Updating a Certificate

Function

This API is used to update a certificate used by the load balancer. You can update the certificate content and private key, but not the certificate type.

Note: Updating a certificate will affect the associated listeners.

Constraints

If a certificate with a domain name is used by a listener, the domain name cannot be updated to an empty string (""), and the system returns the 409 Conflict status code.

Calling Method

For details, see Calling APIs.

URI

PUT /v3/{project_id}/elb/certificates/{certificate_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
certificate_id	Yes	String	Specifies a certificate ID.
project_id	Yes	String	Definition: Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID. Constraints: N/A Range: The value can contain a maximum of 32 characters, including digits and lowercase letters. Default value: N/A

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition: Specifies the token used for IAM authentication. Constraints: N/A Range: N/A Default value: N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
certificate	Yes	UpdateCertificateOption object	Definition: Specifies the parameters for updating a certificate. Constraints: N/A

**Table 4** UpdateCertificateOption
Parameter	Mandatory	Type	Description
certificate	No	String	Definition: Specifies the certificate content. It supports certificate chains with a maximum of 11 layers (including certificates and certificate chains). Constraints: N/A Range: The value must be PEM encoded, and can contain a maximum of 65536 characters. Default value: N/A
description	No	String	Definition: Provides supplementary information about the certificate. Constraints: N/A Range: 0 to 255 characters. Default value: N/A
name	No	String	Definition: Specifies the certificate name. Constraints: N/A Range: 0 to 255 characters. Default value: N/A
private_key	No	String	Definition: Specifies the private key of the server certificate. Constraints: N/A Range: The value must be PEM encoded, and can contain a maximum of 8,192 characters. Default value: N/A
domain	No	String	Definition: Specifies the domain names used by the server certificate. Constraints: This parameter will take effect only when type is set to server. (For other types of certificates, this parameter can be specified but does not take effect.) Range: The value can contain 0 to 10,000 characters and consists of multiple common domain names or wildcard domain names separated by commas. A maximum of 100 domain names are allowed. A common domain name consists of several labels separated by periods (.). Each label can contain a maximum of 63 characters, including letters, digits, and hyphens (-), and must start and end with a letter or digit. Example: www.test.com. A wildcard domain name is a domain name that starts with . Example: .test.com Default value: N/A
enc_certificate	No	String	Definition: Specifies the content of the server SM certificate. It supports certificate chains with a maximum of 11 layers (including certificates and certificate chains). Constraints: This parameter is supported only when type is set to server_sm. Range: The value must be PEM encoded, and can contain a maximum of 65,536 characters. Default value: N/A
enc_private_key	No	String	Definition: Specifies the private key of the server SM certificate. Constraints: This parameter is supported only when type is set to server_sm. Range: The value must be PEM encoded, and can contain a maximum of 8,192 characters. Default value: N/A
scm_certificate_id	No	String	Definition: Specifies the ID of the certificate managed on Cloud Certificate Manager (CCM). Constraints: The system records only the certificate ID but does not verify its existence on CCM. In addition, you need to update the content of the corresponding certificate on CCM to the related parameters (certificate, private_key, enc_certificate, and enc_private_key) of the current API. Range: N/A Default value: N/A
source	No	String	Definition: Specifies the source of the certificate. Constraints: none Range: scm: certificates from CCM Empty: self-signed certificates Default value: N/A
protection_status	No	String	Definition: Specifies the protection status. Constraints: N/A Range: nonProtection: The resource is not protected. consoleProtection: Modification is not allowed on the console. Default value: N/A
protection_reason	No	String	Definition: Specifies why modification protection is enabled. Constraints: This parameter is valid only when protection_status is set to consoleProtection. Range: N/A Default value: N/A

Response Parameters

Status code: 200

**Table 5** Response body parameters
Parameter	Type	Description
request_id	String	Definition: Specifies the request ID. Range: The value is automatically generated, and can contain characters including digits, lowercase letters, and hyphens (-).
certificate	CertificateInfo object	Definition: Specifies the certificate information. The certificate is defined by the sub-parameter.

