Available in Classic and VPC
Private CA is a NAVER Cloud Platform service that supports the building and operation of standard private certificate authorities (CAs) and provides the features to issue, manage, and revoke private certificates securely. The Private CA service provides APIs for private certification authority (CA) operations, private certificate issuance, and management features in RESTful form.
Common Private CA settings
The following describes commonly used request and response formats in Private CA APIs.
Request
The following describes the common request format.
API URL
The request API URL is as follows:
https://pca.apigw.ntruss.com/api/v1
Request headers
The following describes the headers.
| Field | Required | Description |
|---|---|---|
x-ncp-apigw-timestamp |
Required | This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC. |
x-ncp-iam-access-key |
Required | Access key issued on NAVER Cloud Platform |
x-ncp-apigw-signature-v2 |
Required | Base64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256) |
Content-type |
Required | Request data formatapplication/json |
Response
The following describes the common response format.
Response status codes
The following describes the response status codes.
| HTTP status code | Code | Message | Description |
|---|---|---|---|
| 400 | - | Invalid request. | Request syntax error |
| 400 | - | ncloudInstanceNo is missing. | ncloudInstanceNo value is not entered. |
| 400 | - | tenant id is missing. | Tenant ID is not entered. |
| 400 | - | idNo is missing. | idNo value is not entered. |
| 400 | - | alias is missing. | alias value is not entered. |
| 400 | - | common name is missing. | x509Parameters.commonName value is not entered. |
| 400 | - | x509Parameters are missing. | Advanced settings information (x509Parameters) is not entered. |
| 400 | - | csr is missing. | csrPem value is not entered. |
| 400 | - | cert is missing. | certPem value is not entered. |
| 400 | - | status is missing. | status value is not entered. |
| 400 | - | caId is missing. | caId value is not entered. |
| 400 | - | serial no is missing. | serialNo value is not entered. |
| 400 | - | token is missing. | The token value is not entered. |
| 400 | - | ca type is missing. | caType value is not entered. |
| 400 | - | key bits are missing. | The key bits value is not entered. |
| 400 | - | The request body is missing. | Request body is not entered. |
| 400 | - | caTag is missing. | caTag value is not entered. |
| 400 | - | caId or caTag is missing. | caId or caTag value is not entered. |
| 400 | - | chain is missing. | caChain value is not entered. |
| 400 | - | expiry is missing. | expiry value is not entered. |
| 400 | - | ocsp_servers are missing. | ocsp_servers value is not entered. |
| 400 | - | Invalid input. | Invalid request entered |
| 400 | - | Invalid certificate value. | Entered certificate value is invalid. |
| 400 | - | Invalid status value. | Entered status value is invalid. |
| 400 | - | Invalid period value. | Entered period value is invalid. |
| 400 | - | Invalid page no value. | Entered pageNo value is invalid. |
| 400 | - | Invalid serial no value. | Entered serialNo value is invalid. |
| 400 | - | ca alias exceeded the allowed length. | Entered alias value exceeds the allowed length. |
| 400 | - | memo exceeded the allowed length. | Entered description value exceeds the allowed length. |
| 400 | - | common name exceeded the allowed length. | Entered x509Parameters.commonName value exceeds the allowed length. |
| 400 | - | organization exceeded the allowed length. | Entered x509Parameters.organization value exceeds the allowed length. |
| 400 | - | organization unit exceeded the allowed length. | Entered x509Parameters.organicationUnit value exceeds the allowed length. |
| 400 | - | state province exceeded the allowed length. | Entered x509Parameters.stateProvince value exceeds the allowed length. |
| 400 | - | locality exceeded the allowed length. | Entered x509Parameters.locality value exceeds the allowed length. |
| 400 | - | street address exceeded the allowed length. | Entered x509Parameters.streetAddress value exceeds the allowed length. |
| 400 | - | Unsupported keyBits. | Invalid key bits entered |
| 400 | - | Invalid keyType. | Entered keyType value is invalid. |
| 400 | - | Invalid caId. | Entered caId value is invalid. |
| 400 | - | Invalid csr. | Entered csrPem value is invalid. |
| 400 | - | Invalid tenant id. | Entered tenant ID is invalid |
| 400 | - | Invalid id no. | Entered idNo value is invalid. |
| 400 | - | Invalid user. | Entered user is invalid |
| 400 | - | Invalid key type. | Entered key type is invalid |
| 400 | - | Invalid ip. | Entered x509Parameters.ip value is invalid. |
| 400 | - | Invalid uir. | Entered URI is invalid |
| 400 | - | Invalid other. | Entered other is invalid |
| 400 | - | Certificate validation failed: The CA chain is invalid. | Entered caChain value is invalid. |
| 400 | - | The CA certificate can't be revoked. | Invalid revocation request |
| 400 | - | CSR's keyBits and the request body's keyBits don't match. | Key bits in CSR don't match key bits in the request body. |
| 400 | - | CSR's keyType and the request body's keyType don't match. | Key type in CSR doesn't match the key type entered in the request body. |
| 400 | - | Invalid status. | Invalid status |
| 400 | - | Invalid castore. | Invalid castore |
| 400 | - | Invalid ca status. | Invalid CA status |
| 400 | - | Invalid issuer ca status. | Invalid issuer CA status |
| 400 | - | Invalid ca. | Invalid CA |
| 400 | - | Invalid ca type. | Entered caType value is invalid. |
| 400 | - | Invalid cert. | Entered cert value is invalid. |
| 400 | - | The maximum number of issuances has been exceeded. Certificate issuance can't exceed 30,000. If you need additional issuance, contact the customer center. |
Number of certificates available for issuance exceeded |
| 400 | - | The CA validity period can't be exceeded. | The CSR's validity period exceeds the CA's validity period. |
| 400 | - | The maximum number of CAs that can be created has been exceeded. Up to 10 root/intermediate CAs can be created. |
Number of CAs available for creation exceeded |
| 400 | - | This castore already exists. | A castore in use is entered. |
| 400 | - | This alias already exists. | A CA name in use is entered. |
| 400 | - | This policy already exists. | A policy in use is entered. |
| 400 | - | Expired cert. | Expired certificate information is entered. |
| 400 | - | The castore doesn't exist. | A castore that doesn't exist is entered. |
| 400 | - | The policy doesn't exist. | A policy that doesn't exist is entered. |
| 400 | - | The crl configuration doesn't exist. | CRL update cycle is not set |
| 400 | - | The CA doesn't exist. | A CA that doesn't exist is entered. |
| 400 | - | The certificate doesn't exist. | A certificate that doesn't exist is entered. |
| 500 | - | We apologize for the inconvenience. This is temporarily not available. If this error persists, please contact our customer center | Service error |
Note
For information about the HTTP status codes common to all NAVER Cloud Platform, see Ncloud API response status codes.
Private CA API
The following describes the APIs provided by the Private CA service.
| API | Description |
|---|---|
| Activate Sub CA | Enable an intermediate CA. |
| Create CA | Create a CA. |
| Create OCSP | Deploy an OCSP URL to a private certificate. |
| Delete CA | Delete a CA. |
| Delete OCSP | Remove an OCSP URL from private certificate. |
| Get CA | Get CA details. |
| Get CA Chain | Get CA chain information. |
| Get CA CRL | Get CA CRL. |
| Get CA List | Get the complete list of CAs. |
| Get CRL Config | Get CA CRL's update cycle. |
| Get End Cert | Get private certificate details. |
| Get End Cert List | Get the complete list of private certificates. |
| Get Sub CSR | Get CSR of an intermediate CA. |
| Issue End Cert | Issue a private certificate. |
| Revoke End Cert | Revoke a private certificate. |
| Rotate CRL | Renew with CRL manual rotation. |
| Sign End Csr | Sign a new certificate with CSR. |
| Sign Sub Csr | Issue an intermediate CA certificate. |
| Trim CA | Clean up CRLs by deleting expired certificates. |
| Update CA | Change CA status. |
| Update CRL Config | Set CA CRL's update cycle. |
Private CA related resources
NAVER Cloud Platform provides a variety of related resources to help users better understand Private CA APIs.
- Private CA API guides
- Sub Account User Guides: how to issue and check access keys for sub accounts issued by NAVER Cloud Platform
- Create signature: how to create a signature required for the request header
- Common Ncloud response status codes: information on common response status codes of NAVER Cloud Platform used by the Private CA service
- How to use the Private CA service
- Private CA User Guide: how to use Private CA in the NAVER Cloud Platform console
- Ncloud use environment guide: guide for VPC and Classic environments and support availability
- Introduction to pricing, characteristics, and detailed features: the summary of pricing system, characteristics, and detailed features of Private CA
- Latest service news: the latest news on Private CA
- FAQ: Frequently asked questions from Private CA users
- Contact us: Send direct inquiries in case of any unresolved questions that aren't answered by the user guides.