Связаться с намиПодключиться

Certificate Manager Private CA API, REST: PrivateCaCertificate.IssueCertificateByCsr

Статья создана
Обновлена 17 декабря 2024 г.

Issues a new certificate using a CSR (Certificate Signing Request).

HTTP request

POST https://private-ca.certificate-manager.api.cloud.yandex.net/privateca/v1/privateCertificates:issueByCsr

Body parameters

{
  "certificateAuthorityId": "string",
  "name": "string",
  "description": "string",
  "csr": "string",
  "privateKey": "string",
  "templateId": "string",
  "deletionProtection": "boolean",
  "desiredTtlDays": "string"
}

Request to issue a new certificate using a CSR (Certificate Signing Request).

Field

Description

certificateAuthorityId

string

Required field. The ID of the Certificate Authority (CA) that will issue this certificate.

name

string

The name of the certificate.

description

string

A description of the certificate.

csr

string

Required field. PEM-encoded CSR content.

privateKey

string

PEM-encoded private key associated with the CSR. CA will generate own key for certificate if absent

templateId

string

Optional certificate template ID. Issue certificate with template's fields if non-empty.

deletionProtection

boolean

Flag to protect the certificate from being accidentally deleted.

desiredTtlDays

string (int64)

Desired time-to-live (TTL) of the certificate in days.

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": "boolean",
  "metadata": {
    "certificateId": "string"
  },
  // Includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": {
    "id": "string",
    "certificateAuthorityId": "string",
    "name": "string",
    "description": "string",
    "issuedAt": "string",
    "notAfter": "string",
    "notBefore": "string",
    "deletionProtection": "boolean",
    "createdAt": "string",
    "updatedAt": "string"
  }
  // end of the list of possible fields
}

An Operation resource. For more information, see Operation.

Field

Description

id

string

ID of the operation.

description

string

Description of the operation. 0-256 characters long.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

createdBy

string

ID of the user or service account who initiated the operation.

modifiedAt

string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

done

boolean

If the value is false, it means the operation is still in progress.
If true, the operation is completed, and either error or response is available.

metadata

IssueCertificateByCsrMetadata

Service-specific metadata associated with the operation.
It typically contains the ID of the target resource that the operation is performed on.
Any method that returns a long-running operation should document the metadata type, if any.

error

Status

The error result of the operation in case of failure or cancellation.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

response

PrivateCertificate

The normal response of the operation in case of success.
If the original method returns no data on success, such as Delete,
the response is google.protobuf.Empty.
If the original method is the standard Create/Update,
the response should be the target resource of the operation.
Any method that returns a long-running operation should document the response type, if any.

Includes only one of the fields error, response.

The operation result.
If done == false and there was no failure detected, neither error nor response is set.
If done == false and there was a failure detected, error is set.
If done == true, exactly one of error or response is set.

IssueCertificateByCsrMetadata

Metadata for the IssueCertificateByCsr operation.

Field

Description

certificateId

string

The ID of the certificate that was issued using the CSR.

Status

The error result of the operation in case of failure or cancellation.

Field

Description

code

integer (int32)

Error code. An enum value of google.rpc.Code.

message

string

An error message.

details[]

object

A list of messages that carry the error details.

PrivateCertificate

A private certificate issued by a private certificate authority.

Field

Description

id

string

ID of the private certificate.

certificateAuthorityId

string

ID of the certificate authority that issued the private certificate.

name

string

Name of the private certificate.

description

string

Description of the private certificate.

issuedAt

string (date-time)

Time when the private certificate was issued.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notAfter

string (date-time)

Time after which the private certificate is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

notBefore

string (date-time)

Time before which the private certificate is not valid.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

deletionProtection

boolean

Flag that protects deletion of the private certificate.

createdAt

string (date-time)

Time when the private certificate was created.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

updatedAt

string (date-time)

Time when the private certificate was updated.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).
Предыдущая
IssueCertificate
Следующая
Update