Uploading Certificates for a VPN Gateway

Function

This API is used to upload certificates and private keys for a VPN gateway of the GM specification.

Calling Method

For details, see Calling APIs.

URI

POST /v5/{project_id}/vpn-gateways/{vgw_id}/certificate

**Table 1** Parameter description
Parameter	Type	Mandatory	Description
project_id	String	Yes	Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID.
vgw_id	String	Yes	Specifies the ID of a VPN gateway of the GM specification.

Request

Request parameters

**Table 2** CreateVpnGatewayCertificateRequestBody
Parameter	Type	Mandatory	Description
certificate	CreateVpnGatewayCertificateRequestBodyContent object	Yes	Specifies the VPN gateway certificate object.

**Table 3** CreateVpnGatewayCertificateRequestBodyContent
Parameter	Type	Mandatory	Description
name	String	No	Specifies the certificate name of a VPN gateway. The value is a string of 3 to 63 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.). If this parameter is not specified, a name in the format of vpngw-** is automatically generated, for example, cert-a45b**.
certificate	String	Yes	Specifies a signature certificate. The value is a string of 1 to 4096 characters. The certificate must be a non-CA certificate of the SM type.
private_key	String	Yes	Specifies the private key of the SM signature certificate. The value is a string of 1 to 4096 characters. The value matches the public key of the signature certificate.
certificate_chain	String	Yes	Specifies the content of a CA certificate. The value is a string of 1 to 8192 characters. The certificate must be an SM CA certificate.
enc_certificate	String	Yes	Specifies an encryption certificate. The value is a string of 1 to 4096 characters. The certificate must be a non-CA certificate of the SM type.
enc_private_key	String	Yes	Specifies the private key of the SM encryption certificate. The value is a string of 1 to 4096 characters. The value matches the public key of the encryption certificate.

Example request

POST https://{Endpoint}/v5/{project_id}/vpn-gateways

{
    "certificate": {
        "name": "cert-dce7",
        "certificate": "-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----",
        "private_key": "-----BEGIN EC PRIVATE KEY-----*******-----END EC PRIVATE KEY-----",
        "enc_certificate": "-----BEGIN CERTIFICATE-----********-----END CERTIFICATE-----",
        "enc_private_key": "-----BEGIN EC PRIVATE KEY-----********-----END EC PRIVATE KEY-----",
        "certificate_chain": "-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----"
    }
}

Response

Response parameters

Returned status code 201: successful operation

**Table 4** Parameters in the response body
Parameter	Type	Description
certificate	VpnGatewayCertificateConfig object	Specifies the VPN gateway certificate object.
request_id	String	Specifies a request ID.

**Table 5** VpnGatewayCertificateConfig
Parameter	Type	Description
id	String	Specifies the certificate ID of a VPN gateway. The value is a UUID containing 36 characters.
name	String	Specifies the certificate name of a VPN gateway. The value is a string of 3 to 63 characters, which can contain digits, letters, underscores (_), and hyphens (-).
vgw_id	String	Specifies a VPN gateway ID. The value is a UUID containing 36 characters.
issuer	String	Specifies the issuer of the SM signature certificate. The value is a string of 1 to 256 characters.
signature_algorithm	String	Specifies the signature algorithm of the SM signature certificate. The value is a string of 1 to 64 characters.
certificate_serial_number	String	Specifies the serial number of the SM signature certificate. The value is a string of 1 to 64 characters.
certificate_subject	String	Specifies the subject of the signature certificate. The value is a string of 1 to 256 characters.
certificate_expire_time	String	Specifies the time when the SM signature certificate expires.
certificate_chain_serial_number	String	Specifies the serial number of the CA certificate. The value is a string of 1 to 64 characters.
certificate_chain_subject	String	Specifies the subject of the CA certificate. The value is a string of 1 to 256 characters.
certificate_chain_expire_time	String	Specifies the time when the CA certificate expires.
enc_certificate_serial_number	String	Specifies the serial number of the SM encryption certificate. The value is a string of 1 to 64 characters.
enc_certificate_subject	String	Specifies the subject of the encryption certificate. The value is a string of 1 to 256 characters.
enc_certificate_expire_time	String	Specifies the time when the SM encryption certificate expires.
created_at	String	Specifies the creation time.

Example response

{
    "certificate": {
        "id": "73f072d8-demo-a8df-va86-2a755d95636f",
        "name": "cert-dce7",
        "vgw_id": "c7f1d3e3-0476-4a71-95a7-3ce8cbb969de",
        "issuer": "C=CN,ST=Beijing,L=HaiDian,O=GMCert.org,CN=GMCert GM Root CA - 01",
        "signature_algorithm": "SM3WITHSM2",
        "certificate_serial_number": "16548506527294397241",
        "certificate_subject": "C=CN,ST=beijing,L=beijing,O=huawei,OU=vpn,CN=hwcloud-vpn",
        "certificate_expire_time": "2024-02-20T15:41:39+08:00",
        "certificate_chain_serial_number": "12369133709000538078",
        "certificate_chain_subject": "C=CN,ST=Beijing,L=HaiDian,O=GMCert.org,CN=GMCert GM Root CA - 01",
        "certificate_chain_expire_time": "2039-07-11T20:31:33+08:00",
        "enc_certificate_serial_number": "16548506527294397242",
        "enc_certificate_subject": "C=CN,ST=beijing,L=beijing,O=huawei,OU=vpn,CN=hwcloud-vpn",
        "enc_certificate_expire_time": "2024-02-20T15:43:26+08:00",
        "created_at": "2023-03-30T10:47:16.657+08:00"
    }
}