Querying the CA List

Function

This API is used to query the CA list.

URI

GET /v1/private-certificate-authorities

**Table 1** Query Parameters
Parameter	Mandatory	Type	Description
limit	No	Integer	The number of returned records. The default value is 10. Minimum: 0 Maximum: 1000
name	No	String	The CA certificate name (CN) filter. This parameter is used to obtain the set of CA certificates whose names contain a specific value. Minimum: 1 Maximum: 64
offset	No	Integer	Index position. The query starts from the next data record indexed by this parameter. The default value is 0. Minimum: 0
status	No	String	The CA certificate status. You can search CA certificates by status. PENDING: The CA certificate is to be activated. A CA certificate in this status cannot issue certificates. ACTIVED: The CA certificate is activated. A CA certificate in this status can issue certificates. DISABLED: The CA certificate is disabled. A CA certificate in this status cannot issue certificates. DELETED: The CA certificate is to be deleted as scheduled. A CA certificate in this status cannot issue certificates. EXPIRED: The CA certificate has expired. A CA certificate in this status cannot issue certificates.
type	No	String	CA certificate types: ROOT: a root CA certificate SUBORDINATE: a subordinate CA certificate
sort_key	No	String	Sorting attribute. The following attributes are available now: create_time: Time the certificate was created (default) common_name: The certificate name ca_type: The CA certificate type not_after: The certificate expiration time
sort_dir	No	String	Sorting direction. The options are as follows: DESC: descending order (default) ASC: ascending order

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. The token can be obtained by calling the token API of IAM. The value of X-Auth-Token in the response header is the user token.

Response Parameters

Status code: 200

**Table 3** Response body parameters
Parameter	Type	Description
total	Integer	Total number of CA certificates
certificate_authorities	Array of CertificateAuthorities objects	The CA list. For details, see data structure for the CertificateAuthorities field.

**Table 4** CertificateAuthorities
Parameter	Type	Description
ca_id	String	ID of the CA certificate Minimum: 36 Maximum: 36
type	String	The CA type can be: ROOT: a root CA SUBORDINATE: a subordinate CA
status	String	CA certificate status: PENDING: The CA certificate is to be activated. A CA certificate in this status cannot issue certificates. ACTIVED: The CA certificate is activated. A CA certificate in this status can issue certificates. DISABLED: The CA certificate is disabled. A CA certificate in this status cannot issue certificates. DELETED: The CA certificate is to be deleted as scheduled. A CA certificate in this status cannot issue certificates. EXPIRED: The CA certificate has expired. A CA certificate in this status cannot issue certificates.
path_length	Integer	CA path length. NOTE: Note: The path length of the generated root CA certificate is not limited, but this field is set to 7 in the database. The path length of a subordinate CA is specified by you when you create the subordinate CA. The default value is 0. Minimum: 0 Maximum: 6
issuer_id	String	The ID of the CA certificate that issues the certificate. For a root CA, the value of this parameter is null. Minimum: 36 Maximum: 36
issuer_name	String	The name of the parent CA certificate. For a root CA, the value of this parameter is null. Minimum: 1 Maximum: 64
key_algorithm	String	Key algorithm
signature_algorithm	String	Signature hash algorithm
freeze_flag	Integer	Freezing tag: 0: The certificate is not frozen. Other values: The certificate is frozen (The type of value is reserved).
gen_mode	String	Certificate generation method. GENERATE: The certificate is generated through the PCA system. IMPORT: The certificate is imported externally. CSR: The CSR is imported externally and issued by the internal CA. The private key is not managed in PCA.
serial_number	String	Serial number of the certificate Minimum: 1 Maximum: 64
create_time	Long	Time the certificate was created. The value is a timestamp in milliseconds.
delete_time	Long	Time the certificate was deleted. The value is a timestamp in milliseconds.
not_before	Long	Time the certificate was created. The value is a timestamp in milliseconds.
not_after	Long	Time the certificate expires. The value is a timestamp in milliseconds.
distinguished_name	DistinguishedName object	Certificate name. For details, see data structure for the DistinguishedName field.
crl_configuration	ListCrlConfiguration object	Certificate CRL. For details, see data structure for the ListCrlConfiguration field.

**Table 5** DistinguishedName
Parameter	Type	Description
common_name	String	Common certificate name (CN). Minimum: 1 Maximum: 64
country	String	Country code, which must comply with the regular expression "[A-Za-z]{2}". Minimum: 2 Maximum: 2
state	String	State or city name. Minimum: 1 Maximum: 128
locality	String	Country/Region. Minimum: 1 Maximum: 128
organization	String	Organization name. Minimum: 1 Maximum: 64
organizational_unit	String	Organization Unit (OU). Minimum: 1 Maximum: 64

**Table 6** ListCrlConfiguration
Parameter	Type	Description
enabled	Boolean	Whether to enable the gray release for the CRL. true false
crl_name	String	Name of the CRL. NOTE: If you do not specify this parameter, the system uses the ID of the parent CA that issues the current certificate by default.
obs_bucket_name	String	OBS bucket name.
valid_days	Integer	CRL update interval, in days. This parameter is mandatory when the CRL release function is enabled. Minimum: 7 Maximum: 30
crl_dis_point	String	The address of the CRL file in the OBS bucket. NOTE: This parameter is composed of crl_name, obs_bucket_name, and OBS address.

Status code: 400

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code Minimum: 3 Maximum: 36
error_msg	String	Error message Minimum: 0 Maximum: 1024

Status code: 401

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code Minimum: 3 Maximum: 36
error_msg	String	Error message Minimum: 0 Maximum: 1024

Status code: 403

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code Minimum: 3 Maximum: 36
error_msg	String	Error message Minimum: 0 Maximum: 1024

Status code: 404

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error code Minimum: 3 Maximum: 36
error_msg	String	Error message Minimum: 0 Maximum: 1024

Status code: 500

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code Minimum: 3 Maximum: 36
error_msg	String	Error message Minimum: 0 Maximum: 1024

Example Requests

When you use this API to query the CA certificate list, a token is required in the X-Auth-Token field in the request header. The token must have the permission to access the API.

GET https://ccm.ae-ad-1.myhuaweicloud.com/v1/private-certificate-authorities

Example Responses

Status code: 200

Request succeeded.

{
  "total" : 2,
  "certificate_authorities" : [ {
    "signature_algorithm" : "SHA384",
    "issuer_id" : null,
    "issuer_name" : null,
    "not_after" : 1678159435000,
    "not_before" : 1646623375000,
    "status" : "ACTIVED",
    "freeze_flag" : 0,
    "gen_mode" : "GENERATE",
    "serial_number" : "202203070322544291829058",
    "distinguished_name" : {
      "country" : "your country abbreviation",
      "state" : "your state",
      "locality" : "your locality",
      "organization" : "your organization",
      "organizational_unit" : "your unit",
      "common_name" : "your CN"
    },
    "key_algorithm" : "EC384",
    "create_time" : 1646623375000,
    "delete_time" : null,
    "ca_id" : "a6bbf0be-79f3-4f66-858a-0fdcb96dfcbe",
    "type" : "ROOT",
    "path_length" : 7,
    "crl_configuration" : {
      "enabled" : false,
      "obs_bucket_name" : null,
      "valid_days" : null,
      "crl_name" : null,
      "crl_dis_point" : null
    }
  }, {
    "signature_algorithm" : "SHA256",
    "issuer_id" : null,
    "issuer_name" : null,
    "not_after" : 1727492412000,
    "not_before" : 1632797952000,
    "status" : "ACTIVED",
    "freeze_flag" : 0,
    "gen_mode" : "GENERATE",
    "serial_number" : "202109280259122080649087",
    "distinguished_name" : {
      "country" : "your country abbreviation",
      "state" : "your state",
      "locality" : "your locality",
      "organization" : "your organization",
      "organizational_unit" : "your unit",
      "common_name" : "your CN"
    },
    "key_algorithm" : "RSA2048",
    "create_time" : 1632797953000,
    "delete_time" : null,
    "ca_id" : "fb7bd6a6-6a11-4a58-8710-a3c0a620aedc",
    "type" : "ROOT",
    "path_length" : 7,
    "crl_configuration" : {
      "enabled" : false,
      "obs_bucket_name" : null,
      "valid_days" : null,
      "crl_name" : null,
      "crl_dis_point" : null
    }
  } ]
}

Status code: 400

Invalid request parameters.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status code: 401

Token required for the requested page.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status code: 403

Authentication failed.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status code: 404

No resources available or found.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status code: 500

Internal service error.

{
  "error_code" : "PCA.XXX",
  "error_msg" : "XXX"
}

Status Codes

Status Code	Description
200	Request succeeded.
400	Invalid request parameters.
401	Token required for the requested page.
403	Authentication failed.
404	No resources available or found.
500	Internal service error.