Update a CA Certificate
Function
This API is used by an application to update a CA certificate on the IoT platform. This API is supported only by standard and enterprise editions.
Debugging
You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, the following identity policy-based permissions are required.
Action
Access Level
Resource Type (*: required)
Condition Key
Alias
Dependencies
iotda:certificates:update
Write
app *
-
-
-
-
g:EnterpriseProjectId
URI
PUT /v5/iot/{project_id}/certificates/{certificate_id}
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. For details about how to obtain the project ID, see Obtaining a Project ID. |
|
certificate_id |
Yes |
String |
Unique CA certificate ID, allocated by the platform when the certificate is uploaded. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
Instance-Id |
No |
String |
Instance ID. Unique identifier of each instance in the physical multi-tenant scenario. Mandatory for professional editions and recommended in other cases. Log in to the IoTDA console and choose Overview in the navigation pane to view the instance ID. For details, see Viewing Instance Details. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
provision_enable |
No |
Boolean |
Whether to enable the self-registration capability. The options are true (yes) and false (no). If this parameter is set to true, this function must be used together with the pre-provisioning function. |
|
template_id |
No |
String |
ID of the pre-provisioning template bound to the CA certificate. If this parameter is set to null, the binding relationship is canceled. |
|
ocsp_enable |
No |
Boolean |
Whether to enable OCSP verification for device certificates issued by the CA certificate. Options: true (enabled) and false (disabled). If this parameter is set to true and the device certificate information contains the OCSP URL, the platform verifies the certificate status. If the certificate status is revoked, the platform rejects the device connection. |
|
ocsp_ssl_enable |
No |
Boolean |
Whether SSL is enabled for accessing the OCSP server. If SSL is enabled, the server CA certificate verification must be configured. |
|
ocsp_server_ca_id |
No |
String |
ID of the CA certificate on the OCSP server. This parameter is mandatory when the OCSP server uses HTTPS. Otherwise, the authentication fails. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
certificate_id |
String |
Unique CA certificate ID, allocated by the platform when the certificate is uploaded. |
|
cn_name |
String |
CN of the CA certificate. |
|
owner |
String |
Owner of the CA certificate. |
|
status |
Boolean |
Verification status of the CA certificate. true indicates that the certificate has been verified and can be used for device access authentication. false indicates that the certificate does not pass the verification. |
|
verify_code |
String |
Verification code of the CA certificate. |
|
provision_enable |
Boolean |
Whether to enable the self-registration capability. The options are true (yes) and false (no). If this parameter is set to true, this function must be used together with the pre-provisioning function. |
|
template_id |
String |
ID of the bound pre-provisioning template. |
|
ocsp_enable |
Boolean |
Whether to enable OCSP verification for device certificates issued by the CA certificate. Options: true (enabled) and false (disabled). If this parameter is set to true and the device certificate information contains the OCSP URL, the platform verifies the certificate status. If the certificate status is revoked, the platform rejects the device connection. |
|
ocsp_server_ca_id |
String |
ID of the CA certificate on the OCSP server. This parameter is mandatory only when SSL is enabled on the OCSP server. The platform uses the CA certificate to authenticate the OCSP server. |
|
ocsp_ssl_enable |
Boolean |
Whether SSL encryption is enabled on the OCSP server. If SSL encryption is enabled, the CA certificate of the OCSP server must be configured. |
|
create_date |
String |
Time when the certificate was created. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z. |
|
effective_date |
String |
Time when the CA certificate starts to take effect. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z. |
|
expiry_date |
String |
Time when CA certificate expires. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z. |
Example Requests
Associates the certificate with the self-registration template and enables the self-registration function.
PUT https://{endpoint}/v5/iot/{project_id}/certificates/{certificate_id}
{
"template_id" : "61c970ce2d63eb6ee655dbf0",
"provision_enable" : true
}
Example Responses
Status code: 200
Successful response
{
"certificate_id" : "string",
"cn_name" : "string",
"owner" : "string",
"status" : true,
"verify_code" : "string",
"provision_enable" : true,
"template_id" : "61c970ce2d63eb6ee655dbf0",
"create_date" : "20191212T121212Z",
"effective_date" : "20191212T121212Z",
"expiry_date" : "20221212T121212Z",
"ocsp_enable" : "false,",
"ocsp_server_ca_id" : "60fa667369d4840337930aec",
"ocsp_ssl_enable" : true
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Successful response |
|
400 |
Bad Request |
|
401 |
Unauthorized |
|
404 |
Not Found |
|
403 |
Forbidden |
|
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
