Связаться с намиПодключиться

Certificate Manager API, REST: Certificate.Create

Статья создана
Обновлена 17 декабря 2024 г.

Creates a certificate in the specified folder.

HTTP request

POST https://certificate-manager.api.cloud.yandex.net/certificate-manager/v1/certificates

Body parameters

{
  "folderId": "string",
  "name": "string",
  "description": "string",
  "labels": "object",
  "certificate": "string",
  "chain": "string",
  "privateKey": "string",
  "deletionProtection": "boolean"
}

Field

Description

folderId

string

Required field. ID of the folder to create a certificate in.

name

string

Name of the certificate.
The name must be unique within the folder.

description

string

Description of the certificate.

labels

object (map<string, string>)

Labels for the certificate as key:value pairs.

certificate

string

PEM-encoded certificate content of the certificate.

chain

string

PEM-encoded certificate chain content of the certificate.

privateKey

string

Required field. PEM-encoded private key content of the certificate.

deletionProtection

boolean

Flag that protects deletion of the certificate

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": "boolean",
  "metadata": {
    "certificateId": "string"
  },
  // Includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": {
    "id": "string",
    "folderId": "string",
    "createdAt": "string",
    "name": "string",
    "description": "string",
    "labels": "object",
    "type": "string",
    "domains": [
      "string"
    ],
    "status": "string",
    "issuer": "string",
    "subject": "string",
    "serial": "string",
    "updatedAt": "string",
    "issuedAt": "string",
    "notAfter": "string",
    "notBefore": "string",
    "challenges": [
      {
        "domain": "string",
        "type": "string",
        "createdAt": "string",
        "updatedAt": "string",
        "status": "string",
        "message": "string",
        "error": "string",
        // Includes only one of the fields `dnsChallenge`, `httpChallenge`
        "dnsChallenge": {
          "name": "string",
          "type": "string",
          "value": "string"
        },
        "httpChallenge": {
          "url": "string",
          "content": "string"
        }
        // end of the list of possible fields
      }
    ],
    "deletionProtection": "boolean",
    "incompleteChain": "boolean"
  }
  // end of the list of possible fields
}

An Operation resource. For more information, see Operation.

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

createdBy

string

ID of the user or service account who initiated the operation.

modifiedAt

string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

done

boolean

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

CreateCertificateMetadata

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

Certificate

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

CreateCertificateMetadata

Field

Description

certificateId

string

ID of the certificate being created.

Status

The error result of the operation in case of failure or cancellation.

Field

Description

code

integer (int32)

Error code. An enum value of google.rpc.Code.

message

string

An error message.

details[]

object

A list of messages that carry the error details.

Certificate

A certificate. For details about the concept, see documentation.

Field

Description

id

string

ID of the certificate. Generated at creation time.

folderId

string

ID of the folder that the certificate belongs to.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

name

string

Name of the certificate.
The name is unique within the folder.

description

string

Description of the certificate.

labels

object (map<string, string>)

Certificate labels as key:value pairs.

type

enum (CertificateType)

Type of the certificate.

  • CERTIFICATE_TYPE_UNSPECIFIED
  • IMPORTED: The certificate is imported by user.
  • MANAGED: The certificate is created by service.

domains[]

string

Fully qualified domain names of the certificate.

status

enum (Status)

Status of the certificate.

  • STATUS_UNSPECIFIED
  • VALIDATING: The certificate domains validation are required. Used only for managed certificates.
  • INVALID: The certificate issuance is failed. Used only for managed certificates.
  • ISSUED: The certificate is issued.
  • REVOKED: The certificate is revoked.
  • RENEWING: The certificate renewal is started. Used only for managed certificates.
  • RENEWAL_FAILED: The certificate renewal is failed. Used only for managed certificates.

issuer

string

Distinguished Name of the certificate authority that issued the certificate.

subject

string

Distinguished Name of the entity that is associated with the public key contained in the certificate.

serial

string

Serial number of the certificate.

updatedAt

string (date-time)

Time when the certificate is updated.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

issuedAt

string (date-time)

Time when the certificate is issued.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notAfter

string (date-time)

Time after which the certificate is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notBefore

string (date-time)

Time before which the certificate is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

challenges[]

Challenge

Domains validation challenges of the certificate. Used only for managed certificates.

deletionProtection

boolean

Flag that protects deletion of the certificate

incompleteChain

boolean

Mark imported certificates without uploaded chain or with chain which not lead to root certificate

Challenge

Domain validation challenge.

Field

Description

domain

string

Domain of the challenge.

type

enum (ChallengeType)

Type of the challenge.

  • CHALLENGE_TYPE_UNSPECIFIED
  • DNS: Domain validation type that using DNS-records.
  • HTTP: Domain validation type that using HTTP-files.

createdAt

string (date-time)

Time when the challenge is created.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

updatedAt

string (date-time)

Time when the challenge is updated.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

status

enum (Status)

Status of the challenge.

  • STATUS_UNSPECIFIED
  • PENDING: The challenge is waiting to be completed.
  • PROCESSING: The challenge is awaiting approval from Let's Encrypt.
  • VALID: The challenge is complete.
  • INVALID: The rights check for a specific domain failed or the one-week period allocated for the check expired.

message

string

Description of the challenge.

error

string

Error of the challenge.

dnsChallenge

DnsRecord

DNS-record.

Includes only one of the fields dnsChallenge, httpChallenge.

Data of the challenge.

httpChallenge

HttpFile

HTTP-file.

Includes only one of the fields dnsChallenge, httpChallenge.

Data of the challenge.

DnsRecord

Field

Description

name

string

Name of the DNS record.

type

string

Type of the DNS-record.

value

string

Value of the DNS-record.

HttpFile

Field

Description

url

string

Location of the HTTP file.

content

string

Content of the HTTP file.
Предыдущая
ListVersions
Следующая
Update