Updated on 2025-08-29 GMT+08:00

Creating a Certificate

Function

This API is used to add a certificate for an HTTPS, TLS, or QUIC listener. You can associate a certificate from Cloud Certificate Manager (CCM) or use your own certificate.

Calling Method

For details, see Calling APIs.

URI

POST /v3/{project_id}/elb/certificates

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition: Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Constraints: N/A

Range: The value can contain a maximum of 32 characters, including digits and lowercase letters.

Default value: N/A

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition: Specifies the token used for IAM authentication.

Constraints: N/A

Range: N/A

Default value: N/A

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

certificate

Yes

CreateCertificateOption object

Definition: Specifies the parameters for creating a certificate.

Constraints: N/A

Table 4 CreateCertificateOption

Parameter

Mandatory

Type

Description

admin_state_up

No

Boolean

Definition: Specifies the administrative status of the certificate. This parameter does not take effect whether it is set to true or false.

Constraints: N/A

Range:

  • true: The certificate is available.

  • false: The certificate is unavailable.

Default value: true

certificate

No

String

Definition: Specifies the certificate content.

It supports certificate chains with a maximum of 11 layers (including certificates and certificate chains).

Constraints: N/A

Range: The value must be PEM encoded, and can contain a maximum of 65536 characters.

Default value: N/A

description

No

String

Definition: Provides supplementary information about the certificate.

Constraints: N/A

Range: 0 to 255 characters.

Default value: N/A

domain

No

String

Definition: Specifies the domain names used by the server certificate.

Constraints: This parameter will take effect only when type is set to server. (For other types of certificates, this parameter can be specified but does not take effect.)

Range: The value can contain 0 to 10,000 characters and consists of multiple common domain names or wildcard domain names separated by commas. A maximum of 100 domain names are allowed.

  • A common domain name consists of several labels separated by periods (.). Each label can contain a maximum of 63 characters, including letters, digits, and hyphens (-), and must start and end with a letter or digit. Example: www.test.com.

  • A wildcard domain name is a domain name that starts with *. Example: *.test.com

Default value: N/A

name

No

String

Definition: Specifies the certificate name.

Constraints: N/A

Range: 0 to 255 characters.

Default value: N/A

private_key

No

String

Definition: Specifies the private key of the server certificate.

Constraints:

  • This parameter is valid and mandatory only when type is set to server or server_sm.

  • This parameter will be ignored if type is set to other values. The value must be PEM encoded and will not take effect.

Range: The value must be PEM encoded, and can contain a maximum of 8,192 characters.

Default value: N/A

project_id

No

String

Definition: Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Constraints: N/A

Range: The value can contain a maximum of 32 characters, including digits and lowercase letters.

Default value: N/A

NOTE:
This parameter is invalid. The project ID in the URL is used.

type

No

String

Definition: Specifies the certificate type.

Constraints: N/A

Range:

  • server: server certificates

  • client CA certificates

  • server_sm: server SM certificates

Default value: server

enterprise_project_id

No

String

Definition: Specifies the ID of the enterprise project. If no enterprise project ID is specified during resource creation, 0 is returned, indicating that the resource belongs to the default enterprise project.

Constraints: The enterprise project ID cannot be "", 0, or an enterprise project ID that does not exist.

Range: N/A

Default value: 0

source

No

String

Definition: Specifies the source of the certificate.

Constraints: none

Range:

  • scm: certificates from CCM

  • Empty: self-signed certificates

Default value: scm if scm_certificate_id is not empty. Otherwise, this parameter is left blank by default.

protection_status

No

String

Definition: Specifies the protection status.

Constraints: N/A

Range:

  • nonProtection: The resource is not protected.

  • consoleProtection: Modification is not allowed on the console.

Default value: nonProtection

protection_reason

No

String

Definition: Specifies why modification protection is enabled.

Constraints: This parameter is valid only when protection_status is set to consoleProtection.

Range: N/A

Default value: N/A

Response Parameters

Status code: 201

Table 5 Response body parameters

Parameter

Type

Description

request_id

String

Definition: Specifies the request ID.

