Private CA overview

Prev Next

Available in Classic and VPC

Private CA is a NAVER Cloud Platform service that supports the building and operation of standard private certificate authorities (CAs) and provides the features to issue, manage, and revoke private certificates securely. The Private CA service provides APIs for private certification authority (CA) operations, private certificate issuance, and management features in RESTful form.

Common Private CA settings

The following describes commonly used request and response formats in Private CA APIs.

Request

The following describes the common request format.

API URL

The request API URL is as follows:

https://pca.apigw.ntruss.com/api/v1

Request headers

The following describes the headers.

Field Required Description
x-ncp-apigw-timestamp Required This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC.
  • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes.
  • x-ncp-iam-access-key Required Access key issued on NAVER Cloud Platform
  • Issue and check access key: See Create authentication key.
  • Issue and check access key for sub account: See Create sub account.
  • x-ncp-apigw-signature-v2 Required Base64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
  • Issue and check secret key: See Create authentication key.
  • Create signature: See Create signature.
  • Content-type Required Request data format
  • application/json
  • Response

    The following describes the common response format.

    Response status codes

    The following describes the response status codes.

    HTTP status code Code Message Description
    400 - Invalid request. Request syntax error
    400 - ncloudInstanceNo is missing. ncloudInstanceNo value is not entered.
    400 - tenant id is missing. Tenant ID is not entered.
    400 - idNo is missing. idNo value is not entered.
    400 - alias is missing. alias value is not entered.
    400 - common name is missing. x509Parameters.commonName value is not entered.
    400 - x509Parameters are missing. Advanced settings information (x509Parameters) is not entered.
    400 - csr is missing. csrPem value is not entered.
    400 - cert is missing. certPem value is not entered.
    400 - status is missing. status value is not entered.
    400 - caId is missing. caId value is not entered.
    400 - serial no is missing. serialNo value is not entered.
    400 - token is missing. The token value is not entered.
    400 - ca type is missing. caType value is not entered.
    400 - key bits are missing. The key bits value is not entered.
    400 - The request body is missing. Request body is not entered.
    400 - caTag is missing. caTag value is not entered.
    400 - caId or caTag is missing. caId or caTag value is not entered.
    400 - chain is missing. caChain value is not entered.
    400 - expiry is missing. expiry value is not entered.
    400 - ocsp_servers are missing. ocsp_servers value is not entered.
    400 - Invalid input. Invalid request entered
    400 - Invalid certificate value. Entered certificate value is invalid.
    400 - Invalid status value. Entered status value is invalid.
    400 - Invalid period value. Entered period value is invalid.
    400 - Invalid page no value. Entered pageNo value is invalid.
    400 - Invalid serial no value. Entered serialNo value is invalid.
    400 - ca alias exceeded the allowed length. Entered alias value exceeds the allowed length.
    400 - memo exceeded the allowed length. Entered description value exceeds the allowed length.
    400 - common name exceeded the allowed length. Entered x509Parameters.commonName value exceeds the allowed length.
    400 - organization exceeded the allowed length. Entered x509Parameters.organization value exceeds the allowed length.
    400 - organization unit exceeded the allowed length. Entered x509Parameters.organicationUnit value exceeds the allowed length.
    400 - state province exceeded the allowed length. Entered x509Parameters.stateProvince value exceeds the allowed length.
    400 - locality exceeded the allowed length. Entered x509Parameters.locality value exceeds the allowed length.
    400 - street address exceeded the allowed length. Entered x509Parameters.streetAddress value exceeds the allowed length.
    400 - Unsupported keyBits. Invalid key bits entered
    400 - Invalid keyType. Entered keyType value is invalid.
    400 - Invalid caId. Entered caId value is invalid.
    400 - Invalid csr. Entered csrPem value is invalid.
    400 - Invalid tenant id. Entered tenant ID is invalid
    400 - Invalid id no. Entered idNo value is invalid.
    400 - Invalid user. Entered user is invalid
    400 - Invalid key type. Entered key type is invalid
    400 - Invalid ip. Entered x509Parameters.ip value is invalid.
    400 - Invalid uir. Entered URI is invalid
    400 - Invalid other. Entered other is invalid
    400 - Certificate validation failed: The CA chain is invalid. Entered caChain value is invalid.
    400 - The CA certificate can't be revoked. Invalid revocation request
    400 - CSR's keyBits and the request body's keyBits don't match. Key bits in CSR don't match key bits in the request body.
    400 - CSR's keyType and the request body's keyType don't match. Key type in CSR doesn't match the key type entered in the request body.
    400 - Invalid status. Invalid status
    400 - Invalid castore. Invalid castore
    400 - Invalid ca status. Invalid CA status
    400 - Invalid issuer ca status. Invalid issuer CA status
    400 - Invalid ca. Invalid CA
    400 - Invalid ca type. Entered caType value is invalid.
    400 - Invalid cert. Entered cert value is invalid.
    400 - The maximum number of issuances has been exceeded.
    Certificate issuance can't exceed 30,000.
    If you need additional issuance, contact the customer center.
    Number of certificates available for issuance exceeded
    400 - The CA validity period can't be exceeded. The CSR's validity period exceeds the CA's validity period.
    400 - The maximum number of CAs that can be created has been exceeded.
    Up to 10 root/intermediate CAs can be created.
    Number of CAs available for creation exceeded
    400 - This castore already exists. A castore in use is entered.
    400 - This alias already exists. A CA name in use is entered.
    400 - This policy already exists. A policy in use is entered.
    400 - Expired cert. Expired certificate information is entered.
    400 - The castore doesn't exist. A castore that doesn't exist is entered.
    400 - The policy doesn't exist. A policy that doesn't exist is entered.
    400 - The crl configuration doesn't exist. CRL update cycle is not set
    400 - The CA doesn't exist. A CA that doesn't exist is entered.
    400 - The certificate doesn't exist. A certificate that doesn't exist is entered.
    500 - We apologize for the inconvenience. This is temporarily not available. If this error persists, please contact our customer center Service error
    Note

    For information about the HTTP status codes common to all NAVER Cloud Platform, see Ncloud API response status codes.

    Private CA API

    The following describes the APIs provided by the Private CA service.

    API Description
    Activate Sub CA Enable an intermediate CA.
    Create CA Create a CA.
    Create OCSP Deploy an OCSP URL to a private certificate.
    Delete CA Delete a CA.
    Delete OCSP Remove an OCSP URL from private certificate.
    Get CA Get CA details.
    Get CA Chain Get CA chain information.
    Get CA CRL Get CA CRL.
    Get CA List Get the complete list of CAs.
    Get CRL Config Get CA CRL's update cycle.
    Get End Cert Get private certificate details.
    Get End Cert List Get the complete list of private certificates.
    Get Sub CSR Get CSR of an intermediate CA.
    Issue End Cert Issue a private certificate.
    Revoke End Cert Revoke a private certificate.
    Rotate CRL Renew with CRL manual rotation.
    Sign End Csr Sign a new certificate with CSR.
    Sign Sub Csr Issue an intermediate CA certificate.
    Trim CA Clean up CRLs by deleting expired certificates.
    Update CA Change CA status.
    Update CRL Config Set CA CRL's update cycle.

    Private CA related resources

    NAVER Cloud Platform provides a variety of related resources to help users better understand Private CA APIs.