{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "#/components/schemas/Certificate", "title": "Certificate", "x-speakeasy-entity": "Certificate", "description": "A certificate object represents a public certificate, and can be optionally paired with the corresponding private key. These objects are used by Kong to handle SSL/TLS termination for encrypted requests, or for use as a trusted CA store when validating peer certificate of client/service. Certificates are optionally associated with SNI objects to tie a cert/key pair to one or more hostnames. If intermediate certificates are required in addition to the main certificate, they should be concatenated together into one string according to the following order: main certificate on the top, followed by any intermediates.", "type": "object", "properties": { "cert": { "description": "PEM-encoded public certificate chain of the SSL key pair. This field is _referenceable_, which means it can be securely stored as a [secret](/gateway/latest/plan-and-deploy/security/secrets-management/getting-started) in a vault. References must follow a [specific format](/gateway/latest/plan-and-deploy/security/secrets-management/reference-format).", "type": "string", "x-referenceable": true }, "cert_alt": { "description": "PEM-encoded public certificate chain of the alternate SSL key pair. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. This field is _referenceable_, which means it can be securely stored as a [secret](/gateway/latest/plan-and-deploy/security/secrets-management/getting-started) in a vault. References must follow a [specific format](/gateway/latest/plan-and-deploy/security/secrets-management/reference-format).", "type": "string", "nullable": true, "x-referenceable": true }, "created_at": { "description": "Unix epoch when the resource was created.", "type": "integer", "nullable": true }, "id": { "description": "A string representing a UUID (universally unique identifier).", "type": "string", "nullable": true }, "key": { "description": "PEM-encoded private key of the SSL key pair. This field is _referenceable_, which means it can be securely stored as a [secret](/gateway/latest/plan-and-deploy/security/secrets-management/getting-started) in a vault. References must follow a [specific format](/gateway/latest/plan-and-deploy/security/secrets-management/reference-format).", "type": "string", "x-encrypted": true, "x-referenceable": true }, "key_alt": { "description": "PEM-encoded private key of the alternate SSL key pair. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. This field is _referenceable_, which means it can be securely stored as a [secret](/gateway/latest/plan-and-deploy/security/secrets-management/getting-started) in a vault. References must follow a [specific format](/gateway/latest/plan-and-deploy/security/secrets-management/reference-format).", "type": "string", "nullable": true, "x-encrypted": true, "x-referenceable": true }, "snis": { "type": "array", "items": { "description": "A string representing a wildcard host name, such as *.example.com.", "type": "string" }, "nullable": true }, "tags": { "description": "An optional set of strings associated with the Certificate for grouping and filtering.", "type": "array", "items": { "description": "A string representing a tag.", "type": "string" }, "nullable": true }, "updated_at": { "description": "Unix epoch when the resource was last updated.", "type": "integer", "nullable": true } }, "example": { "cert": "-----BEGIN CERTIFICATE-----\ncertificate-content\n-----END CERTIFICATE-----", "id": "b2f34145-0343-41a4-9602-4c69dec2f269", "key": "-----BEGIN PRIVATE KEY-----\nprivate-key-content\n-----END PRIVATE KEY-----" }, "additionalProperties": false, "required": [ "cert", "key" ] }