Certificate Manager Private CA API, REST: PrivateCaCertificate.IssueCertificate
Issues a new certificate for a given Certificate Authority (CA).
HTTP request
POST https://private-ca.certificate-manager.api.cloud.yandex.net/privateca/v1/privateCertificates:issue
Body parameters
{
"certificateAuthorityId": "string",
"name": "string",
"description": "string",
"subject": {
"baseRdn": {
"country": "string",
"organization": "string",
"organizationalUnit": "string",
"distinguishedNameQualifier": "string",
"stateOrProvince": "string",
"commonName": "string",
"emailAddress": "string"
},
"additionalRdn": {
"serialNumber": "string",
"locality": "string",
"title": "string",
"surname": "string",
"givenName": "string",
"initials": "string",
"generationQualifier": "string"
}
},
"signingAlgorithm": "string",
"keyUsage": [
"string"
],
"extendedKeyUsage": [
"string"
],
"subjectAlternativeNames": [
{
// Includes only one of the fields `otherName`, `rfc_822Name`, `dnsName`, `x_400Name`, `directoryName`, `ediPartyName`, `uniformResourceIdentifier`, `ipAddress`, `registeredId`
"otherName": {
"typeOid": "string",
"name": "string"
},
"rfc_822Name": "string",
"dnsName": "string",
"x_400Name": "string",
"directoryName": "string",
"ediPartyName": {
"nameAssigner": "string",
"partyName": "string"
},
"uniformResourceIdentifier": "string",
"ipAddress": "string",
"registeredId": "string"
// end of the list of possible fields
}
],
"templateId": "string",
"deletionProtection": "boolean",
"desiredTtlDays": "string"
}
Request to issue a new certificate for a given Certificate Authority.
|
Field |
Description |
|
certificateAuthorityId |
string Required field. The ID of the Certificate Authority (CA) that will issue this certificate. |
|
name |
string The name of the certificate. |
|
description |
string A description of the certificate. |
|
subject |
Details about the certificate subject (e.g., CN, O, etc.). |
|
signingAlgorithm |
enum (Algorithm) The algorithm the CA will use to sign and issue the certificate.
|
|
keyUsage[] |
enum (KeyUsageExtension) List of purposes of the certificate, such as digitalSignature or keyEncipherment.
|
|
extendedKeyUsage[] |
enum (ExtendedKeyUsageExtension) List of extended purposes of the certificate, such as serverAuth or clientAuth.
|
|
subjectAlternativeNames[] |
Subject Alternative Names (SANs) for the certificate, such as DNS entries or IP addresses. |
|
templateId |
string Optional certificate template ID. Issue certificate with template's fields if non-empty. |
|
deletionProtection |
boolean Flag to protect the certificate from being accidentally deleted. |
|
desiredTtlDays |
string (int64) Desired time-to-live (TTL) of the certificate in days. |
Subject
Subject field of certificate https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6
|
Field |
Description |
|
baseRdn |
Required field. Most used field of subject |
|
additionalRdn |
Additional fields of subject |
BaseRDN
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.4
|
Field |
Description |
|
country |
string Two letter county code |
|
organization |
string Organization name in arbitrary form |
|
organizationalUnit |
string Organizational unit name in arbitrary form |
|
distinguishedNameQualifier |
string Distinguished name qualifier |
|
stateOrProvince |
string State or province name in arbitrary form |
|
commonName |
string Common name. For tls certificates it is domain usually. |
|
emailAddress |
string Email address of certificate owner |
AdditionalRDN
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.4
|
Field |
Description |
|
serialNumber |
string Serial number of certificate subject in arbitrary form. Don't confuse with certificate serial number. |
|
locality |
string Locality of certificate subject in arbitrary form. |
|
title |
string Title of certificate subject in arbitrary form. |
|
surname |
string Surname of certificate subject in arbitrary form. |
|
givenName |
string Given name of certificate subject in arbitrary form. |
|
initials |
string Initials of certificate subject in arbitrary form. |
|
generationQualifier |
string Generation qualifier of certificate subject in arbitrary form. |
SubjectAlternativeName
Extend subject of certificate https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6
|
Field |
Description |
|
otherName |
Local defined identifier in arbitrary form Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
|
rfc_822Name |
string Encoded email address Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
|
dnsName |
string Widely used in tls certificates for domains Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
|
x_400Name |
string x400 name https://en.wikipedia.org/wiki/X.400 Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
|
directoryName |
string Represents sequence of rdn for uniquely identifying entities Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
|
ediPartyName |
Electronic Data Interchange entity Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
|
uniformResourceIdentifier |
string URI Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
|
ipAddress |
string ip address of certificate subject. May be used in tls certificates Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
|
registeredId |
string Object Identifier (OID) Includes only one of the fields https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 |
OtherName
|
Field |
Description |
|
typeOid |
string Object identifier for name type |
|
name |
string DER encoded value of type with type_oid |
EdiPartyName
|
Field |
Description |
|
nameAssigner |
string Specifies the entity or authority that assigned the partyName |
|
partyName |
string The actual identifier of the EDI party |
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": "boolean",
"metadata": {
"certificateId": "string"
},
// Includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": {
"id": "string",
"certificateAuthorityId": "string",
"name": "string",
"description": "string",
"issuedAt": "string",
"notAfter": "string",
"notBefore": "string",
"deletionProtection": "boolean",
"createdAt": "string",
"updatedAt": "string"
}
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
|
Field |
Description |
|
id |
string ID of the operation. |
|
description |
string Description of the operation. 0-256 characters long. |
|
createdAt |
string (date-time) Creation timestamp. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
createdBy |
string ID of the user or service account who initiated the operation. |
|
modifiedAt |
string (date-time) The time when the Operation resource was last modified. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
done |
boolean If the value is |
|
metadata |
Service-specific metadata associated with the operation. |
|
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
|
response |
The normal response of the operation in case of success. Includes only one of the fields The operation result. |
IssueCertificateMetadata
Metadata for the IssueCertificate operation, tracking the ID of the new certificate.
|
Field |
Description |
|
certificateId |
string The ID of the certificate that was issued. |
Status
The error result of the operation in case of failure or cancellation.
|
Field |
Description |
|
code |
integer (int32) Error code. An enum value of google.rpc.Code. |
|
message |
string An error message. |
|
details[] |
object A list of messages that carry the error details. |
PrivateCertificate
A private certificate issued by a private certificate authority.
|
Field |
Description |
|
id |
string ID of the private certificate. |
|
certificateAuthorityId |
string ID of the certificate authority that issued the private certificate. |
|
name |
string Name of the private certificate. |
|
description |
string Description of the private certificate. |
|
issuedAt |
string (date-time) Time when the private certificate was issued. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
notAfter |
string (date-time) Time after which the private certificate is not valid. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
notBefore |
string (date-time) Time before which the private certificate is not valid. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
deletionProtection |
boolean Flag that protects deletion of the private certificate. |
|
createdAt |
string (date-time) Time when the private certificate was created. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
updatedAt |
string (date-time) Time when the private certificate was updated. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |