Certificate Manager overview

Prev Next

Available in Classic and VPC

Certificate Manager is a service that enables you to issue, register, and manage SSL/TLS certificates to be used by NAVER Cloud Platform's integrated services (Load Balancer, Global Edge) and in external environments. The certificate issuance and management features are provided via RESTful API, and API Gateway IAM authentication is required to call the API.

Certificate Manager API 1.0 Certificate Manager API 2.0
Base URL (domain) https://certificatemanager.apigw.ntruss.com/api/v1 https://certificatemanager.apigw.ntruss.com/api/v2
API type Only three features for external certificates are provided, including registration, deletion, and query.
  • createExternalCertificate, deleteCertificate, getCertificateList
All certificate management features available in the console are provided identically via API.
  • Certificate request, reissuance, status query, download, renewal settings, deletion, etc.

Common Certificate Manager API settings

The following describes commonly used request and response formats in Certificate Manager APIs.

Request

The following describes the common request format.

API URL

The Certificate Manager API provides the following Base URLs for each version. Select and use the URL according to the version of the feature you want to integrate.

Certificate Manager API 1.0: https://certificatemanager.apigw.ntruss.com/api/v1
Certificate Manager API 2.0: https://certificatemanager.apigw.ntruss.com/api/v2

Request headers

The following describes the headers.

Field Required Description
x-ncp-apigw-timestamp Required This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00.
Request is considered invalid if the timestamp differs from the current time by more than 5 minutes.
x-ncp-iam-access-key Required Access key issued on NAVER Cloud Platform
• See Authentication key creation guide.
When using a sub account, see Sub account creation guide.
x-ncp-apigw-signature-v2 Required Base64-encoded signature that encrypts the request path and headers with a secret key that maps to the access key, using the HMAC encryption algorithm (HmacSHA256)
• See Signature creation guide.
Content-Type Required Request data format
  • application/json
Accept Required Response data format
application/json

Response

The following describes the common response format.

Response status codes

The following describes the response status codes.

HTTP status code Code Message Description
200 1002 Unable to load certificate. Expecting PEM format file. Invalid PEM format
200 1004 Failed to delete the certificate. Delete the instance being used first or replace the certificate being used for the instance. Failed to delete certificate (instance in use)
200 1004 Failed to delete the certificate. No certificate was found with a matching with requested certificate name and certificate number. Failed to delete certificate (name, number mismatch)
200 2200 No certificate was found. No certificate search results
200 26034 The certificate is invalid. Invalid certificate
200 26040 Public key in certificate does not match with private key. Invalid private key match
400 100 Bad Request Exception Request syntax error
400 2000 CertificateName is invalid. certificateName can only contain 3-20 English alphabet, numbers, and "-" and must start with an alphabetic character. Invalid certificate name
400 2100 CertificateName is missing; PrivateKey is missing; PublicKeyCertificate is missing; CertificateChain is missing. Unable to find the certificate's name, private key, public key, or chain
401 200 Authentication Failed Authentication failed
401 210 Permission Denied Access unauthorized
404 300 Not Found Exception Not found on server
413 430 Request Entity Too Large Request size exceeded
429 400 Quota Exceeded Request quota exceeded
429 410 Throttle Limited Too fast or frequent requests
429 420 Rate Limited Too many requests in a given time period
503 500 Endpoint Error Endpoint error
504 510 Endpoint Timeout Endpoint timeout
500 900 Unexpected Error Unknown error
Note

For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

Certificate Manager API 1.0

The following describes the API 1.0 provided by the Certificate Manager service.

API Description
createExternalCertificate Add external certificate.
deleteCertificate Delete certificate.
getCertificateList View certificates.

Certificate Manager API 2.0

The following describes the API 2.0 provided by the Certificate Manager service.

Certificate Request

You can use the APIs related to certificate requests to request new certificates or reissue existing ones for your specific purposes, and you can register external certificates issued by third parties.

API Description
CloudBasicCertificateRequest Request CloudBasic certificate.
AdvancedCertificateRequest Request Advanced certificate.
GlobalEdgeCertificateRequest Request GlobalEdge certificate.
ReissueCertificate Reissue certificate.
RegisterExternalCertificate Register external certificate.

Certificate Lookup

The APIs related to certificate inquiry and status are used to query certificates and their status for each certificate type.

API Description
ListCertificateTypes Get the list of certificate types.
ListCertificates Get all certificates.
ListCloudCertificates Get Cloud Basic SSL and GlobalEdge certificates.
ListAdvancedCertificates Get Advanced certificates.
ListDcvStatuses Get the DCV validation status of a requested SSL certificate.
ListRecentCertChanges Get the list of certificates whose status changed during the specified period (minutes or seconds).

Certificate Management

The Certificate Management & Lifecycle APIs are used for managing the certificate lifecycle, including certificate retrieval, download, renewal, and deletion.

API Description
GetCertificateChain Return requested certificate in PEM format, along with the certificate chain.
DownloadCertificate Download certificate file.
DeleteCertificate Delete certificate.
SetRenewalStatus Set whether to enable automatic certificate renewal.
RegisterPrivateKey Register private key for certificate.

Certificate Manager related resources

NAVER Cloud Platform provides a variety of related resources to help users better understand Certificate Manager APIs.