Range: The value is automatically generated, and can contain characters including digits, lowercase letters, and hyphens (-).

certificate

CertificateInfo object

Definition: ELB certificate management object. The certificate is defined by the sub-parameter.

Table 6 CertificateInfo

Parameter

Type

Description

admin_state_up

Boolean

Definition: Specifies the administrative status of the certificate. This parameter does not take effect whether it is set to true or false.

Range:

  • true: The certificate is available.

  • false: The certificate is unavailable.

certificate

String

Definition: Specifies the certificate content.

It supports certificate chains with a maximum of 11 layers (including certificates and certificate chains).

Range: The value must be PEM encoded, and can contain a maximum of 65536 characters.

description

String

Definition: Provides supplementary information about the certificate.

Range: 0 to 255 characters.

domain

String

Definition: Specifies the domain names used by the server certificate.

Range: The value can contain 0 to 10,000 characters and consists of multiple common domain names or wildcard domain names separated by commas. A maximum of 100 domain names are allowed.

  • A common domain name consists of several labels separated by periods (.). Each label can contain a maximum of 63 characters, including letters, digits, and hyphens (-), and must start and end with a letter or digit. Example: www.test.com.

  • A wildcard domain name is a domain name that starts with *. Example: *.test.com

id

String

Definition: Specifies the certificate ID.

Range: The value consists of 32 digits and lowercase letters.

name

String

Definition: Specifies the certificate name.

Range: 0 to 255 characters.

private_key

String

Definition: Specifies the private key of the server certificate.

Range: The value must be PEM encoded, and can contain a maximum of 8,192 characters.

type

String

Definition: Specifies the certificate type.

Range:

  • server: server certificates

  • client CA certificates

  • server_sm: server SM certificates

created_at

String

Definition: Specifies the creation time.

Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.

updated_at

String

Definition: Specifies the update time.

Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.

expire_time

String

Definition: Specifies the time when the certificate expires.

Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.

project_id

String

Definition: Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Range: The value can contain a maximum of 32 characters, including digits and lowercase letters.

scm_certificate_id

String

Definition: Specifies the ID of the certificate managed on Cloud Certificate Manager (CCM).

Range: N/A

common_name

String

Definition: Specifies the primary domain name of the certificate.

Range: N/A

fingerprint

String

Definition: Specifies the fingerprint of the certificate.

Range: N/A

source

String

Definition: Specifies the source of the certificate.

Range:

  • scm: certificates from CCM

  • Empty: self-signed certificates

protection_status

String

Definition: Specifies the protection status.

Range:

  • nonProtection: The resource is not protected.

  • consoleProtection: Modification is not allowed on the console.

protection_reason

String

Definition: Specifies why modification protection is enabled.

Range: N/A

Example Requests

Creating a server certificate and specifying the private key used by the HTTPS listener