**Table 6** CertificateInfo
Parameter	Type	Description
admin_state_up	Boolean	Definition: Specifies the administrative status of the certificate. This parameter does not take effect whether it is set to true or false. Range: true: The certificate is available. false: The certificate is unavailable.
certificate	String	Definition: Specifies the certificate content. It supports certificate chains with a maximum of 11 layers (including certificates and certificate chains). Range: The value must be PEM encoded, and can contain a maximum of 65,536 characters.
description	String	Definition: Provides supplementary information about the certificate. Range: 0 to 255 characters.
domain	String	Definition: Specifies the domain names used by the server certificate. Range: The value can contain 0 to 10,000 characters and consists of multiple common domain names or wildcard domain names separated by commas. A maximum of 100 domain names are allowed. A common domain name consists of several labels separated by periods (.). Each label can contain a maximum of 63 characters, including letters, digits, and hyphens (-), and must start and end with a letter or digit. Example: www.test.com. A wildcard domain name is a domain name that starts with . Example: .test.com
id	String	Definition: Specifies the certificate ID. Range: The value consists of 32 digits and lowercase letters.
name	String	Definition: Specifies the certificate name. Range: 0 to 255 characters.
private_key	String	Definition: Specifies the private key of the server certificate. Range: The value must be PEM encoded, and can contain a maximum of 8,192 characters.
type	String	Definition: Specifies the certificate type. Range: server: server certificates client CA certificates server_sm: server SM certificates
created_at	String	Definition: Specifies the creation time. Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.
updated_at	String	Definition: Specifies the update time. Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.
expire_time	String	Definition: Specifies the time when the certificate expires. Range: The value must be a UTC time in the yyyy-MM-dd'T'HH:mm:ss'Z' format.
project_id	String	Definition: Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID. Range: The value can contain a maximum of 32 characters, including digits and lowercase letters.
enc_certificate	String	Definition: Specifies the content of the server SM certificate. It supports certificate chains with a maximum of 11 layers (including certificates and certificate chains). Range: The value must be PEM encoded, and can contain a maximum of 65536 characters.
enc_private_key	String	Definition: Specifies the private key of the server SM certificate. Range: The value must be PEM encoded, and can contain a maximum of 8,192 characters.
scm_certificate_id	String	Definition: Specifies the ID of the certificate managed on Cloud Certificate Manager (CCM). Range: N/A
common_name	String	Definition: Specifies the primary domain name of the certificate. Range: N/A
fingerprint	String	Definition: Specifies the fingerprint of the certificate. Range: N/A
subject_alternative_names	Array of strings	Definition: Specifies all the domain names of the certificate. Range: N/A
source	String	Definition: Specifies the source of the certificate. Range: scm: certificates from CCM Empty: self-signed certificates
protection_status	String	Definition: Specifies the protection status. Range: nonProtection: The resource is not protected. consoleProtection: Modification is not allowed on the console.
protection_reason	String	Definition: Specifies why modification protection is enabled. Range: N/A

Example Requests

Modifying the name and description of a certificate

PUT https://{ELB_Endpoint}/v3/99a3fff0d03c428eac3678da6a7d0f24/elb/certificates/233a325e5e3e4ce8beeb320aa714cc12

{
  "certificate" : {
    "name" : "My Certificate",
    "description" : "Update my Certificate."
  }
}

Example Responses

Status code: 200

Successful request.

