MENU
      Private CA overview

        Private CA overview


        Article summary

        Available in Classic and VPC

        Private CA is a NAVER Cloud Platform service that supports the building and operation of standard private certificate authorities (CAs) and provides the features to issue, manage, and revoke private certificates securely. The Private CA service provides APIs for private certification authority (CA) operations, private certificate issuance, and management features in RESTful form.

        Common Private CA settings

        The following describes commonly used request and response formats in Private CA APIs.

        Request

        The following describes the common request format.

        API URL

        The request API URL is as follows.

        https://pca.apigw.ntruss.com/api/v1
        Plain text

        Request headers

        The following describes the headers.

        FieldRequiredDescription
        x-ncp-apigw-timestampRequiredThis is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC
      • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes
      • x-ncp-iam-access-keyRequiredAccess key issued on NAVER Cloud Platform
      • Issue and check access key: See Create authentication key
      • Issue and check access key for sub account: See Create sub account
      • x-ncp-apigw-signature-v2RequiredBase64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
      • Issue and check secret key: See Create authentication key
      • Create signature: See Create signature
      • Content-typeRequiredRequest data format
      • application/json
      • Response

        The following describes the common response format.

        Response status codes

        The following describes the response status codes.

        HTTP status codeCodeMessageDescription
        400-Invalid request.Request syntax error
        400-ncloudInstanceNo is missing.ncloudInstanceNo value is not entered
        400-tenant id is missing.Tenant ID is not entered.
        400-idNo is missing.idNo value is not entered
        400-alias is missing.alias value is not entered
        400-common name is missing.x509Parameters.commonName value is not entered
        400-x509Parameters are missing.Advanced settings information (x509Parameters) is not entered
        400-csr is missing.csrPem value is not entered
        400-cert is missing.certPem value is not entered
        400-status is missing.status value is not entered
        400-caId is missing.caId value is not entered
        400-serial no is missing.serialNo value is not entered
        400-token is missing.The token value is not entered
        400-ca type is missing.caType value is not entered
        400-key bits are missing.The key bits value is not entered
        400-The request body is missing.Request body is not entered
        400-caTag is missing.caTag value is not entered
        400-caId or caTag is missing.caId or caTag value is not entered
        400-chain is missing.caChain value is not entered
        400-expiry is missing.expiry value is not entered
        400-ocsp_servers are missing.ocsp_servers value is not entered
        400-Invalid input.Invalid request entered
        400-Invalid certificate value.Entered certificate value is invalid
        400-Invalid status value.Entered status value is invalid
        400-Invalid period value.Entered period value is invalid
        400-Invalid page no value.Entered pageNo value is invalid
        400-Invalid serial no value.Entered serialNo value is invalid
        400-ca alias exceeded the allowed length.Entered alias value exceeds the allowed length
        400-memo exceeded the allowed length.Entered description value exceeds the allowed length
        400-common name exceeded the allowed length.Entered x509Parameters.commonName value exceeds the allowed length
        400-organization exceeded the allowed length.Entered x509Parameters.organization value exceeds the allowed length
        400-organization unit exceeded the allowed length.Entered x509Parameters.organicationUnit value exceeds the allowed length
        400-state province exceeded the allowed length.Entered x509Parameters.stateProvince value exceeds the allowed length
        400-locality exceeded the allowed length.Entered x509Parameters.locality value exceeds the allowed length
        400-street address exceeded the allowed length.Entered x509Parameters.streetAddress value exceeds the allowed length
        400-Unsupported keyBits.Invalid key bits entered
        400-Invalid keyType.Entered keyType value is invalid
        400-Invalid caId.Entered caId value is invalid
        400-Invalid csr.Entered csrPem value is invalid
        400-Invalid tenant id.Entered tenant ID is invalid
        400-Invalid id no.Entered idNo value is invalid
        400-Invalid user.Entered user is invalid
        400-Invalid key type.Entered key type is invalid
        400-Invalid ip.Entered x509Parameters.ip value is invalid
        400-Invalid uir.Entered URI is invalid
        400-Invalid other.Entered other is invalid
        400-Certificate validation failed: The CA chain is invalid.Entered caChain value is invalid
        400-The CA certificate can't be revoked.Invalid revocation request
        400-CSR's keyBits and the request body's keyBits don't match.Key bits in CSR don't match key bits in the request body
        400-CSR's keyType and the request body's keyType don't match.Key type in CSR doesn't match the key type entered in the request body
        400-Invalid status.Invalid status
        400-Invalid castore.Invalid castore
        400-Invalid ca status.Invalid CA status
        400-Invalid issuer ca status.Invalid issuer CA status
        400-Invalid ca.Invalid CA
        400-Invalid ca type.Entered caType value is invalid
        400-Invalid cert.Entered cert value is invalid
        400-The maximum number of issuances has been exceeded.
        Certificate issuance can't exceed 30,000.
        If you need additional issuance, contact the customer center.
        Number of certificates available for issuance exceeded
        400-The CA validity period can't be exceeded.The CSR's validity period exceeds the CA's validity period
        400-The maximum number of CAs that can be created has been exceeded.
        Up to 10 root/intermediate CAs can be created.
        Number of CAs available for creation exceeded
        400-This castore already exists.A castore in use is entered
        400-This alias already exists.A CA name in use is entered
        400-This policy already exists.A policy in use is entered
        400-Expired cert.Expired certificate information is entered
        400-The castore doesn't exist.A castore that doesn't exist is entered
        400-The policy doesn't exist.A policy that doesn't exist is entered
        400-The crl configuration doesn't exist.CRL update cycle is not set
        400-The CA doesn't exist.A CA that doesn't exist is entered
        400-The certificate doesn't exist.A certificate that doesn't exist is entered
        500-We apologize for the inconvenience. This is temporarily not available. If this error persists, please contact our customer centerService error
        Note

        For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

        Private CA API

        The following describes the APIs provided by the Private CA service.

        APIDescription
        Activate Sub CAEnable intermediate CA
        Add CA UserGrant CA permissions to sub account
        Create CACreate CA
        Create OCSPDeploy OCSP URL to private certificate
        Delete CADelete CA
        Delete CA UserRevoke CA permissions granted to sub account
        Delete OCSPRemove OCSP URL from private certificate
        Get CAGet CA details
        Get CA ChainGet CA chain information
        Get CA CRLGet CA CRL
        Get CA ListGet the complete list of CAs
        Get CA User ListGet the complete list of sub accounts with CA permissions
        Get CRL ConfigGet CA CRL's update cycle
        Get End CertGet private certificate details
        Get End Cert ListGet the complete list of private certificates
        Get Sub CSRGet CSR of intermediate CA
        Issue End CertIssue private certificate
        Revoke End CertRevoke private certificate
        Rotate CRLRenew with CRL manual rotation
        Sign End CsrSign new certificate with CSR
        Sign Sub CsrIssue intermediate CA certificate
        Trim CAClean up CRLs by deleting expired certificates
        Update CAChange CA status
        Update CRL ConfigSet CA CRL's update cycle

        NAVER Cloud Platform provides a variety of related resources to help users better understand Private CA APIs.


        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.