Create CA
- Print
- PDF
Create CA
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Available in Classic and VPC
Create a private CA (root CA, intermediate CA) to issue certificates.
Request
The following describes the request format for the endpoint. The request format is as follows:
| Method | URI |
|---|---|
| POST | /ca |
Request headers
For headers common to all Private CA APIs, see Common Private CA headers.
Request query parameters
The following describes the parameters.
| Field | Type | Required | Description |
|---|---|---|---|
issuerTag | String | Optional | Parent CA tag value |
caType | String | Required | Type of CA to create
|
Request body
The following describes the request body.
| Field | Type | Required | Description |
|---|---|---|---|
alias | String | Required | CA name
|
memo | String | Optional | CA memo |
keyType | String | Required | Key type
|
period | String | Required | Validity period (days)
|
x509Parameters | Object | Required | Advanced settings information |
x509Parameters.commonName | String | Required | General name
|
x509Parameters.altName | String | Optional | DNS/email SANs
|
x509Parameters.ip | String | Optional | IP SANs
|
x509Parameters.contry | String | Optional | Standard country code |
x509Parameters.locality | String | Optional | City name
|
x509Parameters.stateProvince | String | Optional | State/province or region name
|
x509Parameters.organization | String | Optional | Organization name
|
x509Parameters.organicationUnit | String | Optional | Department name
|
Request example
The following is a sample request.
curl --location --request POST 'https://pca.apigw.ntruss.com/api/v1/ca?caType=PRIVATE_ROOT' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--data '{
"alias": "CA002",
"keyType": "RSA2048",
"period": "MAX",
"x509Parameters": {
"commonName": "name000",
"country": "KOR",
"organization": "org000",
"organizationUnit": "org001",
"locality": "Pangyo",
"stateProvince": "Seongnam-si"
}
}'
Response
The following describes the response format.
Response body
The following describes the response body.
| Field | Type | Required | Description |
|---|---|---|---|
code | String | - | Response code |
msg | String | - | Response message |
data | Object | - | Response result |
data.caInfo | Object | - | CA information |
data.caInfo.signingCount | Number | - | No. of certificates signed by CA |
data.caInfo.caType | String | - | CA type
|
data.caInfo.caId | Number | - | CA identifier |
data.caInfo.statusUpdateDate | String | - | Latest status change date and time (timestamp) |
data.destroyDate | String | - | Deletion date and time (timestamp) |
data.caInfo.alias | String | - | CA name |
data.caInfo.memo | String | - | CA memo |
data.caInfo.urlInfo | Object | - | URL information |
data.caInfo.urlInfo.ocsp | Array | - | Online Certificate Status Protocol (OCSP) URL |
data.caInfo.urlInfo.crl | Array | - | Certificate revocation list (CRL) URL |
data.caInfo.urlInfo.ca | Array | - | CA URL |
data.caTag | String | - | CA's tag value |
data.rgstDate | Number | - | Registration date and time (timestamp) |
data.status | String | - | CA status
|
data.caCertInfo | Object | - | CA certificate information |
data.caCertInfo.commonName | String | - | Common name |
data.caCertInfo.contry | String | - | Standard country code |
data.caCertInfo.issueName | String | - | Issued CA name |
data.caCertInfo.notAfterDate | Long | - | Certification expiration date and time (timestamp) |
data.caCertInfo.publicKeyAlgorithm | String | - | Encryption algorithm |
data.caCertInfo.notBeforeDate | Long | - | Certification validity start date and time (timestamp) |
data.caCertInfo.locality | String | - | City name |
data.caCertInfo.stateProvince | String | - | State/province or region name |
data.caCertInfo.organicationUnit | String | - | Department name |
data.caCertInfo.certPem | String | - | CA certificate (PEM) |
data.caCertInfo.chainPem | String | - | Certificate chain (PEM) |
data.caCertInfo.signatureAlgorithm | String | - | Signature algorithm |
data.caCertInfo.serialNo | String | - | Certificate serial number |
data.caCertInfo.caCertId | Long | - | Certification identifier |
data.caCertInfo.organization | String | - | Organization name |
Response status codes
For response status codes common to all Private CA APIs, see Private CA response status codes.
Response example
The following is a sample example.
{
"code": "SUCCESS",
"msg": "Success",
"data": {
"caInfo": {
"signingCount": 0,
"caType": "PRIVATE_ROOT",
"caId": 17***,
"statusUpdateDate": null,
"destroyDate": null,
"alias": "CA002",
"memo": "",
"urlInfo": {
"ocsp": [],
"crl": [
"https://pca.apigw.ntruss.com/ext/********-********/crl"
],
"ca": [
"https://pca.apigw.ntruss.com/ext/********-********/ca"
]
},
"caTag": "********-********",
"rgstDate": 1721175807574,
"status": "ACTIVE"
},
"caCertInfo": {
"commonName": "name000",
"country": "KOR",
"issuerName": "name000",
"notAfterDate": 2036535807000,
"publicKeyAlgorithm": "RSA",
"notBeforeDate": 1721175777000,
"locality": "Pangyo",
"stateProvince": "Seongnam-si",
"organizationUnit": "org001",
"certPem": "-----BEGIN CERTIFICATE-----\n{Certificate}\n-----END CERTIFICATE-----",
"chainPem": "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----",
"signatureAlgorithm": "SHA256withRSA",
"serialNo": "**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**",
"caCertId": 17***,
"organization": "org000"
}
}
}
Was this article helpful?