Certificate Manager Private CA API, REST: PrivateCa.GenerateCertificateAuthorityByCsr
Generates a Certificate Authority (CA) by using a Certificate Signing Request (CSR).
This allows using an externally provided CSR to finalize CA creation.
HTTP request
POST https://private-ca.certificate-manager.api.yandexcloud.kz/privateca/v1/certificateAuthorities:generateByCsr
Body parameters
{
"folderId": "string",
"parentCertificateAuthorityId": "string",
"name": "string",
"description": "string",
"csr": "string",
"privateKey": "string",
"ttlDays": "string",
"endEntitiesTtlLimitDays": "string",
"templateId": "string",
"enableCrl": "boolean",
"enableOcsp": "boolean",
"deletionProtection": "boolean"
}
Request to generate a Certificate Authority (CA) from a Certificate Signing Request (CSR).
|
Field |
Description |
|
folderId |
string Required field. Folder ID where the CA is being created. The maximum string length in characters is 50. |
|
parentCertificateAuthorityId |
string Optional. If set intermediate CA would be generated and signed on parent CA The maximum string length in characters is 50. |
|
name |
string Required field. The name of the Certificate Authority. Value must match the regular expression |
|
description |
string An optional description of the Certificate Authority. The maximum string length in characters is 1024. |
|
csr |
string Required field. The PEM-encoded Certificate Signing Request (CSR) content. |
|
privateKey |
string Optional. The PEM-encoded private key linked to the certificate. If absent CA would be issued with server side generated key pair |
|
ttlDays |
string (int64) The Time-To-Live (TTL) in days for the CA. Acceptable values are 1 to 20000, inclusive. |
|
endEntitiesTtlLimitDays |
string (int64) TTL limit in days for end-entities signed by the CA. The maximum value is 20000. |
|
templateId |
string Optional template ID to fill certificate fields with template data. Explicitly defined parameters is preferred The maximum string length in characters is 50. |
|
enableCrl |
boolean Enable Certificate Revocation List (CRL) support. |
|
enableOcsp |
boolean Enable Online Certificate Status Protocol (OCSP) support. |
|
deletionProtection |
boolean Protect the CA from accidental deletion. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": "boolean",
"metadata": "object",
// Includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": "object"
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
|
Field |
Description |
|
id |
string ID of the operation. |
|
description |
string Description of the operation. 0-256 characters long. |
|
createdAt |
string (date-time) Creation timestamp. String in RFC3339 To work with values in this field, use the APIs described in the |
|
createdBy |
string ID of the user or service account who initiated the operation. |
|
modifiedAt |
string (date-time) The time when the Operation resource was last modified. String in RFC3339 To work with values in this field, use the APIs described in the |
|
done |
boolean If the value is |
|
metadata |
object Service-specific metadata associated with the operation. |
|
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
|
response |
object The normal response of the operation in case of success. Includes only one of the fields The operation result. |
Status
The error result of the operation in case of failure or cancellation.
|
Field |
Description |
|
code |
integer (int32) Error code. An enum value of google.rpc.Code |
|
message |
string An error message. |
|
details[] |
object A list of messages that carry the error details. |