Private CA overview
    • PDF

    Private CA overview

    • PDF

    Article summary

    Available in Classic and VPC

    Private CA is a NAVER Cloud Platform service that supports the building and operation of standard private certificate authorities (CAs) and provides the features to issue, manage, and revoke private certificates securely. The Private CA service provides APIs for private certification authority (CA) operations, private certificate issuance, and management features in RESTful form.

    Common Private CA settings

    The following describes commonly used request and response formats in Private CA APIs.

    Request

    The following describes the common request format.

    API URL

    The request API URL is as follows.

    https://pca.apigw.ntruss.com/api/v1
    

    Request headers

    The following describes the headers.

    FieldRequiredDescription
    x-ncp-apigw-timestampRequiredThis is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 UTC
  • Request is considered invalid if the timestamp differs from the current time by more than 5 minutes
  • x-ncp-iam-access-keyRequiredAccess key issued on NAVER Cloud Platform
  • Issue and check access key: See Create authentication key
  • Issue and check access key for sub account: See Create sub account
  • x-ncp-apigw-signature-v2RequiredBase64-encoded signature that encrypts the request information with a secret key that maps to the access key issued on NAVER Cloud Platform, using the HMAC encryption algorithm (HmacSHA256)
  • Issue and check secret key: See Create authentication key
  • Create signature: See Create signature
  • Content-typeRequiredRequest data format
  • application/json
  • Response

    The following describes the common response format.

    Response status codes

    The following describes the response status codes.

    HTTP status codeCodeMessageDescription
    400-Invalid request.Request syntax error
    400-ncloudInstanceNo is missing.ncloudInstanceNo value is not entered
    400-tenant id is missing.Tenant ID is not entered.
    400-idNo is missing.idNo value is not entered
    400-alias is missing.alias value is not entered
    400-common name is missing.x509Parameters.commonName value is not entered
    400-x509Parameters are missing.Advanced settings information (x509Parameters) is not entered
    400-csr is missing.csrPem value is not entered
    400-cert is missing.certPem value is not entered
    400-status is missing.status value is not entered
    400-caId is missing.caId value is not entered
    400-serial no is missing.serialNo value is not entered
    400-token is missing.The token value is not entered
    400-ca type is missing.caType value is not entered
    400-key bits are missing.The key bits value is not entered
    400-The request body is missing.Request body is not entered
    400-caTag is missing.caTag value is not entered
    400-caId or caTag is missing.caId or caTag value is not entered
    400-chain is missing.caChain value is not entered
    400-expiry is missing.expiry value is not entered
    400-ocsp_servers are missing.ocsp_servers value is not entered
    400-Invalid input.Invalid request entered
    400-Invalid certificate value.Entered certificate value is invalid
    400-Invalid status value.Entered status value is invalid
    400-Invalid period value.Entered period value is invalid
    400-Invalid page no value.Entered pageNo value is invalid
    400-Invalid serial no value.Entered serialNo value is invalid
    400-ca alias exceeded the allowed length.Entered alias value exceeds the allowed length
    400-memo exceeded the allowed length.Entered description value exceeds the allowed length
    400-common name exceeded the allowed length.Entered x509Parameters.commonName value exceeds the allowed length
    400-organization exceeded the allowed length.Entered x509Parameters.organization value exceeds the allowed length
    400-organization unit exceeded the allowed length.Entered x509Parameters.organicationUnit value exceeds the allowed length
    400-state province exceeded the allowed length.Entered x509Parameters.stateProvince value exceeds the allowed length
    400-locality exceeded the allowed length.Entered x509Parameters.locality value exceeds the allowed length
    400-street address exceeded the allowed length.Entered x509Parameters.streetAddress value exceeds the allowed length
    400-Unsupported keyBits.Invalid key bits entered
    400-Invalid keyType.Entered keyType value is invalid
    400-Invalid caId.Entered caId value is invalid
    400-Invalid csr.Entered csrPem value is invalid
    400-Invalid tenant id.Entered tenant ID is invalid
    400-Invalid id no.Entered idNo value is invalid
    400-Invalid user.Entered user is invalid
    400-Invalid key type.Entered key type is invalid
    400-Invalid ip.Entered x509Parameters.ip value is invalid
    400-Invalid uir.Entered URI is invalid
    400-Invalid other.Entered other is invalid
    400-Certificate validation failed: The CA chain is invalid.Entered caChain value is invalid
    400-The CA certificate can't be revoked.Invalid revocation request
    400-CSR's keyBits and the request body's keyBits don't match.Key bits in CSR don't match key bits in the request body
    400-CSR's keyType and the request body's keyType don't match.Key type in CSR doesn't match the key type entered in the request body
    400-Invalid status.Invalid status
    400-Invalid castore.Invalid castore
    400-Invalid ca status.Invalid CA status
    400-Invalid issuer ca status.Invalid issuer CA status
    400-Invalid ca.Invalid CA
    400-Invalid ca type.Entered caType value is invalid
    400-Invalid cert.Entered cert value is invalid
    400-The maximum number of issuances has been exceeded.
    Certificate issuance can't exceed 30,000.
    If you need additional issuance, contact the customer center.
    Number of certificates available for issuance exceeded
    400-The CA validity period can't be exceeded.The CSR's validity period exceeds the CA's validity period
    400-The maximum number of CAs that can be created has been exceeded.
    Up to 10 root/intermediate CAs can be created.
    Number of CAs available for creation exceeded
    400-This castore already exists.A castore in use is entered
    400-This alias already exists.A CA name in use is entered
    400-This policy already exists.A policy in use is entered
    400-Expired cert.Expired certificate information is entered
    400-The castore doesn't exist.A castore that doesn't exist is entered
    400-The policy doesn't exist.A policy that doesn't exist is entered
    400-The crl configuration doesn't exist.CRL update cycle is not set
    400-The CA doesn't exist.A CA that doesn't exist is entered
    400-The certificate doesn't exist.A certificate that doesn't exist is entered
    500-We apologize for the inconvenience. This is temporarily not available. If this error persists, please contact our customer centerService error
    Note

    For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

    Private CA API

    The following describes the APIs provided by the Private CA service.

    APIDescription
    Activate Sub CAEnable intermediate CA
    Add CA UserGrant CA permissions to sub account
    Create CACreate CA
    Create OCSPDeploy OCSP URL to private certificate
    Delete CADelete CA
    Delete CA UserRevoke CA permissions granted to sub account
    Delete OCSPRemove OCSP URL from private certificate
    Get CAGet CA details
    Get CA ChainGet CA chain information
    Get CA CRLGet CA CRL
    Get CA ListGet the complete list of CAs
    Get CA User ListGet the complete list of sub accounts with CA permissions
    Get CRL ConfigGet CA CRL's update cycle
    Get End CertGet private certificate details
    Get End Cert ListGet the complete list of private certificates
    Get Sub CSRGet CSR of intermediate CA
    Issue End CertIssue private certificate
    Revoke End CertRevoke private certificate
    Rotate CRLRenew with CRL manual rotation
    Sign End CsrSign new certificate with CSR
    Sign Sub CsrIssue intermediate CA certificate
    Trim CAClean up CRLs by deleting expired certificates
    Update CAChange CA status
    Update CRL ConfigSet CA CRL's update cycle

    NAVER Cloud Platform provides a variety of related resources to help users better understand Private CA APIs.


    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.