Activate Sub CA

Available in Classic and VPC

Activate an intermediate certificate authority (CA) with a direct signing method using a signed certificate and the CA's certificate.

Caution

Be careful when using the issuing CA's certificate because it is not the CA's private key.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method	URI
POST	/ca/{caTag}/activate

Request headers

For headers common to all Private CA APIs, see Common Private CA headers.

Request path parameters

The following describes the parameters.

Field	Type	Required	Description
`caTag`	String	Required	CA tag value Check through Get CA list

Request body

The following describes the request body.

Field	Type	Required	Description
`certPem`	String	Required	CA certificate (PEM) Enter a newline character (`\n`) after `-----BEGIN CERTIFICATE-----` and in front of `-----END CERTIFICATE-----`
`caChainPem`	String	Required	Signer certificate chain (PEM) Enter a newline character (`\n`) after `-----BEGIN CERTIFICATE-----` and in front of `-----END CERTIFICATE-----`

Request example

The following is a sample request.

curl --location --request POST 'https://pca.apigw.ntruss.com/api/v1/ca/*********-*********/activate' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--data '{
    "certPem": "-----BEGIN CERTIFICATE-----\n{Certificate}\n-----END CERTIFICATE-----",
    "caChainPem": "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----"
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field	Type	Required	Description
`code`	String	-	Response code
`msg`	String	-	Response message
`data`	Object	-	Response result
`data.caInfo`	Object	-	CA information
`data.caInfo.signingCount`	Number	-	No. of certificates signed by CA
`data.caInfo.caType`	String	-	CA type `PRIVATE_ROOT` \| `PRIVATE_SUB`
`data.caInfo.caId`	Number	-	CA identifier
`data.caInfo.statusUpdateDate`	String	-	Latest status change date and time (timestamp)
`data.destroyDate`	String	-	Deletion date and time (timestamp)
`data.caInfo.alias`	String	-	CA name
`data.caInfo.memo`	String	-	CA memo
`data.caInfo.urlInfo`	Object	-	URL information
`data.caInfo.urlInfo.ocsp`	Array	-	Online Certificate Status Protocol (OCSP) URL
`data.caInfo.urlInfo.crl`	Array	-	Certificate revocation list (CRL) URL
`data.caInfo.urlInfo.ca`	Array	-	CA URL
`data.caTag`	String	-	CA's tag value
`data.rgstDate`	Number	-	Registration date and time (timestamp)
`data.status`	String	-	CA status `ACTIVE` \| `DEACTIVATED` \| `DESTROYING` `ACTIVE`: enabled `DEACTIVATED`: disabled `DESTROYING`: scheduled for deletion
`data.caCertInfo`	Object	-	CA certificate information
`data.caCertInfo.commonName`	String	-	Common name
`data.caCertInfo.contry`	String	-	Standard country code See ISO 3166-1 alpha-2
`data.caCertInfo.issueName`	String	-	Issued CA name
`data.caCertInfo.notAfterDate`	Long	-	Certification expiration date and time (timestamp)
`data.caCertInfo.publicKeyAlgorithm`	String	-	Encryption algorithm
`data.caCertInfo.notBeforeDate`	Long	-	Certification validity start date and time (timestamp)
`data.caCertInfo.locality`	String	-	City name
`data.caCertInfo.stateProvince`	String	-	State/province or region name
`data.caCertInfo.organicationUnit`	String	-	Department name
`data.caCertInfo.certPem`	String	-	CA certificate (PEM)
`data.caCertInfo.chainPem`	String	-	Certificate chain (PEM)
`data.caCertInfo.signatureAlgorithm`	String	-	Signature algorithm
`data.caCertInfo.serialNo`	String	-	Certificate serial number
`data.caCertInfo.caCertId`	Long	-	Certification identifier
`data.caCertInfo.organization`	String	-	Organization name

Response status codes

For response status codes common to all Private CA APIs, see Private CA response status codes.

Response example

The following is a sample example.

{
    "code": "SUCCESS",
    "msg": "Success",
    "data": {
        "caInfo": {
            "signingCount": 0,
            "caType": "PRIVATE_SUB",
            "caId": 18***,
            "statusUpdateDate": null,
            "destroyDate": null,
            "alias": "caca002",
            "memo": "",
            "urlInfo": {
                "ocsp": [],
                "crl": [
                    "https://pca.apigw.ntruss.com/ext/*********-*********/crl"
                ],
                "ca": [
                    "https://pca.apigw.ntruss.com/ext/*********-*********/ca"
                ]
            },
            "caTag": "*********-*********",
            "rgstDate": 1723101003000,
            "status": "PENDING"
        },
        "caCertInfo": {
            "commonName": "name000",
            "country": "KR",
            "issuerName": "RootCA",
            "notAfterDate": 1754637093000,
            "publicKeyAlgorithm": "RSA",
            "notBeforeDate": 1723101093000,
            "locality": "Pangyo",
            "stateProvince": "Seongnam-si",
            "organizationUnit": "unit000",
            "certPem": "-----BEGIN CERTIFICATE-----\n{Certificate}\n-----END CERTIFICATE-----",
            "chainPem": "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----",
            "signatureAlgorithm": "SHA256withRSA",
            "serialNo": "**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**",
            "caCertId": 18173,
            "organization": "org000"
        }
    }
}