Certificate Manager Private CA API, gRPC: PrivateCaService.GenerateCsrForCertificateAuthority
Generates a Certificate Signing Request (CSR) for a new CA.
This allows generating the CSR which can be used to receive the final certificate.
gRPC request
rpc GenerateCsrForCertificateAuthority (GenerateCsrForCertificateAuthorityRequest) returns (operation.Operation)
GenerateCsrForCertificateAuthorityRequest
{
"folder_id": "string",
"name": "string",
"description": "string",
"issuer": {
"base_rdn": {
"country": "string",
"organization": "string",
"organizational_unit": "string",
"distinguished_name_qualifier": "string",
"state_or_province": "string",
"common_name": "string",
"email_address": "string"
},
"additional_rdn": {
"serial_number": "string",
"locality": "string",
"title": "string",
"surname": "string",
"given_name": "string",
"initials": "string",
"generation_qualifier": "string"
}
},
"subject_spec": {
"base_rdn": {
"country": "string",
"organization": "string",
"organizational_unit": "string",
"distinguished_name_qualifier": "string",
"state_or_province": "string",
"common_name": "string",
"email_address": "string"
},
"additional_rdn": {
"serial_number": "string",
"locality": "string",
"title": "string",
"surname": "string",
"given_name": "string",
"initials": "string",
"generation_qualifier": "string"
}
},
"algorithm": "Algorithm",
"path_len": "int64",
"key_usage": [
"KeyUsageExtension"
],
"extended_key_usage": [
"ExtendedKeyUsageExtension"
],
"ttl_days": "int64",
"end_entities_ttl_limit_days": "int64",
"template_id": "string",
"enable_crl": "bool",
"enable_ocsp": "bool",
"deletion_protection": "bool"
}
Request to generate a CSR for an existing Certificate Authority (CA).
Request for generating a Certificate Signing Request (CSR) for a new Certificate Authority (CA).
Field |
Description |
folder_id |
string Required field. Folder ID where the CA is being created. |
name |
string Required field. Unique name for the Certificate Authority. |
description |
string Optional description of the Certificate Authority for users to add additional context. |
issuer |
Required field. Specifies the Certificate Authority issuer. |
subject_spec |
Required field. Subject specifies the distinguished name (DN) fields for the CA (e.g., CN, O, etc.). |
algorithm |
enum Algorithm Required field. The cryptographic algorithm to generate the CSR with (e.g., RSA, ECC).
|
path_len |
int64 Path length constraint, defining the depth to which the CA can sign child certificates. |
key_usage[] |
enum KeyUsageExtension Specifies the key usage extensions, such as digitalSignature, keyEncipherment, etc.
|
extended_key_usage[] |
enum ExtendedKeyUsageExtension Specifies the extended key usage extensions, such as serverAuth or clientAuth.
|
ttl_days |
int64 Time-to-Live (TTL) in days for the Certificate Authority. |
end_entities_ttl_limit_days |
int64 TTL limit in days for end-entity certificates (e.g., server certs) issued by this CA. |
template_id |
string Optional template ID for applying predefined configurations for generating the keys. |
enable_crl |
bool Enables support for Certificate Revocation Lists (CRL). |
enable_ocsp |
bool Enables support for the Online Certificate Status Protocol (OCSP). |
deletion_protection |
bool Protection flag that prevents accidental deletion of the Certificate Authority. |
Issuer
Issuer field of certificate. Contains same inner field with subject. https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.4
Field |
Description |
base_rdn |
Required field. |
additional_rdn |
BaseRDN
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.4
Field |
Description |
country |
string Two letter county code |
organization |
string Organization name in arbitrary form |
organizational_unit |
string Organizational unit name in arbitrary form |
distinguished_name_qualifier |
string Distinguished name qualifier |
state_or_province |
string State or province name in arbitrary form |
common_name |
string Common name. For tls certificates it is domain usually. |
email_address |
string Email address of certificate owner |
AdditionalRDN
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.4
Field |
Description |
serial_number |
string Serial number of certificate subject in arbitrary form. Don't confuse with certificate serial number. |
locality |
string Locality of certificate subject in arbitrary form. |
title |
string Title of certificate subject in arbitrary form. |
surname |
string Surname of certificate subject in arbitrary form. |
given_name |
string Given name of certificate subject in arbitrary form. |
initials |
string Initials of certificate subject in arbitrary form. |
generation_qualifier |
string Generation qualifier of certificate subject in arbitrary form. |
Subject
Subject field of certificate https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6
Field |
Description |
base_rdn |
Required field. Most used field of subject |
additional_rdn |
Additional fields of subject |
operation.Operation
{
"id": "string",
"description": "string",
"created_at": "google.protobuf.Timestamp",
"created_by": "string",
"modified_at": "google.protobuf.Timestamp",
"done": "bool",
"metadata": {
"certificate_authority_id": "string"
},
// Includes only one of the fields `error`, `response`
"error": "google.rpc.Status",
"response": {
"certificate_authority_id": "string",
"pem_content": "string"
}
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
Field |
Description |
id |
string ID of the operation. |
description |
string Description of the operation. 0-256 characters long. |
created_at |
Creation timestamp. |
created_by |
string ID of the user or service account who initiated the operation. |
modified_at |
The time when the Operation resource was last modified. |
done |
bool If the value is |
metadata |
GenerateCsrForCertificateAuthorityMetadata Service-specific metadata associated with the operation. |
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
response |
CsrForSignCertificateAuthority The normal response of the operation in case of success. Includes only one of the fields The operation result. |
GenerateCsrForCertificateAuthorityMetadata
Metadata returned from the GenerateCsrForCertificateAuthority operation.
Field |
Description |
certificate_authority_id |
string The ID of the Certificate Authority for which the CSR was generated. |
CsrForSignCertificateAuthority
Certificate Signing Request (CSR) for signing a certificate authority.
Field |
Description |
certificate_authority_id |
string ID of the certificate authority for which the CSR was generated. |
pem_content |
string PEM-encoded CSR content. |