Uploading Certificates for a VPN Gateway

Function

This API is used to upload certificates and private keys for a VPN gateway of the GM specification.

Calling Method

For details, see Calling APIs.

URI

POST /v5/{project_id}/vpn-gateways/{vgw_id}/certificate

**Table 1** Parameter description
Parameter	Type	Mandatory	Description
project_id	String	Yes	Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID.
vgw_id	String	Yes	Specifies the ID of a VPN gateway of the GM specification.

Request

Request parameters

**Table 2** CreateVpnGatewayCertificateRequestBody
Parameter	Type	Mandatory	Description
certificate	CreateVpnGatewayCertificateRequestBodyContent object	Yes	Specifies the VPN gateway certificate object.

**Table 3** CreateVpnGatewayCertificateRequestBodyContent
Parameter	Type	Mandatory	Description
name	String	No	Specifies the certificate name of a VPN gateway. The value is a string of 3 to 63 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.). If this parameter is not specified, a name in the format of vpngw-** is automatically generated, for example, cert-a45b**.
certificate	String	Yes	Specifies a signature certificate. The value is a string of 1 to 4096 characters. The certificate must be a non-CA certificate of the SM type.
private_key	String	Yes	Specifies the private key of the SM signature certificate. The value is a string of 1 to 4096 characters. The value matches the public key of the signature certificate.
certificate_chain	String	Yes	Specifies the content of a CA certificate. The value is a string of 1 to 8192 characters. The certificate must be an SM CA certificate.
enc_certificate	String	Yes	Specifies an encryption certificate. The value is a string of 1 to 4096 characters. The certificate must be a non-CA certificate of the SM type.
enc_private_key	String	Yes	Specifies the private key of the SM encryption certificate. The value is a string of 1 to 4096 characters. The value matches the public key of the encryption certificate.

Example request

POST https://{Endpoint}/v5/{project_id}/vpn-gateways/certificate

{
    "certificate": {
        "name": "cert-dce7",
        "certificate": "-----BEGIN CERTIFICATE-----\n******\n-----END CERTIFICATE-----",
        "private_key": "-----BEGIN EC PRIVATE KEY-----\n*******\n-----END EC PRIVATE KEY-----",
        "enc_certificate": "-----BEGIN CERTIFICATE-----\n********\n-----END CERTIFICATE-----",
        "enc_private_key": "-----BEGIN EC PRIVATE KEY-----\n********\n-----END EC PRIVATE KEY-----",
        "certificate_chain": "-----BEGIN CERTIFICATE-----\n******\n-----END CERTIFICATE-----"
    }
}

Response

Response parameters

Returned status code 201: successful operation

**Table 4** Parameters in the response body
Parameter	Type	Description
certificate	VpnGatewayCertificateConfig object	Specifies the VPN gateway certificate object.
request_id	String	Specifies a request ID.

**Table 5** VpnGatewayCertificateConfig
Parameter	Type	Description
id	String	Specifies the certificate ID of a VPN gateway. The value is a UUID containing 36 characters.
name	String	Specifies the certificate name of a VPN gateway. The value is a string of 3 to 63 characters, which can contain digits, letters, underscores (_), and hyphens (-).
vgw_id	String	Specifies a VPN gateway ID. The value is a UUID containing 36 characters.
issuer	String	Specifies the issuer of the SM signature certificate. The value is a string of 1 to 256 characters.
signature_algorithm	String	Specifies the signature algorithm of the SM signature certificate. The value is a string of 1 to 64 characters.
certificate_serial_number	String	Specifies the serial number of the SM signature certificate. The value is a string of 1 to 64 characters.
certificate_subject	String	Specifies the subject of the signature certificate. The value is a string of 1 to 256 characters.
certificate_expire_time	String	Specifies the time when the SM signature certificate expires.
certificate_chain_serial_number	String	Specifies the serial number of the CA certificate. The value is a string of 1 to 64 characters.
certificate_chain_subject	String	Specifies the subject of the CA certificate. The value is a string of 1 to 256 characters.
certificate_chain_expire_time	String	Specifies the time when the CA certificate expires.
enc_certificate_serial_number	String	Specifies the serial number of the SM encryption certificate. The value is a string of 1 to 64 characters.
enc_certificate_subject	String	Specifies the subject of the encryption certificate. The value is a string of 1 to 256 characters.
enc_certificate_expire_time	String	Specifies the time when the SM encryption certificate expires.
created_at	String	Specifies the creation time.

Example response

{
    "certificate": {
        "id": "73f072d8-demo-a8df-va86-2a755d95636f",
        "name": "cert-dce7",
        "vgw_id": "c7f1d3e3-0476-4a71-95a7-3ce8cbb969de",
        "signature_algorithm": "SM3WITHSM2",
        "certificate_serial_number": "16548506527294397241",
        "certificate_expire_time": "2024-02-20T15:41:39+08:00",
        "certificate_chain_serial_number": "12369133709000538078",
        "certificate_chain_expire_time": "2039-07-11T20:31:33+08:00",
        "enc_certificate_serial_number": "16548506527294397242",
        "enc_certificate_expire_time": "2024-02-20T15:43:26+08:00",
        "created_at": "2023-03-30T10:47:16.657+08:00"
    }
}

Status Codes

For details, see Status Codes.

Parent topic: S2C VPN Gateway

Previous topic: Querying the Route Table of a VPN Gateway

Next topic: Querying VPN Gateway Certificate Details

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.