Help Center/ ROMA Connect/ API Reference/ Service Integration APIs/ SSL Certificate Management/ Create an SSL certificate.

Updated on 2025-07-18 GMT+08:00

Create an SSL certificate.

Function

Creating an SSL Certificate

URI

POST /v2/{project_id}/apic/certificates

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	Yes	String	Certificate name. It can contain 4 to 50 characters, starting with a letter. Only letters, digits, and underscores (_) are allowed. NOTE: Chinese characters must be in UTF-8 or Unicode format.
cert_content	Yes	String	Certificate content.
private_key	Yes	String	Private key.
type	No	String	Certificate scope: instance global The certificate scope cannot be changed.
instance_id	No	String	Instance ID. Mandatory when type is set to instance.
trusted_root_ca	No	String	Trusted root certificate (CA).
algorithm_type	No	String	Certificate algorithm type: RSA ECC SM2
cert_content_sign	No	String	Signature certificate content. This parameter is mandatory only when algorithm_type is set to SM2.
private_key_sign	No	String	Signature private key content. This parameter is mandatory only when algorithm_type is set to SM2.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
id	String	Certificate ID.
name	String	Certificate name.
type	String	Certificate type. Options: global: all certificates instance: certificates of the current instance
instance_id	String	Instance ID. type set to global: The default value is common. type set to instance: The default value is the instance ID.
project_id	String	Project ID.
common_name	String	Domain name.
san	Array of strings	SAN.
not_after	String	Validity period end time.
signature_algorithm	String	Signature algorithm.
create_time	String	Creation time.
update_time	String	Update time.
algorithm_type	String	Certificate algorithm type: RSA ECC SM2
is_has_trusted_root_ca	Boolean	Whether a trusted root certificate (CA) exists. The value is true if trusted_root_ca exists in the bound certificate.
version	Integer	Version.
organization	Array of strings	Company/Organization.
organizational_unit	Array of strings	Department.
locality	Array of strings	City.
state	Array of strings	State/Province.
country	Array of strings	Country.
not_before	String	Validity period start time.
serial_number	String	Serial number.
issuer	Array of strings	Issuer.

Status code: 400

**Table 5** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 401

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 403

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 404

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Status code: 500

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Example Requests

Create an SSL certificate with type as instance.

{
  "name" : "cert_demo",
  "private_key" : "'-----BEGIN PRIVATE KEY-----THIS IS YOUR PRIVATE KEY-----END PRIVATE KEY-----'",
  "cert_content" : "'-----BEGIN CERTIFICATE-----THIS IS YOUR CERT CONTENT-----END CERTIFICATE-----'",
  "type" : "instance",
  "instance_id" : "f0fa1789-3b76-433b-a787-9892951c620e"
}

Example Responses

Status code: 200

{
  "id" : "a27be832f2e9441c8127fe48e3b5ac67",
  "name" : "cert_demo",
  "common_name" : "apigtest.xxx.com",
  "san" : [ "apigtest.xxx.com", "*.san.com" ],
  "version" : 3,
  "organization" : [ "company" ],
  "organizational_unit" : [ "IT" ],
  "locality" : [ "city" ],
  "state" : [ "state" ],
  "country" : [ "Country" ],
  "not_before" : "2019-06-01T00:00:00Z",
  "not_after" : "2031-08-16T06:36:13Z",
  "serial_number" : "13010",
  "issuer" : [ "SSL Inc" ],
  "signature_algorithm" : "SHA256-RSA",
  "create_time" : "2021-08-20T02:03:53Z",
  "update_time" : "2021-08-20T02:03:53Z",
  "algorithm_type" : "RSA"
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.3325",
  "error_msg" : "The API quota name already exists"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3030",
  "error_msg" : "The instance does not exist;id:f0fa1789-3b76-433b-a787-9892951c620ec"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code	Description
200	OK
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error

Error Codes

See Error Codes.

Parent topic: SSL Certificate Management

Previous topic: Obtaining SSL Certificates

Next topic: Binding a Domain Name to an SSL Certificate

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.