POST https://{ELB_Endpoint}/v3/{project_id}/elb/certificates

{
  "certificate" : {
    "name" : "My Certificate",
    "type" : "server",
    "private_key" : "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQVAbOLe5xNf4M\n253Wn9vhdUzojetjv4J+B7kYwsMhRcgdcJ8KCnX1nfzTvI2ksXlTQ2o9BkpStnPe\ntB4s32ZiJRMlk+61iUUMNsHwK2WBX57JT3JgmyVbH8GbmRY0+H3sH1i72luna7rM\nMD30gLh6QoP3cq7PGWcuZKV7hjd1tjCTQukwMvqV8Icq39buNpIgDOWzEP5AzqXt\nCOFYn6RTH5SRug4hKNN7sT1eYMslHu7wtEBDKVgrLjOCe/W2f8rLT1zEsoAW2Chl\nZAPYUBkl/0XuTWRg3CohPPcI+UtlRSfvLDeeQ460swjbwgS/RbJh3sIwlCRLU08k\nEo04Z9H/AgMBAAECggEAEIeaQqHCWZk/HyYN0Am/GJSGFa2tD60SXY2fUieh8/Hl\nfvCArftGgMaYWPSNCJRMXB7tPwpQu19esjz4Z/cR2Je4fTLPrffGUsHFgZjv5OQB\nZVe4a5Hj1OcgJYhwCqPs2d9i2wToYNBbcfgh8lSETq8YaXngBO6vES9LMhHkNKKr\nciu9YkInNEHu6uRJ5g/eGGX3KQynTvVIhnOVGAJvjTXcoU6fm7gYdHAD6jk9lc9M\nEGpfYI6AdHIwFZcT/RNAxhP82lg2gUJSgAu66FfDjMwQXKbafKdP3zq4Up8a7Ale\nkrguPtfV1vWklg+bUFhgGaiAEYTpAUN9t2DVIiijgQKBgQDnYMMsaF0r557CM1CT\nXUqgCZo8MKeV2jf2drlxRRwRl33SksQbzAQ/qrLdT7GP3sCGqvkxWY2FPdFYf8kx\nGcCeZPcIeZYCQAM41pjtsaM8tVbLWVR8UtGBuQoPSph7JNF3Tm/JH/fbwjpjP7dt\nJ7n8EzkRUNE6aIMHOFEeych/PQKBgQDmf1bMogx63rTcwQ0PEZ9Vt7mTgKYK4aLr\niWgTWHXPZxUQaYhpjXo6+lMI6DpExiDgBAkMzJGIvS7yQiYWU+wthAr9urbWYdGZ\nlS6VjoTkF6r7VZoILXX0fbuXh6lm8K8IQRfBpJff56p9phMwaBpDNDrfpHB5utBU\nxs40yIdp6wKBgQC69Cp/xUwTX7GdxQzEJctYiKnBHKcspAg38zJf3bGSXU/jR4eB\n1lVQhELGI9CbKSdzKM71GyEImix/T7FnJSHIWlho1qVo6AQyduNWnAQD15pr8KAd\nXGXAZZ1FQcb3KYa+2fflERmazdOTwjYZ0tGqZnXkEeMdSLkmqlCRigWhGQKBgDak\n/735uP20KKqhNehZpC2dJei7OiIgRhCS/dKASUXHSW4fptBnUxACYocdDxtY4Vha\nfI7FPMdvGl8ioYbvlHFh+X0Xs9r1S8yeWnHoXMb6eXWmYKMJrAoveLa+2cFm1Agf\n7nLhA4R4lqm9IpV6SKegDUkR4fxp9pPyodZPqBLLAoGBAJkD4wHW54Pwd4Ctfk9o\njHjWB7pQlUYpTZO9dm+4fpCMn9Okf43AE2yAOaAP94GdzdDJkxfciXKcsYr9IIuk\nfaoXgjKR7p1zERiWZuFF63SB4aiyX1H7IX0MwHDZQO38a5gZaOm/BUlGKMWXzuEd\n3fy+1rCUwzOp9LSjtJYf4ege\n-----END PRIVATE KEY-----",
    "certificate" : "-----BEGIN CERTIFICATE-----\nMIIC4TCCAcmgAwIBAgICEREwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMTXlD\nb21wYW55IENBMB4XDTE4MDcwMjEzMjU0N1oXDTQ1MTExNzEzMjU0N1owFDESMBAG\nA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n0FQGzi3ucTX+DNud1p/b4XVM6I3rY7+Cfge5GMLDIUXIHXCfCgp19Z3807yNpLF5\nU0NqPQZKUrZz3rQeLN9mYiUTJZPutYlFDDbB8CtlgV+eyU9yYJslWx/Bm5kWNPh9\n7B9Yu9pbp2u6zDA99IC4ekKD93KuzxlnLmSle4Y3dbYwk0LpMDL6lfCHKt/W7jaS\nIAzlsxD+QM6l7QjhWJ+kUx+UkboOISjTe7E9XmDLJR7u8LRAQylYKy4zgnv1tn/K\ny09cxLKAFtgoZWQD2FAZJf9F7k1kYNwqITz3CPlLZUUn7yw3nkOOtLMI28IEv0Wy\nYd7CMJQkS1NPJBKNOGfR/wIDAQABozowODAhBgNVHREEGjAYggpkb21haW4uY29t\nhwQKuUvJhwR/AAABMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUA\nA4IBAQA8lMQJxaTey7EjXtRLSVlEAMftAQPG6jijNQuvIBQYUDauDT4W2XUZ5wAn\njiOyQ83va672K1G9s8n6xlH+xwwdSNnozaKzC87vwSeZKIOdl9I5I98TGKI6OoDa\nezmzCwQYtHBMVQ4c7Ml8554Ft1mWSt4dMAK2rzNYjvPRLYlzp1HMnI6hkjPk4PCZ\nwKnha0dlScati9CCt3UzXSNJOSLalKdHErH08Iqd+1BchScxCfk0xNITn1HZZGmI\n+vbmunok3A2lucI14rnsrcbkGYqxGikySN6B2cRLBDK4Y3wChiW6NVYtVqcx5/mZ\niYsGDVN+9QBd0eYUHce+77s96i3I\n-----END CERTIFICATE-----"
  }
}

