Issuing a certificate via CSR
Function
This API is used to issue a certificate via CSR. The constraints are as follows:
-
The default parameters are as follows:
-
Default CA parameters:
-
keyUsage: The options are digitalSignature, keyCertSign, and cRLSign. The parameters in the CSR are preferentially used.
-
SignatureHashAlgorithm: SHA384
-
PathLength: 0 (user-defined)
-
-
Private certificates
-
keyUsage: The options are digitalSignature and keyAgreement. The parameters in the CSR are preferentially used.
-
SignatureHashAlgorithm: SHA384
-
-
-
If type is set to INTERMEDIATE_CA, the created subordinate CA certificate has the following features:
-
It does not use the CA quota. When you query the CA list, this certificate is not included.
-
Only the following two APIs can be used to obtain its information:
-
To obtain its details: GET /v1/private-certificate-authorities/{ca_id}
-
To export it: POST /v1/private-certificate-authorities/{ca_id}/export
-
-
The value of certificate_id returned by this API is the value of ca_id for the subordinate CA.
-
It cannot issue certificates as its key is on the user side.
-
-
If type is set to ENTITY_CERT, the created private certificate has the following features:
-
It uses the private certificate quota. When you query the private certificate list, this certificate is included.
-
The usage of this certificate is the same as that of other private certificates except that the exported certificate does not contain the key information (the key is on the client).
Note: Use \r\n or \n to replace the newline characters to convert the CSR into a string. For details, see the example request. Note: The organization information, public key algorithm, and public key content of a certificate are included in the CSR file and cannot be obtained through APIs.
-
URI
POST /v1/private-certificates/csr
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. For details, see Obtaining a User Token. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
issuer_id |
Yes |
String |
ID of the parent CA. Minimum: 36 Maximum: 36 |
csr |
Yes |
String |
Certificate signature request. Use \r\n or \n to replace the newline characters in the CSR. The replacement is not required if this API is requested through the console. Maximum: 5120 |
validity |
Yes |
Validity object |
Certificate validity. For details, see data structure for the Validity field. |
type |
No |
String |
Certificate type. This parameter is used to distinguish subordinate CA certificates from private certificates.
|
path_length |
No |
Integer |
Path length. This parameter is valid only when a subordinate CA is issued. Minimum: 0 Maximum: 6 |
subject_alternative_names |
No |
Array of SubjectAlternativeName objects |
The alternative name for the subject (This parameter is reserved and ignored at the backend). For details, see data structure for the SubjectAlternativeName field. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Validity period type, which is mandatory. The options are as follows:
|
value |
Yes |
Integer |
The certificate validity period. The value of this parameter varies depending on the value of type:
|
start_from |
No |
Integer |
Start time. The options are as follows:
|
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Type of the alternative name. Currently, only DNS, IP, DNS, and URI are allowed.
|
value |
Yes |
String |
Value of the corresponding alternative name type.
|
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
certificate_id |
String |
ID of the certificate being issued. Minimum: 36 Maximum: 36 |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 401
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 403
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 404
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code Minimum: 3 Maximum: 36 |
error_msg |
String |
Error message Minimum: 0 Maximum: 1024 |
Example Requests
When you use this API to issue a certificate via CSR, a token is required in the X-Auth-Token field in the request header. The token must have the permission to access the API.
POST https://ccm.ap-southeast-3.myhuaweicloud.com/v1/private-certificates/csr { "csr" : "-----BEGIN CERTIFICATE REQUEST-----\\nMIICyTCCAbECAQAwXjELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB3NpY2hhdW4xEDAO\\nBgNVBAcTB2NoZW5nZHUxCzAJBgNVBAoTAkhXMQswCQYDVQQLEwJJVDERMA8GA1UE\\nAxMIdGVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ4q5z\\nxqK/L/FC9x2jESeUW5GB6zS5rVxT0WLTCTv9d1LtWBLsRIinATYTYiP1pNo4/pBq\\nHlM3IiUDkc896CJerYlNzOIjTaV4GjCZvPrxSHU5toJvIDflBsY+gnzbT1ol/y0r\\n3yb9dx7eeF5rPR+U8RTw+Ov/ZNRb+0CY30hrXMdrWjp5dtLGTlr5EFYxlKNOPCkR\\n+6BGyJnC9PWSuqwsykFbgMRkcBaNAxa59dRhMF50pvx2Vs929vFrMi+ofDELUOqz\\n1vyjaEA3pn3AGJGXZgrGNbSfz12ixgGLes4cQD21GCIAWgnBQ7b1ru2V8ImUfyh0\\nyvTEyHJTuFbQ+257AgMBAAGgJjAkBgkqhkiG9w0BCQ4xFzAVMBMGA1UdEQQMMAqC\\nCHRlc3QuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBKfjZuYsz4s0wb1POIWn41eiAB\\np53qb63QKWILN9z8dLktcdSl3lPfcfPZpXv++QPtn3LR9rJKBawusk6SPXbvOGgS\\n5J+6eM8kVW2O3gHFgoaMcPYVtiO7ekG6o25qx6+Rj84wbFdmpOiCc8AwrLEBwzYV\\np1zaprWQu6PxBulkYPa3FLcntDdi7B67r0YTpxVvo1K7vHYFboDvPz7xG57QIFIM\\nwGd1OegariMT3N8gBOzLZc+jqLpxgo4xoNqBHMo6DEmKLdWdzU4ljpuGK9had99k\\nvQ5vft/Qra3v1uq2lOm/G92b0uA9Y1t2bMHobtAnuXL0HmY9XcLdzpC3f8h8\\n-----END CERTIFICATE REQUEST-----", "validity" : { "type" : "YEAR", "value" : 3 }, "issuer_id" : "2cb2878b-6cd1-460d-bd25-afe655159bdc" }
Example Responses
Status code: 200
Request succeeded.
{ "certificate_id" : "e3e10fc6-5dff-4a70-9cb5-320d258a6215" }
Status code: 400
Invalid request parameters.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status code: 401
Token required for the requested page.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status code: 403
Authentication failed.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status code: 404
No resources available or found.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status code: 500
Internal service error.
{ "error_code" : "PCA.XXX", "error_msg" : "XXX" }
Status Codes
Status Code |
Description |
---|---|
200 |
Request succeeded. |
400 |
Invalid request parameters. |
401 |
Token required for the requested page. |
403 |
Authentication failed. |
404 |
No resources available or found. |
500 |
Internal service error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot