Certificate Manager Private CA API, REST: PrivateCa.GenerateCertificateAuthorityByCsr
Generates a Certificate Authority (CA) by using a Certificate Signing Request (CSR).
This allows using an externally provided CSR to finalize CA creation.
HTTP request
POST https://private-ca.certificate-manager.api.cloud.yandex.net/privateca/v1/certificateAuthorities:generateByCsr
Body parameters
{
"folderId": "string",
"parentCertificateAuthorityId": "string",
"name": "string",
"description": "string",
"csr": "string",
"privateKey": "string",
"ttlDays": "string",
"endEntitiesTtlLimitDays": "string",
"templateId": "string",
"enableCrl": "boolean",
"enableOcsp": "boolean",
"deletionProtection": "boolean"
}
Request to generate a Certificate Authority (CA) from a Certificate Signing Request (CSR).
Field |
Description |
folderId |
string Required field. Folder ID where the CA is being created. |
parentCertificateAuthorityId |
string Optional. If set intermediate CA would be generated and signed on parent CA |
name |
string Required field. The name of the Certificate Authority. |
description |
string An optional description of the Certificate Authority. |
csr |
string Required field. The PEM-encoded Certificate Signing Request (CSR) content. |
privateKey |
string Optional. The PEM-encoded private key linked to the certificate. If absent CA would be issued with server side generated key pair |
ttlDays |
string (int64) The Time-To-Live (TTL) in days for the CA. |
endEntitiesTtlLimitDays |
string (int64) TTL limit in days for end-entities signed by the CA. |
templateId |
string Optional template ID to fill certificate fields with template data. Explicitly defined parameters is preferred |
enableCrl |
boolean Enable Certificate Revocation List (CRL) support. |
enableOcsp |
boolean Enable Online Certificate Status Protocol (OCSP) support. |
deletionProtection |
boolean Protect the CA from accidental deletion. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": "boolean",
"metadata": {
"certificateAuthorityId": "string"
},
// Includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": {
"id": "string",
"folderId": "string",
"name": "string",
"description": "string",
"parentCertificateAuthorityId": "string",
"status": "string",
"issuedAt": "string",
"notAfter": "string",
"notBefore": "string",
"crlEndpoint": "string",
"endEntitiesTtlLimitDays": "string",
"deletionProtection": "boolean",
"createdAt": "string",
"updatedAt": "string"
}
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
Field |
Description |
id |
string ID of the operation. |
description |
string Description of the operation. 0-256 characters long. |
createdAt |
string (date-time) Creation timestamp. String in RFC3339 To work with values in this field, use the APIs described in the |
createdBy |
string ID of the user or service account who initiated the operation. |
modifiedAt |
string (date-time) The time when the Operation resource was last modified. String in RFC3339 To work with values in this field, use the APIs described in the |
done |
boolean If the value is |
metadata |
GenerateCertificateAuthorityByCsrMetadata Service-specific metadata associated with the operation. |
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
response |
The normal response of the operation in case of success. Includes only one of the fields The operation result. |
GenerateCertificateAuthorityByCsrMetadata
Metadata for the GenerateCertificateAuthorityByCsr operation.
Field |
Description |
certificateAuthorityId |
string The ID of the Certificate Authority being generated. |
Status
The error result of the operation in case of failure or cancellation.
Field |
Description |
code |
integer (int32) Error code. An enum value of google.rpc.Code |
message |
string An error message. |
details[] |
object A list of messages that carry the error details. |
CertificateAuthority
A certificate authority (CA) used to sign certificates.
Field |
Description |
id |
string ID of the certificate authority. |
folderId |
string ID of the folder that the certificate authority belongs to. |
name |
string Name of the certificate authority. |
description |
string Description of the certificate authority. |
parentCertificateAuthorityId |
string ID of the parent certificate authority that signed this certificate authority if any. |
status |
enum (Status) Status of the certificate authority.
|
issuedAt |
string (date-time) Time when the certificate authority was issued. String in RFC3339 To work with values in this field, use the APIs described in the |
notAfter |
string (date-time) Time after which the certificate authority is not valid. String in RFC3339 To work with values in this field, use the APIs described in the |
notBefore |
string (date-time) Time before which the certificate authority is not valid. String in RFC3339 To work with values in this field, use the APIs described in the |
crlEndpoint |
string Endpoint of the certificate revocation list (CRL) for the certificate authority. |
endEntitiesTtlLimitDays |
string (int64) Maximum allowed TTL (in days) for end-entity certificates issued by this CA. |
deletionProtection |
boolean Flag that protects deletion of the certificate authority. |
createdAt |
string (date-time) Time when the certificate authority was created. String in RFC3339 To work with values in this field, use the APIs described in the |
updatedAt |
string (date-time) Time when the certificate authority was last updated. String in RFC3339 To work with values in this field, use the APIs described in the |