terraform-provider-google/website/docs/r/compute_ssl_certificate.html.markdown

---
layout: "google"
page_title: "Google: google_compute_ssl_certificate"
sidebar_current: "docs-google-compute-ssl-certificate"
description: |-
  Creates an SSL certificate resource necessary for HTTPS load balancing in GCE.
---

# google\_compute\_ssl\_certificate

Creates an SSL certificate resource necessary for HTTPS load balancing in GCE.
For more information see
[the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/ssl-certificates) and
[API](https://cloud.google.com/compute/docs/reference/latest/sslCertificates).


## Example Usage

```hcl
resource "google_compute_ssl_certificate" "default" {
  name_prefix = "my-certificate-"
  description = "a description"
  private_key = "${file("path/to/private.key")}"
  certificate = "${file("path/to/certificate.crt")}"

  lifecycle {
    create_before_destroy = true
  }
}

# You may also want to control name generation explicitly:

resource "random_id" "certificate" {
  byte_length = 4
  prefix      = "my-certificate-"

  # For security, do not expose raw certificate values in the output
  keepers {
    private_key = "${base64sha256(file("path/to/private.key"))}"
    certificate = "${base64sha256(file("path/to/certificate.crt"))}"
  }
}

resource "google_compute_ssl_certificate" "default" {
  # The name will contain 8 random hex digits,
  # e.g. "my-certificate-48ab27cd2a"
  name        = "${random_id.certificate.hex}"
  private_key = "${file("path/to/private.key")}"
  certificate = "${file("path/to/certificate.crt")}"

  lifecycle {
    create_before_destroy = true
  }
}
```

## Using with Target HTTPS Proxies

SSL certificates cannot be updated after creation. In order to apply the
specified configuration, Terraform will destroy the existing resource
and create a replacement. To effectively use an SSL certificate resource
with a [Target HTTPS Proxy resource][1], it's recommended to specify
`create_before_destroy` in a [lifecycle][2] block. Either omit the
Instance Template `name` attribute, specify a partial name with
`name_prefix`, or use [random_id][3] resource.  Example:

```hcl
resource "google_compute_ssl_certificate" "default" {
  name_prefix = "my-certificate-"
  description = "a description"
  private_key = "${file("path/to/private.key")}"
  certificate = "${file("path/to/certificate.crt")}"

  lifecycle {
    create_before_destroy = true
  }
}

resource "google_compute_target_https_proxy" "my_proxy" {
  name             = "public-proxy"
  url_map          = # ...
  ssl_certificates = ["${google_compute_ssl_certificate.default.self_link}"]
}
```

## Argument Reference

The following arguments are supported:

* `certificate` - (Required) A local certificate file in PEM format. The chain
    may be at most 5 certs long, and must include at least one intermediate
    cert. Changing this forces a new resource to be created.

* `private_key` - (Required) Write only private key in PEM format.
    Changing this forces a new resource to be created.

- - -

* `name` - (Optional) A unique name for the SSL certificate. If you leave
  this blank, Terraform will auto-generate a unique name.

* `name_prefix` - (Optional) Creates a unique name beginning with the specified
  prefix. Conflicts with `name`.

* `description` - (Optional) An optional description of this resource.
    Changing this forces a new resource to be created.

* `project` - (Optional) The ID of the project in which the resource belongs. If it
    is not provided, the provider project is used.

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are
exported:

* `certificate_id` - A unique ID for the certificate, assigned by GCE.

* `self_link` - The URI of the created resource.

[1]: /docs/providers/google/r/compute_target_https_proxy.html
[2]: /docs/configuration/resources.html#lifecycle
[3]: /docs/providers/random/r/id.html

## Import

SSL certificate can be imported using the `name`, e.g.

```
$ terraform import google_compute_ssl_certificate.default my-certificate
```
provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00			`---`
			`layout: "google"`
			`page_title: "Google: google_compute_ssl_certificate"`
			`sidebar_current: "docs-google-compute-ssl-certificate"`
			`description: \|-`
			`Creates an SSL certificate resource necessary for HTTPS load balancing in GCE.`
			`---`

			`# google\_compute\_ssl\_certificate`

docs/google: Update links, fix syntax errors and remove whitespaces 2016-03-31 10:37:17 +00:00			`Creates an SSL certificate resource necessary for HTTPS load balancing in GCE.`
provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00			`For more information see`
			`[the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/ssl-certificates) and`
			`[API](https://cloud.google.com/compute/docs/reference/latest/sslCertificates).`


			`## Example Usage`

Massively add HCL source tag in docs Markdown files Signed-off-by: Max Riveiro <kavu13@gmail.com> 2017-04-17 10:17:54 +00:00			```hcl
provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00			`resource "google_compute_ssl_certificate" "default" {`
Add support for name_prefix to google_compute_ssl_certificate 2016-12-12 23:57:58 +00:00			`name_prefix = "my-certificate-"`
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`description = "a description"`
			`private_key = "${file("path/to/private.key")}"`
			`certificate = "${file("path/to/certificate.crt")}"`
Update compute_ssl_certificate.html.markdown It was very confusing for `name_prefix` to be deprecated and undeprecated later. Adding an example of using random_id in addition to name_prefix 2018-07-04 20:43:23 +00:00
			`lifecycle {`
			`create_before_destroy = true`
			`}`
			`}`

			`# You may also want to control name generation explicitly:`

			`resource "random_id" "certificate" {`
			`byte_length = 4`
			`prefix = "my-certificate-"`
fix random keepers 2018-07-07 02:48:21 +00:00
			`# For security, do not expose raw certificate values in the output`
			`keepers {`
			`private_key = "${base64sha256(file("path/to/private.key"))}"`
			`certificate = "${base64sha256(file("path/to/certificate.crt"))}"`
			`}`
Update compute_ssl_certificate.html.markdown It was very confusing for `name_prefix` to be deprecated and undeprecated later. Adding an example of using random_id in addition to name_prefix 2018-07-04 20:43:23 +00:00			`}`

