MENU
      Sign End Csr
        • PDF

        Sign End Csr

        • PDF

        Article summary

        Available in Classic and VPC

        Sign a new certificate with the provided CSR.

        Caution

        When you sign a new certificate, the previously issued CA certificate is returned.

        Note

        If the validity period of the CA signing the CSR is shorter than the validity period of the CSR, it can't sign it.

        Request

        The following describes the request format for the endpoint. The request format is as follows:

        MethodURI
        POST/ca/{caTag}/cert/sign

        Request headers

        For headers common to all Private CA APIs, see Common Private CA headers.

        Request path parameters

        The following describes the parameters.

        FieldTypeRequiredDescription
        caTagStringRequiredCA tag value

        Request body

        The following describes the request body.

        FieldTypeRequiredDescription
        csrPemStringRequiredCSR (PEM)
        • Enter a newline character (\n) after -----BEGIN CERTIFICATE REQUEST----- and in front of -----END CERTIFICATE REQUEST-----

        Request example

        The following is a sample request.

        curl --location --request POST 'https://pca.apigw.ntruss.com/api/v1/ca/********-********/cert/sign' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'Content-Type: application/json' \
        --data '{
            "csrPem": "-----BEGIN CERTIFICATE REQUEST-----\n{CSR}\n-----END CERTIFICATE REQUEST-----"
        }'
        Shell

        Response

        The following describes the response format.

        Response body

        The following describes the response body.

        FieldTypeRequiredDescription
        certificateString-CA certificate (PEM)
        caChainArray-Certificate chain (PEM)
        ocspResponderString-Online Certificate Status Protocol (OCSP) URL
        issuerString-Issuing CA (PEM)
        serialNoString-Certificate serial number

        Response status codes

        For response status codes common to all Private CA APIs, see Private CA response status codes.

        Response example

        The following is a sample example.

        {
            "code": "SUCCESS",
            "msg": "Success",
            "data": {
                "certificate": "-----BEGIN CERTIFICATE-----\n{Certificate}\n-----END CERTIFICATE-----",
                "caChain": [
                    "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----",
                    "-----BEGIN CERTIFICATE-----\n{CA Chain}\n-----END CERTIFICATE-----"
                ],
                "ocspResponder": "",
                "issuer": "-----BEGIN CERTIFICATE-----\n{CA}\n-----END CERTIFICATE-----",
                "serialNo": "**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**"
            }
        }
        JSON

        Was this article helpful?

        What's Next
        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.