ALIYUN::CAS::SslCertificate

ALIYUN::CAS::SslCertificate类型用于创建SSL证书。

语法

{
  "Type": "ALIYUN::CAS::SslCertificate",
  "Properties": {
    "Domains": List,
    "CompanyName": String,
    "DomainType": String,
    "Email": String,
    "Csr": String,
    "Username": String,
    "ProductCode": String,
    "Phone": String,
    "CertType": String,
    "CertBrand": String,
    "ValidateType": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

CertBrand

String

SSL证书名称。

取值:

  • Rapid:GeoTrust DV型证书。

  • Globalsign:GlobalSign证书。

  • vTrus:vTrus证书。

  • Wosign:Wosign证书。

  • Digicert:Digicert证书。

  • Digicert pro:Digicert pro证书。

  • Geotrust:Geotrust证书。

  • CFCA:CFCA证书。

CertType

String

证书类型。

取值:

  • DV:DV证书。

  • OV:OV证书。

  • EV:EV证书。

CompanyName

String

证书申请公司的名称。

Csr

String

您使用OpenSSL或Keytool工具为域名手动生成的CSR文件的内容。

CSR文件的密钥类型必须是RSA、ECC算法,且RSA算法的密钥长度必须大于等于2048。关于CSR文件的制作方法,请参见管理CSR。如果不设置该参数,表示由SSL证书服务自动为您创建CSR。

CSR(Certificate Signing Request)是证书签名请求文件,包含了您的服务器信息和公司信息。申请证书时需要将您证书的CSR文件提交给CA认证中心审核,CA中心 CSR文件进行根证书私钥签名后,会生成证书公钥文件(即签发给您的SSL证书)。

Domains

List

绑定域名列表的证书。

最多支持指定5个域名。

DomainType

String

域名类型。

取值:

  • one:单域名。

  • multiple:多域名。

  • all:混合域名。

Email

String

申请联系人的邮箱地址。

Phone

String

申请联系人的手机号码。

ProductCode

String

要申请的证书规格。

取值:

  • digicert-free-1-free(默认):表示 3 个月个人测试证书(免费版)。仅中国站。

  • symantec-free-1-free:表示 12 个月的个人测试证书(pro)。仅中国站。

  • symantec-dv-1-starter:表示 DigiCert DV 通配符域名证书。

  • symantec-ov-1-personal:表示 DigiCert OV 单域名证书。

  • symantec-ov-w-personal:表示 DigiCert OV 通配符域名证书。

  • geotrust-dv-1-starter:表示 GeoTrust DV 单域名证书。

  • geotrust-dv-w-starter:表示 GeoTrust DV 通配符域名证书。

  • geotrust-ov-1-personal:表示 GeoTrust OV 单域名证书。

  • geotrust-ov-w-personal:表示 GeoTrust OV 通配符域名证书。

  • globalsign-dv-1-personal:表示 GlobalSign DV 单域名证书。

  • globalsign-dv-w-advanced:表示 GlobalSign DV 通配符域名证书。

  • globalsign-ov-1-personal:表示 GlobalSign OV 单域名证书。

  • globalsign-ov-w-advanced:表示 GlobalSign OV 通配符域名证书。

  • cfca-ov-1-personal:表示 CFCA OV 单域名证书(仅中国站)。

  • cfca-ev-w-advanced:表示 CFCA OV 通配符域名证书(仅中国站)。

Username

String

申请联系人的姓名。

ValidateType

String

域名所有权的验证方式。

取值:

