Option to specify desired validity when requesting a certificate

Question

Option to specify desired validity when requesting a certificate

Closed this issue 4 years ago · 0 comments

BUSINESS PROBLEM
Certificate validity periods are growing increasingly shorter as automation improves and better security practices are realized. Many CAs now allow a specific expiration date to be indicated when requesting a certificate. Having that option in the Venafi Terraform Provider will make it even more valuable.

PROPOSED SOLUTION
Add valid_days and issuer_hint parameters to the venafi_resource to allow the certificate to be requested for a specific validity period. valid_days should be a positive integer and issuer_hint should be optional, apply only to TPP, and accept values of "DigiCert", "Entrust" or "Microsoft" where only the first character (case-insensitive) is significant (e.g. "d", "e", or "m" would achieve the same result).

CURRENT ALTERNATIVES
Invoke the TPP or Venafi Cloud REST APIs for requesting certificates directly leveraging the generic http provider of Terraform, or use the VCert CLI with the --valid-days parameter to request the certificate and then provision the certificate, private key, and chain using Terraform.