Available in Classic and VPC
Certificate Manager is a service that enables you to issue, register, and manage SSL/TLS certificates to be used by NAVER Cloud Platform's integrated services (Load Balancer, Global Edge) and in external environments. The certificate issuance and management features are provided via RESTful API, and API Gateway IAM authentication is required to call the API.
| Certificate Manager API 1.0 | Certificate Manager API 2.0 | |
|---|---|---|
| Base URL (domain) | https://certificatemanager.apigw.ntruss.com/api/v1 | https://certificatemanager.apigw.ntruss.com/api/v2 |
| API type | Only three features for external certificates are provided, including registration, deletion, and query.
|
All certificate management features available in the console are provided identically via API.
|
Common Certificate Manager API settings
The following describes commonly used request and response formats in Certificate Manager APIs.
Request
The following describes the common request format.
API URL
The Certificate Manager API provides the following Base URLs for each version. Select and use the URL according to the version of the feature you want to integrate.
Certificate Manager API 1.0: https://certificatemanager.apigw.ntruss.com/api/v1
Certificate Manager API 2.0: https://certificatemanager.apigw.ntruss.com/api/v2
Request headers
The following describes the headers.
| Field | Required | Description |
|---|---|---|
x-ncp-apigw-timestamp |
Required | This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00. Request is considered invalid if the timestamp differs from the current time by more than 5 minutes. |
x-ncp-iam-access-key |
Required | Access key issued on NAVER Cloud Platform • See Authentication key creation guide. When using a sub account, see Sub account creation guide. |
x-ncp-apigw-signature-v2 |
Required | Base64-encoded signature that encrypts the request path and headers with a secret key that maps to the access key, using the HMAC encryption algorithm (HmacSHA256) • See Signature creation guide. |
Content-Type |
Required | Request data format
|
Accept |
Required | Response data format • application/json |
Response
The following describes the common response format.
Response status codes
The following describes the response status codes.
| HTTP status code | Code | Message | Description |
|---|---|---|---|
| 200 | 1002 | Unable to load certificate. Expecting PEM format file. | Invalid PEM format |
| 200 | 1004 | Failed to delete the certificate. Delete the instance being used first or replace the certificate being used for the instance. | Failed to delete certificate (instance in use) |
| 200 | 1004 | Failed to delete the certificate. No certificate was found with a matching with requested certificate name and certificate number. | Failed to delete certificate (name, number mismatch) |
| 200 | 2200 | No certificate was found. | No certificate search results |
| 200 | 26034 | The certificate is invalid. | Invalid certificate |
| 200 | 26040 | Public key in certificate does not match with private key. | Invalid private key match |
| 400 | 100 | Bad Request Exception | Request syntax error |
| 400 | 2000 | CertificateName is invalid. certificateName can only contain 3-20 English alphabet, numbers, and "-" and must start with an alphabetic character. | Invalid certificate name |
| 400 | 2100 | CertificateName is missing; PrivateKey is missing; PublicKeyCertificate is missing; CertificateChain is missing. | Unable to find the certificate's name, private key, public key, or chain |
| 401 | 200 | Authentication Failed | Authentication failed |
| 401 | 210 | Permission Denied | Access unauthorized |
| 404 | 300 | Not Found Exception | Not found on server |
| 413 | 430 | Request Entity Too Large | Request size exceeded |
| 429 | 400 | Quota Exceeded | Request quota exceeded |
| 429 | 410 | Throttle Limited | Too fast or frequent requests |
| 429 | 420 | Rate Limited | Too many requests in a given time period |
| 503 | 500 | Endpoint Error | Endpoint error |
| 504 | 510 | Endpoint Timeout | Endpoint timeout |
| 500 | 900 | Unexpected Error | Unknown error |
For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.
Certificate Manager API 1.0
The following describes the API 1.0 provided by the Certificate Manager service.
| API | Description |
|---|---|
| createExternalCertificate | Add external certificate. |
| deleteCertificate | Delete certificate. |
| getCertificateList | View certificates. |
Certificate Manager API 2.0
The following describes the API 2.0 provided by the Certificate Manager service.
Certificate Request
You can use the APIs related to certificate requests to request new certificates or reissue existing ones for your specific purposes, and you can register external certificates issued by third parties.
| API | Description |
|---|---|
| CloudBasicCertificateRequest | Request CloudBasic certificate. |
| AdvancedCertificateRequest | Request Advanced certificate. |
| GlobalEdgeCertificateRequest | Request GlobalEdge certificate. |
| ReissueCertificate | Reissue certificate. |
| RegisterExternalCertificate | Register external certificate. |
Certificate Lookup
The APIs related to certificate inquiry and status are used to query certificates and their status for each certificate type.
| API | Description |
|---|---|
| ListCertificateTypes | Get the list of certificate types. |
| ListCertificates | Get all certificates. |
| ListCloudCertificates | Get Cloud Basic SSL and GlobalEdge certificates. |
| ListAdvancedCertificates | Get Advanced certificates. |
| ListDcvStatuses | Get the DCV validation status of a requested SSL certificate. |
| ListRecentCertChanges | Get the list of certificates whose status changed during the specified period (minutes or seconds). |
Certificate Management
The Certificate Management & Lifecycle APIs are used for managing the certificate lifecycle, including certificate retrieval, download, renewal, and deletion.
| API | Description |
|---|---|
| GetCertificateChain | Return requested certificate in PEM format, along with the certificate chain. |
| DownloadCertificate | Download certificate file. |
| DeleteCertificate | Delete certificate. |
| SetRenewalStatus | Set whether to enable automatic certificate renewal. |
| RegisterPrivateKey | Register private key for certificate. |
Certificate Manager related resources
NAVER Cloud Platform provides a variety of related resources to help users better understand Certificate Manager APIs.
- Certificate Manager API guides
- Sub Account User Guides: How to issue and check access keys for sub accounts issued by NAVER Cloud Platform
- API Gateway user guide: How to check the API key required for the request header
- Create signature: How to create a signature required for the request header
- Common Ncloud response status codes: Information on common response status codes of NAVER Cloud Platform used by the Certificate Manager service
- How to use the Certificate Manager service
- Certificate Manager user guide: How to use Certificate Manager in the NAVER Cloud Platform console
- Introduction to Certificate Manager on blog: Introduction to Certificate Manager on the NAVER Cloud Platform's official blog
- Ncloud user environment guide: Explore VPC and Classic environments and supported services.
- Pricing and features: View pricing details and key capabilities.
- Latest service news: The latest news on Certificate Manager
- FAQs: Get answers to common Certificate Manager questions.
- Contact Support: Get help if you can't find what you need in the user guide.