Certificate Manager Private CA API, REST: PrivateCa.ImportCertificateAuthority
Imports an externally generated Certificate Authority (CA).
You can import an existing CA from external PKI systems.
HTTP request
POST https://private-ca.certificate-manager.api.cloud.yandex.net/privateca/v1/certificateAuthorities:import
Body parameters
{
"folderId": "string",
"name": "string",
"description": "string",
"certificateContent": "string",
"keyPair": "string",
"passphrase": "string",
"endEntitiesTtlLimitDays": "string",
"deletionProtection": "boolean"
}
Request to import an externally generated Certificate Authority (CA).
|
Field |
Description |
|
folderId |
string Required field. Folder ID where the CA is being created. |
|
name |
string Required field. The name of the imported Certificate Authority. |
|
description |
string A brief description of the imported Certificate Authority. |
|
certificateContent |
string Required field. PEM-encoded certificate content for the Certificate Authority. |
|
keyPair |
string Required field. PEM-encoded key pair content for the CA (private key). |
|
passphrase |
string PEM-encoded passphrase to decrypt the private key (if applicable). |
|
endEntitiesTtlLimitDays |
string (int64) TTL limit in days for end-entities signed by the CA. |
|
deletionProtection |
boolean Protect the CA from accidental deletion. |
Response
HTTP Code: 200 - OK
{
"id": "string",
"description": "string",
"createdAt": "string",
"createdBy": "string",
"modifiedAt": "string",
"done": "boolean",
"metadata": {
"certificateAuthorityId": "string"
},
// Includes only one of the fields `error`, `response`
"error": {
"code": "integer",
"message": "string",
"details": [
"object"
]
},
"response": {
"id": "string",
"folderId": "string",
"name": "string",
"description": "string",
"parentCertificateAuthorityId": "string",
"status": "string",
"issuedAt": "string",
"notAfter": "string",
"notBefore": "string",
"crlEndpoint": "string",
"endEntitiesTtlLimitDays": "string",
"deletionProtection": "boolean",
"createdAt": "string",
"updatedAt": "string"
}
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
|
Field |
Description |
|
id |
string ID of the operation. |
|
description |
string Description of the operation. 0-256 characters long. |
|
createdAt |
string (date-time) Creation timestamp. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
createdBy |
string ID of the user or service account who initiated the operation. |
|
modifiedAt |
string (date-time) The time when the Operation resource was last modified. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
done |
boolean If the value is |
|
metadata |
ImportCertificateAuthorityMetadata Service-specific metadata associated with the operation. |
|
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
|
response |
The normal response of the operation in case of success. Includes only one of the fields The operation result. |
ImportCertificateAuthorityMetadata
Metadata for the ImportCertificateAuthority operation.
|
Field |
Description |
|
certificateAuthorityId |
string The ID of the imported Certificate Authority. |
Status
The error result of the operation in case of failure or cancellation.
|
Field |
Description |
|
code |
integer (int32) Error code. An enum value of google.rpc.Code. |
|
message |
string An error message. |
|
details[] |
object A list of messages that carry the error details. |
CertificateAuthority
A certificate authority (CA) used to sign certificates.
|
Field |
Description |
|
id |
string ID of the certificate authority. |
|
folderId |
string ID of the folder that the certificate authority belongs to. |
|
name |
string Name of the certificate authority. |
|
description |
string Description of the certificate authority. |
|
parentCertificateAuthorityId |
string ID of the parent certificate authority that signed this certificate authority if any. |
|
status |
enum (Status) Status of the certificate authority.
|
|
issuedAt |
string (date-time) Time when the certificate authority was issued. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
notAfter |
string (date-time) Time after which the certificate authority is not valid. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
notBefore |
string (date-time) Time before which the certificate authority is not valid. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
crlEndpoint |
string Endpoint of the certificate revocation list (CRL) for the certificate authority. |
|
endEntitiesTtlLimitDays |
string (int64) Maximum allowed TTL (in days) for end-entity certificates issued by this CA. |
|
deletionProtection |
boolean Flag that protects deletion of the certificate authority. |
|
createdAt |
string (date-time) Time when the certificate authority was created. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |
|
updatedAt |
string (date-time) Time when the certificate authority was last updated. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the |