.com",
validityPeriodHours: 807660,
localValidityPeriodHours: 17520,
subject: {
commonName: "example-cert",
organization: "example-cert LLC",
},
});
export const pem = cert.pem;
export const privateKey = cert.privateKey;
export const caCert = cert.caCert;
Replace your __main__.py with the following:
import pulumi
import pulumi_tls_self_signed_cert as tls_self_signed_cert
cert = tls_self_signed_cert.SelfSignedCertificate("cert",
dns_name="cert.example.com",
validity_period_hours=807660,
local_validity_period_hours=17520,
subject=%!v(PANIC=Format method: interface conversion: interface {} is json.RawMessage, not python.PackageInfo))
pulumi.export("pem", cert.pem)
pulumi.export("privateKey", cert.private_key)
pulumi.export("caCert", cert.ca_cert)
Replace your main.go with the following:
package main
import (
selfSignedCert "github.com/pulumi/pulumi-tls-self-signed-cert/sdk/go/tls-self-signed-cert"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cert, err := selfSignedCert.NewSelfSignedCertificate(ctx, "cert", &selfSignedCert.SelfSignedCertificateArgs{
DnsName: pulumi.String("cert.example.com"),
ValidityPeriodHours: pulumi.Int(807660),
LocalValidityPeriodHours: pulumi.Int(17520),
Subject: tls.SelfSignedCertSubjectArgs{
CommonName: pulumi.String("example-cert"),
Organization: pulumi.String("example-cert LLC"),
},
})
if err != nil {
return err
}
ctx.Export("pem", cert.Pem)
ctx.Export("privateKey", cert.PrivateKey)
ctx.Export("caCert", cert.CaCert)
})
}
Replace your Program.cs with the following:
using System.Collections.Generic;
using Pulumi;
using TlsSelfSignedCert = Pulumi.TlsSelfSignedCert;
return await Deployment.RunAsync(() =>
{
var cert = new TlsSelfSignedCert.SelfSignedCertificate("cert", new()
{
DnsName = "cert.example.com",
ValidityPeriodHours = 807660,
LocalValidityPeriodHours = 17520,
Subject = %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
});
return new Dictionary<string, object?>
{
["pem"] = cert.Pem,
["privateKey"] = cert.PrivateKey,
["caCert"] = cert.CaCert,
};
});
Replace your Pulumi.yaml with the following:
name: tls-self-signed-cert
runtime: yaml
resources:
cert:
type: "tls-self-signed-cert:index:SelfSignedCertificate"
properties:
dnsName: "cert.example.com"
validityPeriodHours: 807660
localValidityPeriodHours: 17520
subject:
commonName: "example-cert"
organization: "example-cert LLC"
outputs:
pem: ${cert.pem}
privateKey: ${cert.privateKey}
caCert: ${cert.caCert}
Deploy
Once you have updated your code you are ready to create your Self Signed Certificate. To do so, run the the following command:
$ pulumi up
First Pulumi will perform a preview showing you exactly what will be created. Once the preview is complete Pulumi will ask you if you want to continue.
Select yes to proceed to actually provisioning the service.
All the different resources need to create a self signed certificate will be created.
(Optional) Destroy
You can destroy all the resources by running pulumi destroy.