文档首页/ 主机迁移服务 SMS/ API参考/ API v3/ 密钥管理/ 获取SSL证书和私钥
更新时间:2024-08-16 GMT+08:00
在线调试
CLI示例
查看PDF
分享

获取SSL证书和私钥

功能介绍

当迁移采用块级迁移的方式时,安装在源端服务器上的迁移Agent通过SSLSocket同目的端服务器通信,该接口用于下载迁移传输过程所需要的证书和私钥(PEM格式)。

调用方法

请参见如何调用API

URI

GET /v3/tasks/{task_id}/certkey

表1 路径参数

参数

是否必选

参数类型

描述

task_id

String

迁移任务ID

最小长度:0

最大长度:255
表2 Query参数

参数

是否必选

参数类型

描述

enable_ca_cert

Boolean

是否生成ca证书

缺省值:false

请求参数

表3 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

X-Auth-Token 用户Token。通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)。

最小长度:1

最大长度:16384

响应参数

状态码: 200

表4 响应Body参数

参数

参数类型

描述

cert

String

源端证书

最小长度:1

最大长度:1048576

private_key

String

源端私钥

最小长度:1

最大长度:1048576

ca

String

ca证书

最小长度:1

最大长度:1048576

target_mgmt_cert

String

目的端管理层证书

最小长度:1

最大长度:1048576

target_mgmt_private_key

String

目的端管理层私钥

最小长度:1

最大长度:1048576

target_data_cert

String

目的端数据层证书

最小长度:1

最大长度:1048576

target_data_private_key

String

目的端数据层私钥

最小长度:1

最大长度:1048576

状态码: 400

表5 响应Body参数

参数

参数类型

描述

error_code

String

错误码

最小长度:0

最大长度:255

error_msg

String

错误信息

最小长度:0

最大长度:1024

状态码: 401

表6 响应Body参数

参数

参数类型

描述

error_code

String

错误码

最小长度:0

最大长度:255

error_msg

String

错误信息

最小长度:0

最大长度:1024

状态码: 403

表7 响应Body参数

参数

参数类型

描述

error_code

String

错误码

最小长度:0

最大长度:255

error_msg

String

错误信息

最小长度:0

最大长度:1024

状态码: 404

表8 响应Body参数

参数

参数类型

描述

error_code

String

错误码

最小长度:0

最大长度:255

error_msg

String

错误信息

最小长度:0

最大长度:1024

状态码: 500

表9 响应Body参数

参数

参数类型

描述

error_code

String

错误码

最小长度:0

最大长度:255

error_msg

String

错误信息

最小长度:0

最大长度:1024

请求示例

获取迁移任务需要用到的证书和私钥

GET https://{endpoint}/v3/tasks/{task_id}/certkey?enable_ca_cert=true

响应示例

状态码: 200

OK

{
  "ca" : "-----BEGIN CERTIFICATE-----\n********************************\n-----END CERTIFICATE-----\n",
  "cert" : "-----BEGIN CERTIFICATE-----\n********************************\n-----END CERTIFICATE-----\n",
  "private_key" : "-----BEGIN RSA PRIVATE KEY-----\n********************************\n-----END RSA PRIVATE KEY-----\n",
  "target_mgmt_cert" : "-----BEGIN CERTIFICATE-----\n********************************\n-----END CERTIFICATE-----\n",
  "target_mgmt_private_key" : "-----BEGIN RSA PRIVATE KEY-----\n********************************\n-----END RSA PRIVATE KEY-----\n",
  "target_data_cert" : "-----BEGIN CERTIFICATE-----\n********************************\n-----END CERTIFICATE-----\n",
  "target_data_private_key" : "-----BEGIN RSA PRIVATE KEY-----\n********************************\n-----END RSA PRIVATE KEY-----\n"
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.GlobalCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.sms.v3.region.SmsRegion;
import com.huaweicloud.sdk.sms.v3.*;
import com.huaweicloud.sdk.sms.v3.model.*;


public class ShowCertKeySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new GlobalCredentials()
                .withAk(ak)
                .withSk(sk);

        SmsClient client = SmsClient.newBuilder()
                .withCredential(auth)
                .withRegion(SmsRegion.valueOf("<YOUR REGION>"))
                .build();
        ShowCertKeyRequest request = new ShowCertKeyRequest();
        request.withEnableCaCert(<enable_ca_cert>);
        try {
            ShowCertKeyResponse response = client.showCertKey(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import GlobalCredentials
from huaweicloudsdksms.v3.region.sms_region import SmsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksms.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = GlobalCredentials(ak, sk)

    client = SmsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SmsRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ShowCertKeyRequest()
        request.enable_ca_cert = <EnableCaCert>
        response = client.show_cert_key(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
    sms "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/sms/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/sms/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/sms/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := global.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := sms.NewSmsClient(
        sms.SmsClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ShowCertKeyRequest{}
	enableCaCertRequest:= <enable_ca_cert>
	request.EnableCaCert = &enableCaCertRequest
	response, err := client.ShowCertKey(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

错误码

请参见错误码

父主题: 密钥管理