Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Certificate Manager
  • Getting started
  • Access management
  • Pricing policy
  • Terraform reference
    • Authentication with the API
      • Overview
        • Overview
          • Overview
          • GenerateCertificateAuthority
          • GenerateCertificateAuthorityByCsr
          • ImportCertificateAuthority
          • GenerateCsrForCertificateAuthority
          • SendSignedCertificateOfCertificateAuthority
          • Delete
          • GetCsrForCertificateAuthority
          • Get
          • List
          • Update
          • ListAccessBindings
          • SetAccessBindings
          • UpdateAccessBindings
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  • FAQ

In this article:

  • HTTP request
  • Path parameters
  • Body parameters
  • Response
  • UpdateCertificateAuthorityMetadata
  • Status
  • CertificateAuthority
  1. API reference
  2. REST
  3. Certificate Manager Private CA API
  4. PrivateCa
  5. Update

Certificate Manager Private CA API, REST: PrivateCa.Update

Written by
Yandex Cloud
Updated at January 14, 2025
  • HTTP request
  • Path parameters
  • Body parameters
  • Response
  • UpdateCertificateAuthorityMetadata
  • Status
  • CertificateAuthority

Updates the specified Certificate Authority (CA).
This allows updating attributes of an already existing CA, such as name, description, etc.

HTTP requestHTTP request

PATCH https://private-ca.certificate-manager.api.cloud.yandex.net/privateca/v1/certificateAuthorities/{certificateAuthorityId}

Path parametersPath parameters

Request to update existing properties of a Certificate Authority.
Only fields specified in update_mask will be updated.

Field

Description

certificateAuthorityId

string

Required field. The ID of the Certificate Authority to update.

Body parametersBody parameters

{
  "updateMask": "string",
  "name": "string",
  "description": "string",
  "deletionProtection": "boolean",
  "endEntitiesTtlLimitDays": "string"
}

Request to update existing properties of a Certificate Authority.
Only fields specified in update_mask will be updated.

Field

Description

updateMask

string (field-mask)

A comma-separated names off ALL fields to be updated.
Only the specified fields will be changed. The others will be left untouched.
If the field is specified in updateMask and no value for that field was sent in the request,
the field's value will be reset to the default. The default value for most fields is null or 0.

If updateMask is not sent in the request, all fields' values will be updated.
Fields specified in the request will be updated to provided values.
The rest of the fields will be reset to the default.

name

string

New name of the Certificate Authority (if applicable).
This field is optional and will only be applied if included in the update mask.

description

string

New description of the Certificate Authority (if applicable).
Allows adding or updating the description to clarify the CA's purpose.

deletionProtection

boolean

Update the deletion protection flag.
Protects the Certificate Authority from accidental deletion.

endEntitiesTtlLimitDays

string (int64)

Update the end-entity TTL limit for certificates issued by this Certificate Authority.

ResponseResponse

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": "boolean",
  "metadata": {
    "certificateAuthorityId": "string"
  },
  // Includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": {
    "id": "string",
    "folderId": "string",
    "name": "string",
    "description": "string",
    "parentCertificateAuthorityId": "string",
    "status": "string",
    "issuedAt": "string",
    "notAfter": "string",
    "notBefore": "string",
    "crlEndpoint": "string",
    "endEntitiesTtlLimitDays": "string",
    "deletionProtection": "boolean",
    "createdAt": "string",
    "updatedAt": "string"
  }
  // end of the list of possible fields
}

An Operation resource. For more information, see Operation.

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

createdBy

string

ID of the user or service account who initiated the operation.

modifiedAt

string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

done

boolean

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

UpdateCertificateAuthorityMetadata

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

CertificateAuthority

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

UpdateCertificateAuthorityMetadataUpdateCertificateAuthorityMetadata

Metadata returned from the UpdateCertificateAuthority operation.

Field

Description

certificateAuthorityId

string

The ID of the Certificate Authority that was updated.

StatusStatus

The error result of the operation in case of failure or cancellation.

Field

Description

code

integer (int32)

Error code. An enum value of google.rpc.Code.

message

string

An error message.

details[]

object

A list of messages that carry the error details.

CertificateAuthorityCertificateAuthority

A certificate authority (CA) used to sign certificates.

Field

Description

id

string

ID of the certificate authority.

folderId

string

ID of the folder that the certificate authority belongs to.

name

string

Name of the certificate authority.

description

string

Description of the certificate authority.

parentCertificateAuthorityId

string

ID of the parent certificate authority that signed this certificate authority if any.

status

enum (Status)

Status of the certificate authority.

  • STATUS_UNSPECIFIED
  • UNSIGNED: The certificate authority is unsigned and pending signing.
  • ACTIVE: The certificate authority is active and can issue certificates.

issuedAt

string (date-time)

Time when the certificate authority was issued.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notAfter

string (date-time)

Time after which the certificate authority is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notBefore

string (date-time)

Time before which the certificate authority is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

crlEndpoint

string

Endpoint of the certificate revocation list (CRL) for the certificate authority.

endEntitiesTtlLimitDays

string (int64)

Maximum allowed TTL (in days) for end-entity certificates issued by this CA.

deletionProtection

boolean

Flag that protects deletion of the certificate authority.

createdAt

string (date-time)

Time when the certificate authority was created.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

updatedAt

string (date-time)

Time when the certificate authority was last updated.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

Was the article helpful?

Previous
List
Next
ListAccessBindings
Yandex project
© 2025 Yandex.Cloud LLC