Sign End Csr

Available in Classic and VPC

Sign a new certificate with the provided CSR.

Caution

When you sign a new certificate, the previously issued CA certificate is returned.

Note

If the validity period of the CA signing the CSR is shorter than the validity period of the CSR, it can't sign it.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method	URI
POST	/ca/{caTag}/cert/sign

Request headers

For headers common to all Private CA APIs, see Common Private CA headers.

Request path parameters

The following describes the parameters.

Field	Type	Required	Description
`caTag`	String	Required	CA tag value Check through Get CA list

Request body

The following describes the request body.

Field	Type	Required	Description
`csrPem`	String	Required	CSR (PEM) Enter a newline character (`\n`) after `-----BEGIN CERTIFICATE REQUEST-----` and in front of `-----END CERTIFICATE REQUEST-----`

Request example

The following is a sample request.

curl --location --request POST 'https://pca.apigw.ntruss.com/api/v1/ca/********-********/cert/sign' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Content-Type: application/json' \
--data '{
    "csrPem": "-----BEGIN CERTIFICATE REQUEST-----\n{CSR}\n-----END CERTIFICATE REQUEST-----"
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field	Type	Required	Description
`certificate`	String	-	CA certificate (PEM)
`caChain`	Array	-	Certificate chain (PEM)
`ocspResponder`	String	-	Online Certificate Status Protocol (OCSP) URL
`issuer`	String	-	Issuing CA (PEM)
`serialNo`	String	-	Certificate serial number

Response status codes

For response status codes common to all Private CA APIs, see Private CA response status codes.

Response example

The following is a sample example.

{
    "code": "SUCCESS",
    "msg": "Success",
    "data": {
        "certificate": "-----BEGIN CERTIFICATE-----\n{Certificate}\n-----END CERTIFICATE-----",
        "caChain": [
            "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----",
            "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----"
        ],
        "ocspResponder": "",
        "issuer": "-----BEGIN CERTIFICATE-----\n{CA}\n-----END CERTIFICATE-----",
        "serialNo": "**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**"
    }
}