No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

yes! you can create certificates using the tls provider
<https://www.pulumi.com/registry/packages/tls/api-docs/certrequest/>

For now I've create a private key, created a SelfSignedCertificate with isCaCertificate=true and some allowed uses, I'm a bit confused now, how do I create a server and client certificate based on the CA ?

yep, you need to sign your key with the CA's private key, so you'd use a generate a new private key, and sign it using `CertRequest` and then use `LocalSignedCert`

what language are you using? I can try throw together an example

but I can read any :slightly_smiling_face:

<@U02JM7AE77C> here you go:
<https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/misc/self_signed_cert/index.ts>

why do you set the private key as the parent of the CA ? isn't that only for components ?

<@U02JM7AE77C> no, it's also for the UI rendering too