All Products
Search

This Product

    Certificate Management Service:Use Alibaba Cloud CLI to manage Certificate Management Service resources

    Document Center

    Certificate Management Service:Use Alibaba Cloud CLI to manage Certificate Management Service resources

    Last Updated:Dec 03, 2024

    This topic describes how to use Alibaba Cloud CLI to call API operations of Certificate Management Service (Original SSL Certificate). In this topic, the ListDeploymentJob operation is used as an example. You can call the ListDeploymentJob operation to obtain a list of deployment tasks.

    Before you begin

    Alibaba Cloud CLI is a general-purpose command-line tool that is developed based on the OpenAPI Specification. You can use Alibaba Cloud CLI to implement automated management and maintenance of Certificate Management Service resources. For more information, see What is Alibaba Cloud CLI?

    Step 1: Install Alibaba Cloud CLI

    Before you can use Alibaba Cloud CLI, you must install it. You can install Alibaba Cloud CLI on Windows, Linux, and macOS operating systems. You must select an installation package for Alibaba Cloud CLI based on the operating system of your device. For more information, see the following topics:

    • Windows operating system: Windows

    • Linux operating system: Linux

    • macOS operating system: macOS

    Alibaba Cloud CLI is built into Cloud Shell, which regularly updates the software version. You can also use Cloud Shell to debug the commands that you want to run in Alibaba Cloud CLI. For more information, see What is Cloud Shell?

    Step 2: Configure Alibaba Cloud CLI

    Important

    An Alibaba Cloud account has permissions to manage and access the APIs of all Alibaba Cloud services. If you use an Alibaba Cloud account to call API operations, security risks may arise. We recommend that you create a Resource Access Management (RAM) user, grant the required permissions to the RAM user based on the principle of least privilege, and then use the RAM user to call API operations. For more information about the policies supported by Certificate Management Service, see System policies for Certificate Management Service.

    Before you use Alibaba Cloud CLI, you must configure information such as identity credentials and region IDs in Alibaba Cloud CLI. Alibaba Cloud CLI supports various types of identity credentials. For more information, see Credential types. Alibaba Cloud CLI allows you to use the AccessKey pair of a RAM user to configure identity credentials. If you want to use the AccessKey pair of a RAM user, perform the following steps:

    1. Create a RAM user and create an AccessKey pair for the RAM user to configure identity credentials. For more information, see Create a RAM user and Create an AccessKey pair.

    2. Grant the required permissions to the RAM user. In this example, the AliyunYundunCertReadOnlyAccess policy is attached to the RAM user. The policy grants the read-only permissions on Certificate Management Service. For more information, see Grant permissions to a RAM user.

    3. Obtain the ID of the region that you want to use. Alibaba Cloud CLI uses the region ID that you specify to initiate API calls. For more information about the regions supported by Certificate Management Service, see Endpoints.

      Note

      When you use Alibaba Cloud CLI, you can use the --region option to specify the region from which you want to initiate a call. If you use the option to specify a region, Alibaba Cloud CLI ignores the region information in the default credential settings and environment variables. For more information, see Command line options for API calls.

    4. Use the AccessKey pair of the RAM user to configure identity credentials in the AkProfile configuration file. For more information, see Configuration examples.

    Step 3: Generate a sample CLI command

    1. In OpenAPI Explorer, call the ListDeploymentJob operation.

      image

    2. On the Parameters tab, configure the parameters. Then, click the CLI Example tab to view the generated sample CLI command.

    3. Copy the CLI command or debug the CLI command in Cloud Shell.

      • Click the image icon to start Cloud Shell and debug the CLI command in Cloud Shell.

      • Click the image icon to copy the CLI command to the clipboard. You can paste the CLI command into your on-premises shell to run the command or write a command line script.

      Note

      • When you paste the CLI command into your on-premises shell for debugging, take note of the parameter formats. For more information about the parameter formats required by Alibaba Cloud CLI, see Parameter formats.

      • By default, OpenAPI Explorer adds the --region option to the generated CLI command. When you copy the command to your on-premises shell for running, Alibaba Cloud CLI ignores the region information in the default identity credential settings and environment variables, and runs the command in the region specified by the option. You can delete or retain the option based on your business requirements.

    Step 4: Call API operations of Certificate Management Service

    Example 1: Query the supported API operations of Certificate Management Service by using Alibaba Cloud CLI

    This example demonstrates how to use the --help option to query the supported API operations of Certificate Management Service. For more information, see List of operations by function.

    Note

    • Alibaba Cloud CLI allows you to call Private Certificate Authority (PCA)-related API operations of version 2020-06-30 by using the --force and --version options. For more information, see Forcibly call an API operation.

    • When a CLI command is generated in OpenAPI Explorer for a Certificate Management Service API operation of version 2020-06-30, the --force and --version options are automatically appended to the CLI command. You do not need to manually add the options.

    • For more information about Certificate Management Service API operations of version 2020-06-30, see List of operations by function.

    1. Run the following command: 

      aliyun cas --help

    2. Expected output:

      image

    Example 2: Obtain a list of deployment tasks

    This example demonstrates how to use Alibaba Cloud CLI to call the ListDeploymentJob operation of Certificate Management Service. The operation is used to obtain a list of deployment tasks.

    1. Run the following command: 

      aliyun cas ListDeploymentJob --JobType user --Status pending

    2. Expected output: 

      {
  "RequestId": "12345678-1234-1234-1234-123456789ABC",
  "Total": 7,
  "CurrentPage": 1,
  "ShowSize": 50,
  "Data": [
    {
      "Id": 19975,
      "GmtCreate": "1624343180000",
      "GmtModified": "1606482979000",
      "UserId": 0,
      "InstanceId": "cas-job-user-***",
      "Name": "job-test",
      "CertType": "upload",
      "ScheduleTime": "1606482979000",
      "StartTime": "1606482979000",
      "EndTime": "1606482979000",
      "Status": "scheduling",
      "Del": 1,
      "Rollback": 1,
      "JobType": "user",
      "CertDomain": "aliyundoc1.com,aliyundoc2.com,aliyundoc3.com",
      "ProductName": "NLB"
    }
  ]
}
      Note

      • If an error is returned after you call an API operation of Certificate Management Service, check whether the input parameters and their values are valid based on the error code.

      • You can also use Alibaba Cloud OpenAPI Diagnostics to perform self-service diagnostics based on the returned request ID or SDK error information.