Help Center/ Virtual Private Network/ API Reference/ API/ S2C VPN API/ S2C VPN Gateway/ Uploading Certificates for a VPN Gateway
Updated on 2024-12-03 GMT+08:00

Uploading Certificates for a VPN Gateway

Function

This API is used to upload certificates and private keys for a VPN gateway of the GM specification.

Calling Method

For details, see Calling APIs.

URI

POST /v5/{project_id}/vpn-gateways/{vgw_id}/certificate

Table 1 Parameter description

Parameter

Type

Mandatory

Description

project_id

String

Yes

Specifies a project ID. You can obtain the project ID by referring to Obtaining the Project ID.

vgw_id

String

Yes

Specifies the ID of a VPN gateway of the GM specification.

Request

  • Request parameters
    Table 2 CreateVpnGatewayCertificateRequestBody

    Parameter

    Type

    Mandatory

    Description

    certificate

    CreateVpnGatewayCertificateRequestBodyContent object

    Yes

    Specifies the VPN gateway certificate object.

    Table 3 CreateVpnGatewayCertificateRequestBodyContent

    Parameter

    Type

    Mandatory

    Description

    name

    String

    No

    • Specifies the certificate name of a VPN gateway.
    • The value is a string of 3 to 63 characters, which can contain digits, letters, underscores (_), hyphens (-), and periods (.).
    • If this parameter is not specified, a name in the format of vpngw-**** is automatically generated, for example, cert-a45b.

    certificate

    String

    Yes

    • Specifies a signature certificate.
    • The value is a string of 1 to 4096 characters.

      The certificate must be a non-CA certificate of the SM type.

    private_key

    String

    Yes

    • Specifies the private key of the SM signature certificate.
    • The value is a string of 1 to 4096 characters.

      The value matches the public key of the signature certificate.

    certificate_chain

    String

    Yes

    • Specifies the content of a CA certificate.
    • The value is a string of 1 to 8192 characters.

      The certificate must be an SM CA certificate.

    enc_certificate

    String

    Yes

    • Specifies an encryption certificate.
    • The value is a string of 1 to 4096 characters.

      The certificate must be a non-CA certificate of the SM type.

    enc_private_key

    String

    Yes

    • Specifies the private key of the SM encryption certificate.
    • The value is a string of 1 to 4096 characters.

      The value matches the public key of the encryption certificate.

  • Example request
    POST https://{Endpoint}/v5/{project_id}/vpn-gateways
    
    {
        "certificate": {
            "name": "cert-dce7",
            "certificate": "-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----",
            "private_key": "-----BEGIN EC PRIVATE KEY-----*******-----END EC PRIVATE KEY-----",
            "enc_certificate": "-----BEGIN CERTIFICATE-----********-----END CERTIFICATE-----",
            "enc_private_key": "-----BEGIN EC PRIVATE KEY-----********-----END EC PRIVATE KEY-----",
            "certificate_chain": "-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----"
        }
    }

Response

  • Response parameters

    Returned status code 201: successful operation

    Table 4 Parameters in the response body

    Parameter

    Type

    Description

    certificate

    VpnGatewayCertificateConfig object

    Specifies the VPN gateway certificate object.

    request_id

    String

    Specifies a request ID.

    Table 5 VpnGatewayCertificateConfig

    Parameter

    Type

    Description

    id

    String

    • Specifies the certificate ID of a VPN gateway.
    • The value is a UUID containing 36 characters.

    name

    String

    • Specifies the certificate name of a VPN gateway.
    • The value is a string of 3 to 63 characters, which can contain digits, letters, underscores (_), and hyphens (-).

    vgw_id

    String

    • Specifies a VPN gateway ID.
    • The value is a UUID containing 36 characters.

    issuer

    String

    • Specifies the issuer of the SM signature certificate.
    • The value is a string of 1 to 256 characters.

    signature_algorithm

    String

    • Specifies the signature algorithm of the SM signature certificate.
    • The value is a string of 1 to 64 characters.

    certificate_serial_number

    String

    • Specifies the serial number of the SM signature certificate.
    • The value is a string of 1 to 64 characters.

    certificate_subject

    String

    • Specifies the subject of the signature certificate.
    • The value is a string of 1 to 256 characters.

    certificate_expire_time

    String

    • Specifies the time when the SM signature certificate expires.

    certificate_chain_serial_number

    String

    • Specifies the serial number of the CA certificate.
    • The value is a string of 1 to 64 characters.

    certificate_chain_subject

    String

    • Specifies the subject of the CA certificate.
    • The value is a string of 1 to 256 characters.

    certificate_chain_expire_time

    String

    • Specifies the time when the CA certificate expires.

    enc_certificate_serial_number

    String

    • Specifies the serial number of the SM encryption certificate.
    • The value is a string of 1 to 64 characters.

    enc_certificate_subject

    String

    • Specifies the subject of the encryption certificate.
    • The value is a string of 1 to 256 characters.

    enc_certificate_expire_time

    String

    • Specifies the time when the SM encryption certificate expires.

    created_at

    String

    • Specifies the creation time.
  • Example response
    {
        "certificate": {
            "id": "73f072d8-demo-a8df-va86-2a755d95636f",
            "name": "cert-dce7",
            "vgw_id": "c7f1d3e3-0476-4a71-95a7-3ce8cbb969de",
            "issuer": "C=CN,ST=Beijing,L=HaiDian,O=GMCert.org,CN=GMCert GM Root CA - 01",
            "signature_algorithm": "SM3WITHSM2",
            "certificate_serial_number": "16548506527294397241",
            "certificate_subject": "C=CN,ST=beijing,L=beijing,O=huawei,OU=vpn,CN=hwcloud-vpn",
            "certificate_expire_time": "2024-02-20T15:41:39+08:00",
            "certificate_chain_serial_number": "12369133709000538078",
            "certificate_chain_subject": "C=CN,ST=Beijing,L=HaiDian,O=GMCert.org,CN=GMCert GM Root CA - 01",
            "certificate_chain_expire_time": "2039-07-11T20:31:33+08:00",
            "enc_certificate_serial_number": "16548506527294397242",
            "enc_certificate_subject": "C=CN,ST=beijing,L=beijing,O=huawei,OU=vpn,CN=hwcloud-vpn",
            "enc_certificate_expire_time": "2024-02-20T15:43:26+08:00",
            "created_at": "2023-03-30T10:47:16.657+08:00"
        }
    }

Status Codes

For details, see Status Codes.