CreateCertificate - Key Management Service - Alibaba Cloud Documentation Center

Creates a certificate.

Operation description

To create a certificate, you must specify the type of the asymmetric key. Certificates Manager generates a private key and returns a certificate signing request (CSR). Submit the CSR in the Privacy Enhanced Mail (PEM) format to a certificate authority (CA) to obtain the formal certificate and certificate chain. Then, call the UploadCertificate operation to import the certificate into Certificates Manager.

In this example, a certificate is created and the CSR is obtained.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
Subject	string	Yes	The certificate subject, which is the owner of the certificate. Specify the value in the distinguished name (DN) format, as defined in RFC 2253. A DN is a sequence of relative distinguished names (RDNs). RDNs are key-value pairs in the format of `attribute1=value1,attribute2=value2`. Separate multiple RDNs with commas (,). The Subject parameter consists of the following fields: CN: required. The name of the certificate subject. C: required. The two-character country or region code in the ISO 3166-1 standard. For example, CN indicates China. O: required. The legal name of the enterprise, company, organization, or institution. OU: required. The name of the department. ST: optional. The name of the province, municipality, autonomous region, or special administrative region. L: optional. The name of the city.	CN=userName,OU=kms,O=aliyun,C=CN
SubjectAlternativeNames	object	No	The subject alternative names. A domain name list is supported. A maximum of 10 domain names are supported.	["test1.example.com","test2.example.com"]
KeySpec	string	Yes	The type of the key. Valid values: RSA_2048 EC_P256 EC_SM2	RSA_2048
ExportablePrivateKey	boolean	No	Specifies whether the private key of the certificate can be exported for use. Valid values: true: The private key of the certificate can be exported for use. This is the default value. false: The private key of the certificate cannot be exported for use. We recommend that you set this parameter to false to protect keys with a higher security level.	true

For more information about common request parameters, see Common parameters.

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request.	15a735a1-8fe6-45cc-a64c-3c4ff839334e
Csr	string	The CSR in the PEM format.	-----BEGIN CERTIFICATE REQUEST-----\nMIIDADCCAegCAQAwgboxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhaaGVqaWFuZzER\n****\nmkj4rg==\n-----END CERTIFICATE REQUEST-----\n
CertificateId	string	The ID of the certificate. It is the globally unique identifier (GUID) of the certificate in Certificates Manager.	9a28de48-8d8b-484d-a766-dec4****
Arn	string	The Alibaba Cloud Resource Name (ARN) of the certificate.	acs:kms:cn-hangzhou:154035569884**:certificate/98e85c94-52d0-40c9-b3b2-afda52f4**

Examples

Sample success responses

JSONformat

{
  "RequestId": "15a735a1-8fe6-45cc-a64c-3c4ff839334e",
  "Csr": "-----BEGIN CERTIFICATE REQUEST-----\\nMIIDADCCAegCAQAwgboxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhaaGVqaWFuZzER\\n****\\nmkj4rg==\\n-----END CERTIFICATE REQUEST-----\\n",
  "CertificateId": "9a28de48-8d8b-484d-a766-dec4****",
  "Arn": "acs:kms:cn-hangzhou:154035569884****:certificate/98e85c94-52d0-40c9-b3b2-afda52f4****"
}

Error codes

HTTP status code	Error code	Error message	Description
404	InvalidAccessKeyId.NotFound	The specified AccessKey ID does not exist.	The AccessKey ID is not found.

For a list of error codes, visit the Service error codes.