Yandex Cloud
Поиск
Связаться с намиПодключиться
  • Документация
  • Блог
  • Все сервисы
  • Статус работы сервисов
    • Популярные
    • Инфраструктура и сеть
    • Платформа данных
    • Контейнеры
    • Инструменты разработчика
    • Бессерверные вычисления
    • Безопасность
    • Мониторинг и управление ресурсами
    • Машинное обучение
    • Бизнес-инструменты
  • Все решения
    • По отраслям
    • По типу задач
    • Экономика платформы
    • Безопасность
    • Техническая поддержка
    • Каталог партнёров
    • Обучение и сертификация
    • Облако для стартапов
    • Облако для крупного бизнеса
    • Центр технологий для общества
    • Облако для интеграторов
    • Поддержка IT-бизнеса
    • Облако для фрилансеров
    • Обучение и сертификация
    • Блог
    • Документация
    • Контент-программа
    • Мероприятия и вебинары
    • Контакты, чаты и сообщества
    • Идеи
    • Истории успеха
    • Тарифы Yandex Cloud
    • Промоакции и free tier
    • Правила тарификации
  • Документация
  • Блог
Проект Яндекса
© 2025 ООО «Яндекс.Облако»
Yandex Certificate Manager
  • Начало работы
  • Управление доступом
  • Правила тарификации
  • Справочник Terraform
    • Аутентификация в API
      • Overview
        • Overview
          • Overview
          • GenerateCertificateAuthority
          • GenerateCertificateAuthorityByCsr
          • ImportCertificateAuthority
          • GenerateCsrForCertificateAuthority
          • SendSignedCertificateOfCertificateAuthority
          • Delete
          • GetCsrForCertificateAuthority
          • Get
          • List
          • Update
          • ListAccessBindings
          • SetAccessBindings
          • UpdateAccessBindings
  • Метрики Monitoring
  • Аудитные логи Audit Trails
  • История изменений
  • Вопросы и ответы
  • Обучающие курсы

В этой статье:

  • HTTP request
  • Body parameters
  • Response
  • ImportCertificateAuthorityMetadata
  • Status
  • CertificateAuthority
  1. Справочник API
  2. REST (англ.)
  3. Certificate Manager Private CA API
  4. PrivateCa
  5. ImportCertificateAuthority

Certificate Manager Private CA API, REST: PrivateCa.ImportCertificateAuthority

Статья создана
Yandex Cloud
Обновлена 17 декабря 2024 г.
  • HTTP request
  • Body parameters
  • Response
  • ImportCertificateAuthorityMetadata
  • Status
  • CertificateAuthority

Imports an externally generated Certificate Authority (CA).
You can import an existing CA from external PKI systems.

HTTP requestHTTP request

POST https://private-ca.certificate-manager.api.cloud.yandex.net/privateca/v1/certificateAuthorities:import

Body parametersBody parameters

{
  "folderId": "string",
  "name": "string",
  "description": "string",
  "certificateContent": "string",
  "keyPair": "string",
  "passphrase": "string",
  "endEntitiesTtlLimitDays": "string",
  "deletionProtection": "boolean"
}

Request to import an externally generated Certificate Authority (CA).

Field

Description

folderId

string

Required field. Folder ID where the CA is being created.

name

string

Required field. The name of the imported Certificate Authority.

description

string

A brief description of the imported Certificate Authority.

certificateContent

string

Required field. PEM-encoded certificate content for the Certificate Authority.

keyPair

string

Required field. PEM-encoded key pair content for the CA (private key).

passphrase

string

PEM-encoded passphrase to decrypt the private key (if applicable).

endEntitiesTtlLimitDays

string (int64)

TTL limit in days for end-entities signed by the CA.

deletionProtection

boolean

Protect the CA from accidental deletion.

ResponseResponse

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": "boolean",
  "metadata": {
    "certificateAuthorityId": "string"
  },
  // Includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": {
    "id": "string",
    "folderId": "string",
    "name": "string",
    "description": "string",
    "parentCertificateAuthorityId": "string",
    "status": "string",
    "issuedAt": "string",
    "notAfter": "string",
    "notBefore": "string",
    "crlEndpoint": "string",
    "endEntitiesTtlLimitDays": "string",
    "deletionProtection": "boolean",
    "createdAt": "string",
    "updatedAt": "string"
  }
  // end of the list of possible fields
}

An Operation resource. For more information, see Operation.

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

createdBy

string

ID of the user or service account who initiated the operation.

modifiedAt

string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

done

boolean

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

ImportCertificateAuthorityMetadata

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

CertificateAuthority

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

ImportCertificateAuthorityMetadataImportCertificateAuthorityMetadata

Metadata for the ImportCertificateAuthority operation.

Field

Description

certificateAuthorityId

string

The ID of the imported Certificate Authority.

StatusStatus

The error result of the operation in case of failure or cancellation.

Field

Description

code

integer (int32)

Error code. An enum value of google.rpc.Code.

message

string

An error message.

details[]

object

A list of messages that carry the error details.

CertificateAuthorityCertificateAuthority

A certificate authority (CA) used to sign certificates.

Field

Description

id

string

ID of the certificate authority.

folderId

string

ID of the folder that the certificate authority belongs to.

name

string

Name of the certificate authority.

description

string

Description of the certificate authority.

parentCertificateAuthorityId

string

ID of the parent certificate authority that signed this certificate authority if any.

status

enum (Status)

Status of the certificate authority.

  • STATUS_UNSPECIFIED
  • UNSIGNED: The certificate authority is unsigned and pending signing.
  • ACTIVE: The certificate authority is active and can issue certificates.

issuedAt

string (date-time)

Time when the certificate authority was issued.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notAfter

string (date-time)

Time after which the certificate authority is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notBefore

string (date-time)

Time before which the certificate authority is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

crlEndpoint

string

Endpoint of the certificate revocation list (CRL) for the certificate authority.

endEntitiesTtlLimitDays

string (int64)

Maximum allowed TTL (in days) for end-entity certificates issued by this CA.

deletionProtection

boolean

Flag that protects deletion of the certificate authority.

createdAt

string (date-time)

Time when the certificate authority was created.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

updatedAt

string (date-time)

Time when the certificate authority was last updated.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

Была ли статья полезна?

Предыдущая
GenerateCertificateAuthorityByCsr
Следующая
GenerateCsrForCertificateAuthority
Проект Яндекса
© 2025 ООО «Яндекс.Облако»