Applying for a Certificate
Function
This API is used to apply for a certificate.
Debugging
You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, the following identity policy-based permissions are required.
URI
POST /v1/private-certificates
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. For details, see [Obtaining a User Token] (https://support.huaweicloud.com/intl/en-us/api-iam/iam_30_0001.html). |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
issuer_id |
Yes |
String |
ID of the parent CA. Minimum: 36 Maximum: 36 |
|
key_algorithm |
No |
String |
Key algorithm. If this parameter is not specified, the key algorithm of the CA is used by default. The options are as follows:
|
|
signature_algorithm |
No |
String |
Signature hash algorithm. If this parameter is not specified, the signature hash algorithm of the CA is used by default. The options are as follows: |
|
distinguished_name |
Yes |
CertDistinguishedName object |
Certificate name. For details, see data structure for the CertDistinguishedName field. |
|
validity |
Yes |
Validity object |
Certificate validity. For details, see data structure for the Validity field. |
|
key_usages |
No |
Array of strings |
Key usage. For details, see [4.2.1.3] in RFC 5280 (https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) |
|
subject_alternative_names |
No |
Array of SubjectAlternativeName objects |
Alternative name for the subject. For details, see data structure of the SubjectAlternativeName field. Array Length: 0 - 20 |
|
extended_key_usage |
No |
ExtendedKeyUsage object |
Extended key usage. For details, see data structure for the ExtendedKeyUsage field. |
|
customized_extension |
No |
CustomizedExtension object |
Customized extension information. For details, see data structure for the CustomizedExtension field. |
|
enterprise_project_id |
No |
String |
Enterprise project ID. If the enterprise project function is not enabled, you do not need to set this parameter. If the enterprise project function is enabled, you can set this parameter when querying a resource. If this parameter is not specified, the system searches for the required resource in all the enterprise projects that you have permissions for. In this case, the value of enterprise_project_id is all. The parameter value must meet one of the following requirements: Is all Is 0 Matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
common_name |
Yes |
String |
Common name (CN) of a certificate. The value can contain a maximum of 64 characters, including only letters, digits, spaces, Chinese characters, hyphens (-), underscores (_), periods (.), commas (,), and asterisks (*). Minimum: 1 Maximum: 64 |
|
country |
No |
String |
Country code. The value is a string of two characters and can contain only letters. If this parameter is not specified, the value of the parent CA is inherited by default. Minimum: 2 Maximum: 2 |
|
state |
No |
String |
Name of a province or city. The value can contain a maximum of 128 characters, including only letters, digits, Chinese characters, spaces, hyphens (-), underscores (_), periods (.), and commas (,). If this parameter is not specified, the value of the parent CA is inherited by default. Minimum: 1 Maximum: 128 |
|
locality |
No |
String |
Region name. The value can contain a maximum of 128 characters, including only letters, digits, Chinese characters, spaces, hyphens (-), underscores (_), periods (.), and commas (,). If this parameter is not specified, the value of the parent CA is inherited by default. Minimum: 1 Maximum: 128 |
|
organization |
No |
String |
Organization name. The value can contain a maximum of 64 characters, including only letters, digits, Chinese characters, spaces, hyphens (-), underscores (_), periods (.), and commas (,). If this parameter is not specified, the value of the parent CA is inherited by default. Minimum: 1 Maximum: 64 |
|
organizational_unit |
No |
String |
Organization unit name. The value can contain a maximum of 64 characters, including only letters, digits, Chinese characters, spaces, hyphens (-), underscores (_), periods (.), and commas (,). If this parameter is not specified, the value of the parent CA is inherited by default. Minimum: 1 Maximum: 64 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
type |
Yes |
String |
Validity period type, which is mandatory. The options are as follows: |
|
value |
Yes |
Integer |
The certificate validity period. The value of this parameter varies depending on the value of type: |
|
start_from |
No |
Integer |
Start time. The options are as follows: |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
type |
Yes |
String |
Type of the alternative name. Currently, only DNS, IP, EMAIL, URI, and UPN are allowed. |
|
value |
Yes |
String |
Value of the corresponding alternative name type. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
server_auth |
No |
Boolean |
Server authentication. The OID is 1.3.6.1.5.5.7.3.1.
NOTE:
Enable this enhanced key usage for the server certificate. The default value is false. Default: false |
|
client_auth |
No |
Boolean |
Client authentication. The OID is 1.3.6.1.5.5.7.3.2
NOTE:
Enable this enhanced key usage for the client certificate. The default value is false. Default: false |
|
code_signing |
No |
Boolean |
Signing of downloadable executable code client authentication. The OID is 1.3.6.1.5.5.7.3.3.
NOTE:
The default value is false. Default: false |
|
email_protection |
No |
Boolean |
Email protection. The OID is 1.3.6.1.5.5.7.3.4.
NOTE:
The default value is false. Default: false |
|
time_stamping |
No |
Boolean |
Binding the hash of an object to a time. The OID is 1.3.6.1.5.5.7.3.8
NOTE:
The default value is false. Default: false |
|
smart_card_logon |
No |
Boolean |
Smart card login. The OID is 1.3.6.1.4.1.311.20.2.2. Active Directory login. The default value is false. Default: false |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
object_identifier |
No |
String |
Object identifier
NOTE:
The value of this parameter must be a dot-decimal notation string that complies with the ASN1 specifications, for example, 1.3.6.1.4.1.2011.4.99. Minimum: 1 Maximum: 64 |
|
value |
No |
String |
Custom attribute content. Minimum: 1 Maximum: 64 |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
certificate_id |
String |
ID of the certificate being issued. Minimum: 36 Maximum: 36 |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
|
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 401
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
|
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
|
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
|
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
|
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Example Requests
When you call this API, a token with the permission to use this API is mandatory for the X-Auth-Token field.
POST https://ccm.cn-north-4.myhuaweicloud.com/v1/private-certificates
{
"key_algorithm" : "RSA2048",
"distinguished_name" : {
"country" : "CN",
"state" : "Sichuan",
"locality" : "Chengdu",
"organization" : "Huawei",
"organizational_unit" : "CloudBU",
"common_name" : "TestCert"
},
"subject_alternative_names" : [ {
"type" : "IP",
"value" : "156.127.116.38"
} ],
"signature_algorithm" : "SHA256",
"validity" : {
"type" : "YEAR",
"value" : 3
},
"issuer_id" : "2cb2878b-6cd1-460d-bd25-afe655159bdc",
"key_usages" : [ "digitalSignature", "nonRepudiation" ]
}
Example Responses
Status code: 200
Request succeeded.
{
"certificate_id" : "ae9a326a-b61e-4446-854d-cda30ffe31f5"
}
Status code: 400
Invalid request parameters.
{
"error_code" : "PCA.XXX",
"error_msg" : "XXX"
}
Status code: 401
Token required for the requested page.
{
"error_code" : "PCA.XXX",
"error_msg" : "XXX"
}
Status code: 403
Authentication failed.
{
"error_code" : "PCA.XXX",
"error_msg" : "XXX"
}
Status code: 404
No resources available or found.
{
"error_code" : "PCA.XXX",
"error_msg" : "XXX"
}
Status code: 500
Internal service error.
{
"error_code" : "PCA.XXX",
"error_msg" : "XXX"
}
SDK Sample Code
The SDK sample code is as follows.