Example Responses

Status code: 201

Successful request.

{
  "certificate" : {
    "private_key" : "-----BEGIN PRIVATE KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQVAbOLe5xNf4M253Wn9vhdUzojetjv4J+B7kYwsMhRcgdcJ8KCnX1nfzTvI2ksXlTQ2o9BkpStnPetB4s32ZiJRMlk+61iUUMNsHwK2WBX57JT3JgmyVbH8GbmRY0+H3sH1i72luna7rMMD30gLh6QoP3cq7PGWcuZKV7hjd1tjCTQukwMvqV8Icq39buNpIgDOWzEP5AzqXtCOFYn6RTH5SRug4hKNN7sT1eYMslHu7wtEBDKVgrLjOCe/W2f8rLT1zEsoAW2ChlZAPYUBkl/0XuTWRg3CohPPcI+UtlRSfvLDeeQ460swjbwgS/RbJh3sIwlCRLU08kEo04Z9H/AgMBAAECggEAEIeaQqHCWZk/HyYN0Am/GJSGFa2tD60SXY2fUieh8/HlfvCArftGgMaYWPSNCJRMXB7tPwpQu19esjz4Z/cR2Je4fTLPrffGUsHFgZjv5OQBZVe4a5Hj1OcgJYhwCqPs2d9i2wToYNBbcfgh8lSETq8YaXngBO6vES9LMhHkNKKrciu9YkInNEHu6uRJ5g/eGGX3KQynTvVIhnOVGAJvjTXcoU6fm7gYdHAD6jk9lc9MEGpfYI6AdHIwFZcT/RNAxhP82lg2gUJSgAu66FfDjMwQXKbafKdP3zq4Up8a7AlekrguPtfV1vWklg+bUFhgGaiAEYTpAUN9t2DVIiijgQKBgQDnYMMsaF0r557CM1CTXUqgCZo8MKeV2jf2drlxRRwRl33SksQbzAQ/qrLdT7GP3sCGqvkxWY2FPdFYf8kxGcCeZPcIeZYCQAM41pjtsaM8tVbLWVR8UtGBuQoPSph7JNF3Tm/JH/fbwjpjP7dtJ7n8EzkRUNE6aIMHOFEeych/PQKBgQDmf1bMogx63rTcwQ0PEZ9Vt7mTgKYK4aLriWgTWHXPZxUQaYhpjXo6+lMI6DpExiDgBAkMzJGIvS7yQiYWU+wthAr9urbWYdGZlS6VjoTkF6r7VZoILXX0fbuXh6lm8K8IQRfBpJff56p9phMwaBpDNDrfpHB5utBUxs40yIdp6wKBgQC69Cp/xUwTX7GdxQzEJctYiKnBHKcspAg38zJf3bGSXU/jR4eB1lVQhELGI9CbKSdzKM71GyEImix/T7FnJSHIWlho1qVo6AQyduNWnAQD15pr8KAdXGXAZZ1FQcb3KYa+2fflERmazdOTwjYZ0tGqZnXkEeMdSLkmqlCRigWhGQKBgDak/735uP20KKqhNehZpC2dJei7OiIgRhCS/dKASUXHSW4fptBnUxACYocdDxtY4VhafI7FPMdvGl8ioYbvlHFh+X0Xs9r1S8yeWnHoXMb6eXWmYKMJrAoveLa+2cFm1Agf7nLhA4R4lqm9IpV6SKegDUkR4fxp9pPyodZPqBLLAoGBAJkD4wHW54Pwd4Ctfk9ojHjWB7pQlUYpTZO9dm+4fpCMn9Okf43AE2yAOaAP94GdzdDJkxfciXKcsYr9IIukfaoXgjKR7p1zERiWZuFF63SB4aiyX1H7IX0MwHDZQO38a5gZaOm/BUlGKMWXzuEd3fy+1rCUwzOp9LSjtJYf4ege-----END PRIVATE KEY-----",