{
  "certificate" : {
    "private_key" : "-----BEGIN PRIVATE KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQVAbOLe5xNf4M253Wn9vhdUzojetjv4J+B7kYwsMhRcgdcJ8KCnX1nfzTvI2ksXlTQ2o9BkpStnPetB4s32ZiJRMlk+61iUUMNsHwK2WBX57JT3JgmyVbH8GbmRY0+H3sH1i72luna7rMMD30gLh6QoP3cq7PGWcuZKV7hjd1tjCTQukwMvqV8Icq39buNpIgDOWzEP5AzqXtCOFYn6RTH5SRug4hKNN7sT1eYMslHu7wtEBDKVgrLjOCe/W2f8rLT1zEsoAW2ChlZAPYUBkl/0XuTWRg3CohPPcI+UtlRSfvLDeeQ460swjbwgS/RbJh3sIwlCRLU08kEo04Z9H/AgMBAAECggEAEIeaQqHCWZk/HyYN0Am/GJSGFa2tD60SXY2fUieh8/HlfvCArftGgMaYWPSNCJRMXB7tPwpQu19esjz4Z/cR2Je4fTLPrffGUsHFgZjv5OQBZVe4a5Hj1OcgJYhwCqPs2d9i2wToYNBbcfgh8lSETq8YaXngBO6vES9LMhHkNKKrciu9YkInNEHu6uRJ5g/eGGX3KQynTvVIhnOVGAJvjTXcoU6fm7gYdHAD6jk9lc9MEGpfYI6AdHIwFZcT/RNAxhP82lg2gUJSgAu66FfDjMwQXKbafKdP3zq4Up8a7AlekrguPtfV1vWklg+bUFhgGaiAEYTpAUN9t2DVIiijgQKBgQDnYMMsaF0r557CM1CTXUqgCZo8MKeV2jf2drlxRRwRl33SksQbzAQ/qrLdT7GP3sCGqvkxWY2FPdFYf8kxGcCeZPcIeZYCQAM41pjtsaM8tVbLWVR8UtGBuQoPSph7JNF3Tm/JH/fbwjpjP7dtJ7n8EzkRUNE6aIMHOFEeych/PQKBgQDmf1bMogx63rTcwQ0PEZ9Vt7mTgKYK4aLriWgTWHXPZxUQaYhpjXo6+lMI6DpExiDgBAkMzJGIvS7yQiYWU+wthAr9urbWYdGZlS6VjoTkF6r7VZoILXX0fbuXh6lm8K8IQRfBpJff56p9phMwaBpDNDrfpHB5utBUxs40yIdp6wKBgQC69Cp/xUwTX7GdxQzEJctYiKnBHKcspAg38zJf3bGSXU/jR4eB1lVQhELGI9CbKSdzKM71GyEImix/T7FnJSHIWlho1qVo6AQyduNWnAQD15pr8KAdXGXAZZ1FQcb3KYa+2fflERmazdOTwjYZ0tGqZnXkEeMdSLkmqlCRigWhGQKBgDak/735uP20KKqhNehZpC2dJei7OiIgRhCS/dKASUXHSW4fptBnUxACYocdDxtY4VhafI7FPMdvGl8ioYbvlHFh+X0Xs9r1S8yeWnHoXMb6eXWmYKMJrAoveLa+2cFm1Agf7nLhA4R4lqm9IpV6SKegDUkR4fxp9pPyodZPqBLLAoGBAJkD4wHW54Pwd4Ctfk9ojHjWB7pQlUYpTZO9dm+4fpCMn9Okf43AE2yAOaAP94GdzdDJkxfciXKcsYr9IIukfaoXgjKR7p1zERiWZuFF63SB4aiyX1H7IX0MwHDZQO38a5gZaOm/BUlGKMWXzuEd3fy+1rCUwzOp9LSjtJYf4ege-----END PRIVATE KEY-----",
    "description" : "Update my Certificate.",
    "domain" : null,
    "created_at" : "2019-03-31T22:23:51Z",
    "expire_time" : "2045-11-17T13:25:47Z",
    "id" : "233a325e5e3e4ce8beeb320aa714cc12",
    "name" : "My Certificate",
    "certificate" : "-----BEGIN CERTIFICATE-----MIIC4TCCAcmgAwIBAgICEREwDQYJKoZIhvcNAQELBQAwFzEVMBMGA1UEAxMMTXlDb21wYW55IENBMB4XDTE4MDcwMjEzMjU0N1oXDTQ1MTExNzEzMjU0N1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FQGzi3ucTX+DNud1p/b4XVM6I3rY7+Cfge5GMLDIUXIHXCfCgp19Z3807yNpLF5U0NqPQZKUrZz3rQeLN9mYiUTJZPutYlFDDbB8CtlgV+eyU9yYJslWx/Bm5kWNPh97B9Yu9pbp2u6zDA99IC4ekKD93KuzxlnLmSle4Y3dbYwk0LpMDL6lfCHKt/W7jaSIAzlsxD+QM6l7QjhWJ+kUx+UkboOISjTe7E9XmDLJR7u8LRAQylYKy4zgnv1tn/Ky09cxLKAFtgoZWQD2FAZJf9F7k1kYNwqITz3CPlLZUUn7yw3nkOOtLMI28IEv0WyYd7CMJQkS1NPJBKNOGfR/wIDAQABozowODAhBgNVHREEGjAYggpkb21haW4uY29thwQKuUvJhwR/AAABMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQA8lMQJxaTey7EjXtRLSVlEAMftAQPG6jijNQuvIBQYUDauDT4W2XUZ5wAnjiOyQ83va672K1G9s8n6xlH+xwwdSNnozaKzC87vwSeZKIOdl9I5I98TGKI6OoDaezmzCwQYtHBMVQ4c7Ml8554Ft1mWSt4dMAK2rzNYjvPRLYlzp1HMnI6hkjPk4PCZwKnha0dlScati9CCt3UzXSNJOSLalKdHErH08Iqd+1BchScxCfk0xNITn1HZZGmI+vbmunok3A2lucI14rnsrcbkGYqxGikySN6B2cRLBDK4Y3wChiW6NVYtVqcx5/mZiYsGDVN+9QBd0eYUHce+77s96i3I-----END CERTIFICATE-----",
    "admin_state_up" : true,
    "project_id" : "99a3fff0d03c428eac3678da6a7d0f24",
    "updated_at" : "2019-03-31T23:26:49Z",
    "type" : "server",
    "common_name" : "www.example.com",
    "fingerprint" : "869df7fcb441c2ef3fb9329437815972eeb1ef0e",
    "subject_alternative_names" : [ "www.example.com" ]
  },
  "request_id" : "d9abea6b-98ee-4ad4-8c5d-185ded48742f"
}

SDK Sample Code

The SDK sample code is as follows.

Modifying the name and description of a certificate

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.elb.v3.region.ElbRegion;
import com.huaweicloud.sdk.elb.v3.*;
import com.huaweicloud.sdk.elb.v3.model.*;


public class UpdateCertificateSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        ElbClient client = ElbClient.newBuilder()
                .withCredential(auth)
                .withRegion(ElbRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateCertificateRequest request = new UpdateCertificateRequest();
        request.withCertificateId("{certificate_id}");
        UpdateCertificateRequestBody body = new UpdateCertificateRequestBody();
        UpdateCertificateOption certificatebody = new UpdateCertificateOption();
        certificatebody.withDescription("Update my Certificate.")
            .withName("My Certificate");
        body.withCertificate(certificatebody);
        request.withBody(body);
        try {
            UpdateCertificateResponse response = client.updateCertificate(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

Modifying the name and description of a certificate

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkelb.v3.region.elb_region import ElbRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkelb.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = ElbClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(ElbRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateCertificateRequest()
        request.certificate_id = "{certificate_id}"
        certificatebody = UpdateCertificateOption(
            description="Update my Certificate.",
            name="My Certificate"
        )
        request.body = UpdateCertificateRequestBody(
            certificate=certificatebody
        )
        response = client.update_certificate(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

Modifying the name and description of a certificate

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    elb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := elb.NewElbClient(
        elb.ElbClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateCertificateRequest{}
	request.CertificateId = "{certificate_id}"
	descriptionCertificate:= "Update my Certificate."
	nameCertificate:= "My Certificate"
	certificatebody := &model.UpdateCertificateOption{
		Description: &descriptionCertificate,
		Name: &nameCertificate,
	}
	request.Body = &model.UpdateCertificateRequestBody{
		Certificate: certificatebody,
	}
	response, err := client.UpdateCertificate(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     