Java
When you call this API, a token with the permission to use this API is mandatory for the X-Auth-Token field.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.GlobalCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.ccm.v1.region.CcmRegion; import com.huaweicloud.sdk.ccm.v1.*; import com.huaweicloud.sdk.ccm.v1.model.*; import java.util.List; import java.util.ArrayList; public class CreateCertificateSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new GlobalCredentials() .withAk(ak) .withSk(sk); CcmClient client = CcmClient.newBuilder() .withCredential(auth) .withRegion(CcmRegion.valueOf("<YOUR REGION>")) .build(); CreateCertificateRequest request = new CreateCertificateRequest(); CreateCertificateRequestBody body = new CreateCertificateRequestBody(); List<SubjectAlternativeName> listbodySubjectAlternativeNames = new ArrayList<>(); listbodySubjectAlternativeNames.add( new SubjectAlternativeName() .withType("IP") .withValue("156.127.116.38") ); List<String> listbodyKeyUsages = new ArrayList<>(); listbodyKeyUsages.add("digitalSignature"); listbodyKeyUsages.add("nonRepudiation"); Validity validitybody = new Validity(); validitybody.withType("YEAR") .withValue(3); CertDistinguishedName distinguishedNamebody = new CertDistinguishedName(); distinguishedNamebody.withCommonName("TestCert") .withCountry("CN") .withState("Sichuan") .withLocality("Chengdu") .withOrganization("Huawei") .withOrganizationalUnit("CloudBU"); body.withSubjectAlternativeNames(listbodySubjectAlternativeNames); body.withKeyUsages(listbodyKeyUsages); body.withValidity(validitybody); body.withDistinguishedName(distinguishedNamebody); body.withSignatureAlgorithm("SHA256"); body.withKeyAlgorithm("RSA2048"); body.withIssuerId("2cb2878b-6cd1-460d-bd25-afe655159bdc"); request.withBody(body); try { CreateCertificateResponse response = client.createCertificate(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Python
When you call this API, a token with the permission to use this API is mandatory for the X-Auth-Token field.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import GlobalCredentials from huaweicloudsdkccm.v1.region.ccm_region import CcmRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkccm.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] credentials = GlobalCredentials(ak, sk) client = CcmClient.new_builder() \ .with_credentials(credentials) \ .with_region(CcmRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateCertificateRequest() listSubjectAlternativeNamesbody = [ SubjectAlternativeName( type="IP", value="156.127.116.38" ) ] listKeyUsagesbody = [ "digitalSignature", "nonRepudiation" ] validitybody = Validity( type="YEAR", value=3 ) distinguishedNamebody = CertDistinguishedName( common_name="TestCert", country="CN", state="Sichuan", locality="Chengdu", organization="Huawei", organizational_unit="CloudBU" ) request.body = CreateCertificateRequestBody( subject_alternative_names=listSubjectAlternativeNamesbody, key_usages=listKeyUsagesbody, validity=validitybody, distinguished_name=distinguishedNamebody, signature_algorithm="SHA256", key_algorithm="RSA2048", issuer_id="2cb2878b-6cd1-460d-bd25-afe655159bdc" ) response = client.create_certificate(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Go
When you call this API, a token with the permission to use this API is mandatory for the X-Auth-Token field.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global" ccm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := global.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := ccm.NewCcmClient( ccm.CcmClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateCertificateRequest{} var listSubjectAlternativeNamesbody = []model.SubjectAlternativeName{ { Type: "IP", Value: "156.127.116.38", }, } var listKeyUsagesbody = []string{ "digitalSignature", "nonRepudiation", } validitybody := &model.Validity{ Type: "YEAR", Value: int32(3), } countryDistinguishedName:= "CN" stateDistinguishedName:= "Sichuan" localityDistinguishedName:= "Chengdu" organizationDistinguishedName:= "Huawei" organizationalUnitDistinguishedName:= "CloudBU" distinguishedNamebody := &model.CertDistinguishedName{ CommonName: "TestCert", Country: &countryDistinguishedName, State: &stateDistinguishedName, Locality: &localityDistinguishedName, Organization: &organizationDistinguishedName, OrganizationalUnit: &organizationalUnitDistinguishedName, } signatureAlgorithmCreateCertificateRequestBody:= "SHA256" keyAlgorithmCreateCertificateRequestBody:= "RSA2048" request.Body = &model.CreateCertificateRequestBody{ SubjectAlternativeNames: &listSubjectAlternativeNamesbody, KeyUsages: &listKeyUsagesbody, Validity: validitybody, DistinguishedName: distinguishedNamebody, SignatureAlgorithm: &signatureAlgorithmCreateCertificateRequestBody, KeyAlgorithm: &keyAlgorithmCreateCertificateRequestBody, IssuerId: "2cb2878b-6cd1-460d-bd25-afe655159bdc", } response, err := client.CreateCertificate(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
More
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
|
400 |
Invalid request parameters. |
|
401 |
Token required for the requested page. |
|
403 |
Authentication failed. |
|
404 |
No resources available or found. |
|
500 |
Internal service error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
