The following tables list API operations available for use in Private Certificate Authority (PCA).

Operations for private CA certificates

Operation Description
CreateRootCACertificate Creates a root CA certificate.
CreateSubCACertificate Creates an intermediate CA certificate based on an existing root CA certificate.
DescribeCACertificateList Queries the details about all root CA certificates and intermediate CA certificates. The details include the unique identifier, serial number, user information, and content of each CA certificate.
DescribeCACertificate Queries the details about a root CA certificate or an intermediate CA certificate by using the unique identifier of the certificate. The details include the unique identifier, serial number, user information, and content of a CA certificate.
DescribeCACertificateCount Queries the total number of root CA certificates and intermediate CA certificates.
UpdateCACertificateStatus Changes the status of a root CA certificate or an intermediate CA certificate from ISSUE to REVOKE.
ListCACertificateLog Queries the operations logs of a root CA certificate or an intermediate CA certificate.
GetCAInstanceStatus Queries the status information of a private root CA instance or a private intermediate CA instance by using the ID of the instance. The instances are purchased by using the SSL Certificates Service console. The status information includes the status of the private CA instance, the number of certificates that can be issued by using the private CA instance, and the number of issued certificates.

Operations for client and server certificates

Operation Description
CreateServerCertificate Issues a server certificate by using a system-generated certificate signing request (CSR) file.
CreateServerCertificateWithCsr Issues a server certificate by using a custom CSR file.
CreateClientCertificate Issues a client certificate by using a system-generated CSR file.
CreateClientCertificateWithCsr Issues a client certificate by using a custom CSR file.
CreateCertificateWithExtension Issues a client certificate or a server certificate that contains extended information, such as domain names and IP addresses.
ListClientCertificate Queries the details about all client certificates and server certificates. The details include the unique identifier, serial number, user information, content, and status of each certificate.
DescribeCertificatePrivateKey Queries the encrypted private key of a client certificate or a server certificate.
DescribeClientCertificate Queries the details about a client certificate or a server certificate by using the IDs of the certificates. The details include the unique identifier, serial number, user information, content, and status of a certificate.
DescribeClientCertificateForSerialNumber Queries the details about multiple client certificates and server certificates at a time by using the serial numbers of the certificates.
CreateRevokeClientCertificate Revokes a client certificate or a server certificate.
DeleteClientCertificate Deletes an client certificate or a server certificate that is revoked.
ListRevokeCertificate Queries the details about all client certificates and server certificates that are revoked. The details include the unique identifier, serial number, and revocation date of each certificate.
DescribeClientCertificateStatus Queries the status information of multiple client certificates and server certificates at a time by using the unique identifiers of the certificates. The status information includes whether a certificate is revoked.
DescribeClientCertificateStatusForSerialNumber Queries the status information of multiple client certificates and server certificates at a time by using the serial numbers of the certificates. The status information includes whether a certificate is revoked.