Help Center/
Cloud Certificate Manager/
Best Practices/
Best Practices for Private Certificate Management/
Best Practices of PCA Code Examples/
Example Code for Managing Private CAs/
Creating a CA
Updated on 2024-12-17 GMT+08:00
Creating a CA
A maximum of 1,000 CAs can be created for each user.
For details about the parameters for creating a private CA, see Parameters for Creating a CA.
import com.huaweicloud.sdk.ccm.v1.CcmClient; import com.huaweicloud.sdk.ccm.v1.model.CreateCertificateAuthorityRequest; import com.huaweicloud.sdk.ccm.v1.model.CreateCertificateAuthorityRequestBody; import com.huaweicloud.sdk.ccm.v1.model.CreateCertificateAuthorityResponse; import com.huaweicloud.sdk.ccm.v1.model.CrlConfiguration; import com.huaweicloud.sdk.ccm.v1.model.DistinguishedName; import com.huaweicloud.sdk.ccm.v1.model.Validity; import com.huaweicloud.sdk.core.auth.GlobalCredentials; /** * Create a CA. */ public class CreateCertificateAuthorityExample { /** * Basic authentication information: * - ACCESS_KEY: access key of the Huawei Cloud account * - SECRET_ACCESS_KEY: secret access key of the Huawei Cloud account * - DOMAIN_ID: Huawei Cloud account ID. * - CCM_ENDPOINT: Endpoint address for accessing Huawei Cloud CCM (PCA is included in CCM). ......*Hard-coded or plaintext AK and SK are risky. For security, encrypt your AK and SK and store them in the configuration file or environment variables. * In this example, the AK and SK are stored in environment variables for identity authentication. Before running this example, configure environment variables HUAWEICLOUD_SDK_AK and HUAWEICLOUD_SDK_SK. */ private static final String ACCESS_KEY = System.getenv("HUAWEICLOUD_SDK_AK"); private static final String SECRET_ACCESS_KEY = System.getenv("HUAWEICLOUD_SDK_SK"); private static final String DOMAIN_ID = "<DomainID>"; private static final String CCM_ENDPOINT = "<CcmEndpoint>"; public static void main(String[] args) { // 1. Prepare the credentials for accessing Huawei Cloud. PCA is a global service. final GlobalCredentials auth = new GlobalCredentials() .withAk(ACCESS_KEY) .withSk(SECRET_ACCESS_KEY) .withDomainId(DOMAIN_ID); // 2. Initialize the SDK and transfer the credentials and endpoint address of CCM. final CcmClient ccmClient = CcmClient.newBuilder() .withCredential(auth) .withEndpoint(CCM_ENDPOINT).build(); // 3. Make request parameters. // (1) Type of the CA certificate you want to create. ROOT for root CAs and SUBORDINATE for subordinate CAs String CAType = "ROOT"; // (2) CA key algorithm String keyAlgorithm = "RSA2048"; // Signature hash algorithm String signatureAlgorithm = "SHA512"; /* * (4) Determining CA validity period * - type: time type. The options are YEAR, MONTH, DAY, and HOUR. * - value: corresponding value. */ Validity validity = new Validity(); validity.setType("YEAR"); validity.setValue(20); /* * (5) Define the unique identifier of the CA. * - organization: organization name. * - organizationalUnit: department name. * - country: abbreviation of a country. The value can contain only two characters, for example, US for the United States. * - state: province or city name. * - locality: city name. * - commonName: CA name (CN) */ DistinguishedName subjectInfo = new DistinguishedName(); subjectInfo.setOrganization("your organization"); subjectInfo.setOrganizationalUnit("your organizational unit"); subjectInfo.setCountry("CN"); subjectInfo.setState("your state"); subjectInfo.setLocality("your locality"); subjectInfo.setCommonName("your CA name"); /* * (6) CRL configuration information * - enabled: whether to enable the CRL configuration. * - obsBucketName: OBS bucket name, which is used to release the CRLs. OBS buckets must be authorized. * - crlName: name of the CRL file. If this parameter is not specified, the CA ID is used as the file name by default. * - validDays: CRL update period. */ CrlConfiguration crlConfiguration = new CrlConfiguration(); crlConfiguration.setEnabled(false); crlConfiguration.setObsBucketName("your OBS buck name"); crlConfiguration.setCrlName("your CRL file name"); crlConfiguration.setValidDays(7); // (7) Assign values to the attributes of the request body. CreateCertificateAuthorityRequestBody requestBody = new CreateCertificateAuthorityRequestBody(); requestBody.setType(CAType); requestBody.setKeyAlgorithm(keyAlgorithm); requestBody.setSignatureAlgorithm(signatureAlgorithm); requestBody.setValidity(validity); requestBody.setDistinguishedName(subjectInfo); requestBody.setCrlConfiguration(crlConfiguration); // 4. Construct a request body. CreateCertificateAuthorityRequest request = new CreateCertificateAuthorityRequest().withBody(requestBody); // 5. Start to send the request. CreateCertificateAuthorityResponse response; try { response = ccmClient.createCertificateAuthority(request); } catch (Exception e) { throw new RuntimeException(e.getMessage()); } // 6. Obtain the ID of the CA that is successfully created. String caId = response.getCaId(); System.out.println(caId); } }
Parent topic: Example Code for Managing Private CAs
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot