Creating a CA
Function
This API is used to create a CA. If you wish to:
-
Create a root CA, configure mandatory parameters based on the parameter description.
-
Create a subordinate CA and activate its certificate, configure mandatory parameters based on the parameter description.
-
Create a subordinate CA, but not want to activate its certificate, exclude one of the following parameters in the request body: issuer_id, signature_algorithm, and validity.
URI
POST /v1/private-certificate-authorities
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. The token can be obtained by calling the token API of IAM. The value of X-Auth-Token in the response header is the user token. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Type of the CA you want to create:
|
distinguished_name |
Yes |
DistinguishedName object |
Certificate name. For details, see data structure for the DistinguishedName field. |
key_algorithm |
Yes |
String |
Key algorithm. The options are as follows:
|
validity |
No |
Validity object |
Validity period of a certificate. The options are as follows:
NOTE:
For details, see data structure description of the Validity field. |
issuer_id |
No |
String |
ID of the parent CA. The options are as follows:
Minimum: 36 Maximum: 36 |
path_length |
No |
Integer |
Length of the CA certificate path. The options are as follows:
Minimum: 0 Maximum: 6 |
signature_algorithm |
No |
String |
Signature hash algorithm.
|
key_usages |
No |
Array of strings |
Key usage. For details, see 4.2.1.3 in RFC 5280.
NOTE:
The default values are as follows:
|
crl_configuration |
No |
CrlConfiguration object |
Certificate CRL. For details, see data structure for the CrlConfiguration field. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
common_name |
Yes |
String |
Common certificate name (CN). Minimum: 1 Maximum: 64 |
country |
Yes |
String |
Country code, which must comply with the regular expression "[A-Za-z]{2}". Minimum: 2 Maximum: 2 |
state |
Yes |
String |
State or city name. Minimum: 1 Maximum: 128 |
locality |
Yes |
String |
Country/Region. Minimum: 1 Maximum: 128 |
organization |
Yes |
String |
Organization name. Minimum: 1 Maximum: 64 |
organizational_unit |
Yes |
String |
Organization Unit (OU). Minimum: 1 Maximum: 64 |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Validity period type, which is mandatory. The options are as follows:
|
value |
Yes |
Integer |
The certificate validity period. The value of this parameter varies depending on the value of type:
|
start_from |
No |
Integer |
Start time. The options are as follows:
|
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
enabled |
Yes |
Boolean |
Whether to enable the gray release function of CRL.
|
crl_name |
No |
String |
Name of the certificate revocation list.
NOTE:
If you do not specify this parameter, the system uses the ID of the parent CA that issues the current certificate by default. |
obs_bucket_name |
No |
String |
OBS bucket name.
NOTE:
To enable the CRL release function:
|
valid_days |
No |
Integer |
CRL update interval, in days. This parameter is mandatory when the CRL release function is enabled. Minimum: 7 Maximum: 30 |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
ca_id |
String |
ID of the CA certificate being issued. Minimum: 36 Maximum: 36 |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 401
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 403
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 404
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Example Requests
When you use this API to create a CA certificate, a token is required in the X-Auth-Token field in the request header. The token must have the permission to access the API.
POST https://ccm.ae-ad-1.myhuaweicloud.com/v1/private-certificate-authorities { "type" : "ROOT", "key_algorithm" : "RSA4096", "signature_algorithm" : "SHA512", "distinguished_name" : { "country" : "your country abbreviation", "state" : "your state", "locality" : "your locality", "organization" : "your organization", "organizational_unit" : "your unit", "common_name" : "your CN" }, "validity" : { "type" : "YEAR", "value" : 3 }, "crl_configuration" : { "enabled" : false, "obs_bucket_name" : "demoBucket", "valid_days" : 8 } }
Example Responses
Status code: 200
Request succeeded.
{ "ca_id" : "66504812-fedc-414a-9b7c-4c1836398524" }
Status code: 400
Invalid request parameters.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status code: 401
Token required for the requested page.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status code: 403
Authentication failed.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status code: 404
No resources available or found.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status code: 500
Internal service error.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status Codes
Status Code |
Description |
---|---|
200 |
Request succeeded. |
400 |
Invalid request parameters. |
401 |
Token required for the requested page. |
403 |
Authentication failed. |
404 |
No resources available or found. |
500 |
Internal service error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot