Issue End Cert

Prev Next

Available in Classic and VPC

Issue a private certificate through the created CA.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method URI
POST /ca/{caTag}/cert

Request headers

For headers common to all Private CA APIs, see Common Private CA headers.

Request path parameters

The following describes the parameters.

Field Type Required Description
caTag String Required CA tag value

Request body

The following describes the request body.

Field Type Required Description
keyType String Optional Key type
  • RSA2048 | RSA4096 | EC256 | EC521
period String Optional Validity period
  • 1 - 3650
  • Enter MAX to set it to the maximum allowable validity period
x509Parameters Object Required Advanced settings information
x509Parameters.commonName String Required General name
  • 1 - 64 characters
x509Parameters.altName String Optional DNS/email SANs
  • Enter domain/host name or email format
x509Parameters.organization String Optional Organization name
  • 0 - 64 characters
x509Parameters.organizationUnit String Optional Department name
  • 0 - 128 characters
x509Parameters.locality String Optional City name
  • 0 - 128 characters
  • <E.g.> Seoul
x509Parameters.stateProvince String Optional State/province or region name
  • 0 - 128 characters
  • <E.g.> Gyeonggi-do
x509Parameters.streetAddress String Optional Detailed address
  • 0 - 128 characters
x509Parameters.country String Optional Standard country code
x509Parameters.ip String Optional IP SANs
  • Enter in the IP address format

Request example

The following is a sample request.

curl --location --request POST 'https://pca.apigw.ntruss.com/api/v1/ca/********-********/cert' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--data '{
    "x509Parameters": {
        "commonName": "name000"
    }
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field Type Required Description
privateKey String - Certificate private key (PEM)
certificate String - Certificate (PEM)
serialNo String - Certificate serial number
caChain String - CA chain (PEM)
ocspResponder String - Online Certificate Status Protocol (OCSP) server certificate (PEM)
issuer String - Issuing CA (PEM)

Response status codes

For response status codes common to all Private CA APIs, see Private CA response status codes.

Response example

The following is a sample example.

{
    "code": "SUCCESS",
    "msg": "Success",
    "data": {
        "privateKey": "-----BEGIN RSA PRIVATE KEY-----\n{Private Key}\n-----END RSA PRIVATE KEY-----",
        "certificate": "-----BEGIN CERTIFICATE-----\n{Certificate}\n-----END CERTIFICATE-----",
        "caChain": "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----",
        "ocspResponder": "",
        "issuer": "-----BEGIN CERTIFICATE-----\n{CA}\n-----END CERTIFICATE-----",
        "serialNo": "**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**"
    }
}