Updated on 2024-12-17 GMT+08:00

Exporting a Certificate

You can export a private certificate, including the certificate body and certificate chain. You can export the certificate in the format you need.

For details, see Parameters for Exporting a Certificate.

import com.huaweicloud.sdk.ccm.v1.CcmClient;
import com.huaweicloud.sdk.ccm.v1.model.ExportCertificateRequest;
import com.huaweicloud.sdk.ccm.v1.model.ExportCertificateRequestBody;
import com.huaweicloud.sdk.ccm.v1.model.ExportCertificateResponse;
import com.huaweicloud.sdk.core.auth.GlobalCredentials;

/**
 * Export the private certificate, including the certificate body and certificate chain. You can select the certificate format.
 */
public class ExportCertificateExample {
    /**
     * Basic authentication information:
     * - ACCESS_KEY: access key of the Huawei Cloud account
     * - SECRET_ACCESS_KEY: secret access key of the Huawei Cloud account
     * - DOMAIN_ID: Huawei Cloud account ID.
    * - CCM_ENDPOINT: Endpoint address for accessing Huawei Cloud CCM (PCA is included in CCM).
......*Hard-coded or plaintext AK and SK are risky. For security, encrypt your AK and SK and store them in the configuration file or environment variables.
     * In this example, the AK and SK are stored in environment variables for identity authentication. Before running this example, configure environment variables HUAWEICLOUD_SDK_AK and HUAWEICLOUD_SDK_SK.
     */
    private static final String ACCESS_KEY =  System.getenv("HUAWEICLOUD_SDK_AK");
    private static final String SECRET_ACCESS_KEY = System.getenv("HUAWEICLOUD_SDK_SK");
    private static final String DOMAIN_ID = "<DomainID>";
    private static final String CCM_ENDPOINT = "<CcmEndpoint>";

    public static void main(String[] args) {
      // 1. Prepare the credentials for accessing Huawei Cloud. PCA is a global service.
        final GlobalCredentials auth = new GlobalCredentials()
                .withAk(ACCESS_KEY)
                .withSk(SECRET_ACCESS_KEY)
                .withDomainId(DOMAIN_ID);

        // 2. Initialize the SDK and transfer the credentials and endpoint address of CCM.
        final CcmClient ccmClient = CcmClient.newBuilder()
                .withCredential(auth)
                .withEndpoint(CCM_ENDPOINT).build();

       // 3. Make request parameters.
      // (1) ID of the end-entity certificate you want to export.
        String certId = "5554a381-af92-4336-a943-811396c87616";

        /*
          (2) Define the export format. (SDKs support only uncompressed files.)
         - isCompressed: whether to compress the file. The value is a string. The options are true and false. SDKs support only false.
          - type: export format. Currently, only the following formats are supported in calling SDKs:
               APACHE: This parameter is recommended if you want to use the certificate for an Apache server.
               NGINX: This parameter is recommended if you want to use the certificate for an Nginx server.
                 OTHER: This parameter is recommended if you want to download a certificate in PEM format.
         */
        ExportCertificateRequestBody requestBody = new ExportCertificateRequestBody();
        requestBody.setType("NGINX");
        requestBody.setIsCompressed("false");

       // 4. Construct a request body.
        ExportCertificateRequest request = new ExportCertificateRequest()
                .withCertificateId(certId)
                .withBody(requestBody);

       // 5. Start to send the request.
        ExportCertificateResponse response;
        try {
            response = ccmClient.exportCertificate(request);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }

       // 6. Obtain the response message.
       // (1) Obtain the certificate body in PEM format.
        String certificate = response.getCertificate();
       // (2) Obtain the certificate chain in PEM format.
        String certificateChain = response.getCertificateChain();
        System.out.println(response);
    }

}