    "description" : "",
    "domain" : null,
    "created_at" : "2019-03-31T22:23:51Z",
    "expire_time" : "2045-11-17T13:25:47Z",
    "id" : "233a325e5e3e4ce8beeb320aa714cc12",
    "name" : "My Certificate",
    "certificate" : "-----BEGIN CERTIFICATE-----MIIC4TCCAcmgAwIBAgICEREwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMTXlDb21wYW55IENBMB4XDTE4MDcwMjEzMjU0N1oXDTQ1MTExNzEzMjU0N1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FQGzi3ucTX+DNud1p/b4XVM6I3rY7+Cfge5GMLDIUXIHXCfCgp19Z3807yNpLF5U0NqPQZKUrZz3rQeLN9mYiUTJZPutYlFDDbB8CtlgV+eyU9yYJslWx/Bm5kWNPh97B9Yu9pbp2u6zDA99IC4ekKD93KuzxlnLmSle4Y3dbYwk0LpMDL6lfCHKt/W7jaSIAzlsxD+QM6l7QjhWJ+kUx+UkboOISjTe7E9XmDLJR7u8LRAQylYKy4zgnv1tn/Ky09cxLKAFtgoZWQD2FAZJf9F7k1kYNwqITz3CPlLZUUn7yw3nkOOtLMI28IEv0WyYd7CMJQkS1NPJBKNOGfR/wIDAQABozowODAhBgNVHREEGjAYggpkb21haW4uY29thwQKuUvJhwR/AAABMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQA8lMQJxaTey7EjXtRLSVlEAMftAQPG6jijNQuvIBQYUDauDT4W2XUZ5wAnjiOyQ83va672K1G9s8n6xlH+xwwdSNnozaKzC87vwSeZKIOdl9I5I98TGKI6OoDaezmzCwQYtHBMVQ4c7Ml8554Ft1mWSt4dMAK2rzNYjvPRLYlzp1HMnI6hkjPk4PCZwKnha0dlScati9CCt3UzXSNJOSLalKdHErH08Iqd+1BchScxCfk0xNITn1HZZGmI+vbmunok3A2lucI14rnsrcbkGYqxGikySN6B2cRLBDK4Y3wChiW6NVYtVqcx5/mZiYsGDVN+9QBd0eYUHce+77s96i3I-----END CERTIFICATE-----",
    "admin_state_up" : true,
    "project_id" : "99a3fff0d03c428eac3678da6a7d0f24",
    "updated_at" : "2019-03-31T23:26:49Z",
    "type" : "server",
    "common_name" : "www.example.com",
    "fingerprint" : "869df7fcb441c2ef3fb9329437815972eeb1ef0e",
    "subject_alternative_names" : [ "www.example.com" ]
  },
  "request_id" : "98414965-856c-4be3-8a33-3e08432a222e"
}

Status Codes

Status Code

Description

201

Successful request.

Error Codes

See Error Codes.