Creates a certificate signing request (CSR). A CSR file contains the information about an SSL certificate that you want to apply for. The information includes the domain names that you want to bind to the certificate and the name and the geographical location of the certificate holder. When you submit a certificate application to a certificate authority (CA), you must provide a CSR. After the CA approves your certificate application, the CA uses the private key of the root CA to sign your CSR and generates a public key file. The public key file is the SSL certificate that the CA issues to you. The private key of the SSL certificate is generated when you create the CSR.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| yundun-cert:CreateCsr | get |
|
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| KeySize | integer | Yes | The key length that is used by the algorithm.
| 2048 |
| Algorithm | string | Yes | The algorithm. Valid values: RSA, SM2, and ECC. For more information about algorithms, see Select an SSL certificate. | RSA |
| CommonName | string | Yes | The primary domain name, which is a common name. | 123.com |
| Sans | string | No | The secondary domain names. Separate multiple domain names with commas (,). You can use the CSR to apply for a certificate for both the primary and secondary domain names. | www.example.com,www.aliyundoc.com |
| CountryCode | string | Yes | The code of the country or region in which the organization is located. For example, you can use CN to indicate China and use US to indicate the United States. | CN |
| Province | string | Yes | The province or location where the company is located. | Beijing |
| Locality | string | Yes | The city where the company is located. | Beijing |
| CorpName | string | No | The name of the company. | aly |
| Name | string | No | The name of the CSR. The name can be up to 50 characters in length and can contain letters, digits, underscores (_), hyphens (-), and periods (.). | csr-123 |
| Department | string | No | The department that uses the certificate. | IT |
Response parameters
Examples
Sample success responses
JSONformat
{
"Csr": "-----BEGIN CERTIFICATE REQUEST----- ...... -----END CERTIFICATE REQUEST-----",
"RequestId": "12345678-1234-1234-1234-123456789ABC",
"CsrId": 3365
}Error codes
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation |
|---|---|---|
| 2024-09-20 | API Description Update | View Change Details |