Available in Classic and VPC
Create a private CA (root CA, intermediate CA) to issue certificates.
Request
This section describes the request format. The method and URI are as follows:
| Method | URI |
|---|---|
| POST | /api/v1/ca |
Request headers
For information about the headers common to all Private CA APIs, see Private CA request headers.
Request query parameters
You can use the following query parameters with your request:
| Field | Type | Required | Description |
|---|---|---|---|
issuerTag |
String | Optional | Parent CA tag value |
caType |
String | Required | Type of CA to create
|
Request body
You can include the following data in the body of your request:
| Field | Type | Required | Description |
|---|---|---|---|
alias |
String | Required | CA name
|
memo |
String | Optional | CA memo |
keyType |
String | Required | Key type
|
period |
String | Required | Validity period (days)
|
x509Parameters |
Object | Required | Advanced settings information |
x509Parameters.commonName |
String | Required | General name
|
x509Parameters.altName |
String | Optional | DNS/email SANs
|
x509Parameters.ip |
String | Optional | IP SANs
|
x509Parameters.contry |
String | Optional | Standard country code
|
x509Parameters.locality |
String | Optional | City name
|
x509Parameters.stateProvince |
String | Optional | State/province or region name
|
x509Parameters.organization |
String | Optional | Organization name
|
x509Parameters.organicationUnit |
String | Optional | Department name
|
Request example
The request example is as follows:
curl --location --request POST 'https://pca.apigw.ntruss.com/api/v1/ca?caType=PRIVATE_ROOT' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--data '{
"alias": "CA002",
"keyType": "RSA2048",
"period": "MAX",
"x509Parameters": {
"commonName": "name000",
"country": "KOR",
"organization": "org000",
"organizationUnit": "org001",
"locality": "Pangyo",
"stateProvince": "Seongnam-si"
}
}'
Response
This section describes the response format.
Response body
The response body includes the following data:
| Field | Type | Required | Description |
|---|---|---|---|
code |
String | - | Response code |
msg |
String | - | Response message |
data |
Object | - | Response result |
data.caInfo |
Object | - | CA information |
data.caInfo.signingCount |
Number | - | No. of certificates signed by CA |
data.caInfo.caType |
String | - | CA type
|
data.caInfo.caId |
Number | - | CA identifier |
data.caInfo.statusUpdateDate |
String | - | Latest status change date and time
|
data.destroyDate |
String | - | Deletion date and time
|
data.caInfo.alias |
String | - | CA name |
data.caInfo.memo |
String | - | CA memo |
data.caInfo.urlInfo |
Object | - | URL information |
data.caInfo.urlInfo.ocsp |
Array | - | Online Certificate Status Protocol (OCSP) URL |
data.caInfo.urlInfo.crl |
Array | - | Certificate revocation list (CRL) URL |
data.caInfo.urlInfo.ca |
Array | - | CA URL |
data.caTag |
String | - | CA's tag value |
data.rgstDate |
Number | - | Registration date and time
|
data.status |
String | - | CA status
|
data.caCertInfo |
Object | - | CA certificate information |
data.caCertInfo.commonName |
String | - | Common name |
data.caCertInfo.contry |
String | - | Standard country code
|
data.caCertInfo.issueName |
String | - | Issued CA name |
data.caCertInfo.notAfterDate |
Long | - | Certification expiration date and time
|
data.caCertInfo.publicKeyAlgorithm |
String | - | Encryption algorithm |
data.caCertInfo.notBeforeDate |
Long | - | Certification validity start date and time
|
data.caCertInfo.locality |
String | - | City name |
data.caCertInfo.stateProvince |
String | - | State/province or region name |
data.caCertInfo.organicationUnit |
String | - | Department name |
data.caCertInfo.certPem |
String | - | CA certificate (PEM) |
data.caCertInfo.chainPem |
String | - | Certificate chain (PEM) |
data.caCertInfo.signatureAlgorithm |
String | - | Signature algorithm |
data.caCertInfo.serialNo |
String | - | Certificate serial number |
data.caCertInfo.caCertId |
Long | - | Certification identifier |
data.caCertInfo.organization |
String | - | Organization name |
Response status codes
For information about the HTTP status codes common to all Private CA APIs, see Private CA response status codes.
Response example
The response example is as follows:
{
"code": "SUCCESS",
"msg": "Success",
"data": {
"caInfo": {
"signingCount": 0,
"caType": "PRIVATE_ROOT",
"caId": 17***,
"statusUpdateDate": null,
"destroyDate": null,
"alias": "CA002",
"memo": "",
"urlInfo": {
"ocsp": [],
"crl": [
"https://pca.apigw.ntruss.com/ext/********-********/crl"
],
"ca": [
"https://pca.apigw.ntruss.com/ext/********-********/ca"
]
},
"caTag": "********-********",
"rgstDate": 1721175807574,
"status": "ACTIVE"
},
"caCertInfo": {
"commonName": "name000",
"country": "KOR",
"issuerName": "name000",
"notAfterDate": 2036535807000,
"publicKeyAlgorithm": "RSA",
"notBeforeDate": 1721175777000,
"locality": "Pangyo",
"stateProvince": "Seongnam-si",
"organizationUnit": "org001",
"certPem": "-----BEGIN CERTIFICATE-----\n{Certificate}\n-----END CERTIFICATE-----",
"chainPem": "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----",
"signatureAlgorithm": "SHA256withRSA",
"serialNo": "**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**",
"caCertId": 17***,
"organization": "org000"
}
}
}