  • DNS:DNS验证。通过在域名的DNS管理平台为域名添加一条TXT类型的DNS记录,验证域名的所有权。您需要域名解析的管理权限,才可以完成验证。

  • FILE:文件验证。通过在域名服务器上创建指定的文件,验证域名的所有权。您需要域名服务器的管理员权限,才可以完成验证。

返回值

Fn::GetAtt

  • CertificateId:证书ID。

  • OrderId:创建证书的订单ID。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Domains:
    AssociationPropertyMetadata:
      Parameter:
        Type: String
        Required: false
    AssociationProperty: List[Parameter]
    Type: Json
    Description:
      en: |-
        The domain to bind the certificate to. The specific requirements are as follows:
        - Supports single or wildcard domains (e.g., *.aliyundoc.com).
        - Multiple domains are supported. You can set up to 5 domains.
        - If you set more than one domain name, the multiple domains can only be single domain name or wildcard domain name, not both single domain name and wildcard domain name.
        **Note:** This is required when the certificate is bound to more than one hostname. This parameter is not allowed to be empty at the same time as the Csr parameter. If you set both this parameter and the Csr parameter, take the CN field value in the Csr as the domain name for the certificate to bind to.
    Required: false
    MinLength: 1
    MaxLength: 5
  DomainType:
    Type: String
    Description:
      en: |-
        Domain type. Valid values: one, all, multiple.
        **Note:** This parameter must be specified along with or without the CertType and CertBrand parameters.
    AllowedValues:
      - all
      - one
      - multiple
    Required: false
  CertType:
    Type: String
    Description:
      en: |-
        Certificate type. Valid values: DV, OV, EV.
        **Note:** This parameter must be specified along with or without the DomainType and CertBrand parameters.
    AllowedValues:
      - DV
      - OV
      - EV
    Required: false
  CertBrand:
    Type: String
    Description:
      en: |-
        Certificate brand. Valid values: Rapid, Globalsign, vTrus, Wosign, Digicert, Digicert pro, Geotrust, CFCA.
        **Note:** This parameter must be specified along with or without the CertType and DomainTyp parameters.
    AllowedValues:
      - Rapid
      - Globalsign
      - vTrus
      - Wosign
      - Digicert
      - Digicert pro
      - Geotrust
      - CFCA
    Required: false
Resources:
  SslCertificate:
    Type: ALIYUN::CAS::SslCertificate
    Properties:
      Domains:
        Ref: Domains
      DomainType:
        Ref: DomainType
      CertType:
        Ref: CertType
      CertBrand:
        Ref: CertBrand
Outputs:
  CertificateId:
    Description: The ID of the certificate issued to you.
    Value:
      Fn::GetAtt:
        - SslCertificate
        - CertificateId
  OrderId:
    Description: The ID of the certificate order.
    Value:
      Fn::GetAtt:
        - SslCertificate
        - OrderId

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Domains": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Required": false
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "The domain to bind the certificate to. The specific requirements are as follows:\n- Supports single or wildcard domains (e.g., *.aliyundoc.com).\n- Multiple domains are supported. You can set up to 5 domains.\n- If you set more than one domain name, the multiple domains can only be single domain name or wildcard domain name, not both single domain name and wildcard domain name.\n**Note:** This is required when the certificate is bound to more than one hostname. This parameter is not allowed to be empty at the same time as the Csr parameter. If you set both this parameter and the Csr parameter, take the CN field value in the Csr as the domain name for the certificate to bind to."
      },
      "Required": false,
      "MinLength": 1,
      "MaxLength": 5
    },
    "DomainType": {
      "Type": "String",
      "Description": {
        "en": "Domain type. Valid values: one, all, multiple.\n**Note:** This parameter must be specified along with or without the CertType and CertBrand parameters."
      },
      "AllowedValues": [
        "all",
        "one",
        "multiple"
      ],
      "Required": false
    },
    "CertType": {
      "Type": "String",
      "Description": {
        "en": "Certificate type. Valid values: DV, OV, EV.\n**Note:** This parameter must be specified along with or without the DomainType and CertBrand parameters."
      },
      "AllowedValues": [
        "DV",
        "OV",
        "EV"
      ],
      "Required": false
    },
    "CertBrand": {
      "Type": "String",
      "Description": {
        "en": "Certificate brand. Valid values: Rapid, Globalsign, vTrus, Wosign, Digicert, Digicert pro, Geotrust, CFCA.\n**Note:** This parameter must be specified along with or without the CertType and DomainTyp parameters."
      },
      "AllowedValues": [
        "Rapid",
        "Globalsign",
        "vTrus",
        "Wosign",
        "Digicert",
        "Digicert pro",
        "Geotrust",
        "CFCA"
      ],
      "Required": false
    }
  },
  "Resources": {
    "SslCertificate": {
      "Type": "ALIYUN::CAS::SslCertificate",
      "Properties": {
        "Domains": {
          "Ref": "Domains"
        },
        "DomainType": {
          "Ref": "DomainType"
        },
        "CertType": {
          "Ref": "CertType"
        },
        "CertBrand": {
          "Ref": "CertBrand"
        }
      }
    }
  },
  "Outputs": {
    "CertificateId": {
      "Description": "The ID of the certificate issued to you.",
      "Value": {
        "Fn::GetAtt": [
          "SslCertificate",
          "CertificateId"
        ]
      }
    },
    "OrderId": {
      "Description": "The ID of the certificate order.",
      "Value": {
        "Fn::GetAtt": [
          "SslCertificate",
          "OrderId"
        ]
      }
    }
  }
}