			`resource "google_compute_ssl_certificate" "default" {`
			`# The name will contain 8 random hex digits,`
			`# e.g. "my-certificate-48ab27cd2a"`
			`name = "${random_id.certificate.hex}"`
			`private_key = "${file("path/to/private.key")}"`
			`certificate = "${file("path/to/certificate.crt")}"`

			`lifecycle {`
			`create_before_destroy = true`
			`}`
provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00			`}`
			```

Update google_compute_ssl_certificate docs to reference lifecycle (#258) 2017-07-28 17:45:32 +00:00			`## Using with Target HTTPS Proxies`

			`SSL certificates cannot be updated after creation. In order to apply the`
			`specified configuration, Terraform will destroy the existing resource`
			`and create a replacement. To effectively use an SSL certificate resource`
			`with a [Target HTTPS Proxy resource][1], it's recommended to specify`
			`create_before_destroy` in a [lifecycle][2] block. Either omit the
Update compute_ssl_certificate.html.markdown It was very confusing for `name_prefix` to be deprecated and undeprecated later. Adding an example of using random_id in addition to name_prefix 2018-07-04 20:43:23 +00:00			Instance Template `name` attribute, specify a partial name with
			`name_prefix`, or use [random_id][3] resource. Example:
Update google_compute_ssl_certificate docs to reference lifecycle (#258) 2017-07-28 17:45:32 +00:00
			```hcl
			`resource "google_compute_ssl_certificate" "default" {`
			`name_prefix = "my-certificate-"`
			`description = "a description"`
			`private_key = "${file("path/to/private.key")}"`
			`certificate = "${file("path/to/certificate.crt")}"`

			`lifecycle {`
			`create_before_destroy = true`
			`}`
			`}`

			`resource "google_compute_target_https_proxy" "my_proxy" {`
			`name = "public-proxy"`
			`url_map = # ...`
			`ssl_certificates = ["${google_compute_ssl_certificate.default.self_link}"]`
			`}`
			```

provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00			`## Argument Reference`

			`The following arguments are supported:`

Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			* `certificate` - (Required) A local certificate file in PEM format. The chain
			`may be at most 5 certs long, and must include at least one intermediate`
			`cert. Changing this forces a new resource to be created.`

provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00			* `private_key` - (Required) Write only private key in PEM format.
			`Changing this forces a new resource to be created.`
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00
			`- - -`

Add support for name_prefix to google_compute_ssl_certificate 2016-12-12 23:57:58 +00:00			* `name` - (Optional) A unique name for the SSL certificate. If you leave
			`this blank, Terraform will auto-generate a unique name.`

Undeprecate name_prefix for ssl_certificate. As discussed in #1326, we're not going to remove name_prefix for compute_ssl_certificate, because it makes the common use case more ergonomic by a good amount, and the only cost is it's harder to maintain the autogenerated code, and we've decided the benefits outweigh the costs in this circumstance. 2018-06-08 01:29:45 +00:00			* `name_prefix` - (Optional) Creates a unique name beginning with the specified
Add support for name_prefix to google_compute_ssl_certificate 2016-12-12 23:57:58 +00:00			prefix. Conflicts with `name`.

Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			* `description` - (Optional) An optional description of this resource.
provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00			`Changing this forces a new resource to be created.`

make it clear that the attribute represents the project id (#672) 2018-03-12 20:59:47 +00:00			* `project` - (Optional) The ID of the project in which the resource belongs. If it
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`is not provided, the provider project is used.`

provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00			`## Attributes Reference`

Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`In addition to the arguments listed above, the following computed attributes are`
			`exported:`

Rename instead of removing. Rename all ID fields to {resource_noun}_id instead of removing them outright. This means people can still get at the info. Leave project's id deleted. It has been marked as Removed for months. I'm fine with cleaning it up before 1.0.0. Also, update website docs. 2017-09-25 14:23:46 +00:00			* `certificate_id` - A unique ID for the certificate, assigned by GCE.
provider/google: SSL Certificates resource + tests & documentation 2015-11-02 15:15:19 +00:00
			* `self_link` - The URI of the created resource.
Update google_compute_ssl_certificate docs to reference lifecycle (#258) 2017-07-28 17:45:32 +00:00
			`[1]: /docs/providers/google/r/compute_target_https_proxy.html`
Rename instead of removing. Rename all ID fields to {resource_noun}_id instead of removing them outright. This means people can still get at the info. Leave project's id deleted. It has been marked as Removed for months. I'm fine with cleaning it up before 1.0.0. Also, update website docs. 2017-09-25 14:23:46 +00:00			`[2]: /docs/configuration/resources.html#lifecycle`
Update compute_ssl_certificate.html.markdown It was very confusing for `name_prefix` to be deprecated and undeprecated later. Adding an example of using random_id in addition to name_prefix 2018-07-04 20:43:23 +00:00			`[3]: /docs/providers/random/r/id.html`
Add import support for ssl certificate, http/s proxy and url map (#678) 2017-11-09 18:16:57 +00:00
			`## Import`

			SSL certificate can be imported using the `name`, e.g.

			```
Correct google_compute_ssl_certificate import example (#1970) 2018-09-05 22:34:47 +00:00			`$ terraform import google_compute_ssl_certificate.default my-certificate`
Add import support for ssl certificate, http/s proxy and url map (#678) 2017-11-09 18:16:57 +00:00			```