Creates a certificate.
To create a certificate, you must specify the type of the asymmetric key. Certificates Manager generates a private key and returns a certificate signing request (CSR). Submit the CSR in the Privacy Enhanced Mail (PEM) format to a certificate authority (CA) to obtain the formal certificate and certificate chain. Then, call the UploadCertificate operation to import the certificate into Certificates Manager.
In this example, a certificate is created and the CSR is obtained.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CreateCertificate |
The operation that you want to perform. Set the value to CreateCertificate. |
KeySpec | String | Yes | RSA_2048 |
The type of the key. Valid values:
|
Subject | String | Yes | CN=userName,OU=kms,O=aliyun,C=CN |
The certificate subject, which is the owner of the certificate. Specify the value in the distinguished name (DN) format, as defined in RFC 2253. A DN is a sequence of relative distinguished names (RDNs). RDNs are key-value pairs in the format of The Subject parameter consists of the following fields:
|
SubjectAlternativeNames | Json | No | ["test1.example.com","test2.example.com"] |
The subject alternative names. A domain name list is supported. A maximum of 10 domain names are supported. |
ExportablePrivateKey | Boolean | No | true |
Specifies whether the private key of the certificate can be exported for use. Valid values:
|
For more information about common request parameters, see Common parameters.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
Arn | String | acs:kms:cn-hangzhou:154035569884****:certificate/98e85c94-52d0-40c9-b3b2-afda52f4**** |
The Alibaba Cloud Resource Name (ARN) of the certificate. |
CertificateId | String | 9a28de48-8d8b-484d-a766-dec4**** |
The ID of the certificate. It is the globally unique identifier (GUID) of the certificate in Certificates Manager. |
Csr | String | -----BEGIN CERTIFICATE REQUEST-----\nMIIDADCCAegCAQAwgboxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhaaGVqaWFuZzER\n****\nmkj4rg==\n-----END CERTIFICATE REQUEST-----\n |
The CSR in the PEM format. |
RequestId | String | 15a735a1-8fe6-45cc-a64c-3c4ff839334e |
The ID of the request. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CreateCertificate
&KeySpec=RSA_2048
&Subject=CN=userName,OU=kms,O=aliyun,C=CN
&<Common request parameters>
Sample success responses
JSON
format
{
"CertificateId": "98e85c94-52d0-40c9-b3b2-afda52f4****",
"Arn": "acs:kms:cn-hangzhou:154035569884****:certificate/98e85c94-52d0-40c9-b3b2-afda52f4****",
"Csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDADCCAegCAQAwgboxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhaaGVqaWFuZzER\n****\nmkj4rg==\n-----END CERTIFICATE REQUEST-----\n",
"RequestId": "15a735a1-8fe6-45cc-a64c-3c4ff839334e"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
404 | InvalidAccessKeyId.NotFound | The specified AccessKey ID does not exist. | The error message returned because the specified AccessKey ID does not exist. Check whether a valid AccessKey ID is specified when you call the operation. |
For a list of error codes, visit the API Error Center.