API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (cas/2020-04-07) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.
To call APIs securely, configure the following:
A RAM user account
An AccessKey pair for the account
Deployment Tasks
|
API |
Title |
Description |
| ListDeploymentJobResource | ListDeploymentJobResource | Retrieves the list of cloud resources associated with a deployment task that is in progress. An empty list indicates that the associated resources are invalid and must be re-associated. If the task is complete, the operation returns an empty list if the associated resources have been changed. |
Certificate applications
|
API |
Title |
Description |
| DescribeCertificateState | DescribeCertificateState | Queries the status of a specified certificate request order. |
| UploadUserCertificate | UploadUserCertificate | Uploads a user certificate. It supports both SM and non-SM certificates. |
| GetUserCertificateDetail | GetUserCertificateDetail | Call this operation to retrieve the details of a certificate, including its basic information, content, and private key. You can also download the certificate and its private key. |
Orders
|
API |
Title |
Description |
| ListUserCertificateOrder | ListUserCertificateOrder | Queries a list of your certificates or orders. |
Certificate Application Repository
|
API |
Title |
Description |
| Sign | Sign | This API operation signs PCA certificates in the certificate repository. |
CSR Management
|
API |
Title |
Description |
| UploadCsr | UploadCsr | Alibaba Cloud Digital Certificate Management Service lets you upload an existing Certificate Signing Request (CSR). You can use the uploaded CSR to request certificates and manage all your uploaded CSRs in one place. |
| UpdateCsr | UpdateCsr | If you upload a local Certificate Signing Request (CSR) without its private key, you can call this operation to upload or update the private key. |
Others
|
API |
Title |
Description |
| DeleteUserCertificate | DeleteUserCertificate | This operation deletes an expired or uploaded certificate. |
| CancelCertificateForPackageRequest | CancelCertificateForPackageRequest | If an order has been issued, this operation revokes the certificate. If an order is pending, it cancels the order and restores the quota. |
| CancelOrderRequest | CancelOrderRequest | Cancels a certificate application order that is pending verification or under review. |
| CreateCertificateForPackageRequest | CreateCertificateForPackageRequest | Submits a certificate application. |
| CreateCertificateRequest | CreateCertificateRequest | Purchases, applies for, and issues a domain validated (DV) certificate by using extended certificate services. |
| CreateCertificateWithCsrRequest | CreateCertificateWithCsrRequest | Purchases, applies for, and issues a domain validated (DV) certificate by using a custom certificate signing request (CSR) file. You can use extended certificate services to purchase and apply for a DV certificate with a few clicks. |
| CreateCsr | CreateCsr | Creates a certificate signing request (CSR). A CSR file contains the information about an SSL certificate that you want to apply for. The information includes the domain names that you want to bind to the certificate and the name and the geographical location of the certificate holder. When you submit a certificate application to a certificate authority (CA), you must provide a CSR. After the CA approves your certificate application, the CA uses the private key of the root CA to sign your CSR and generates a public key file. The public key file is the SSL certificate that the CA issues to you. The private key of the SSL certificate is generated when you create the CSR. |
| CreateDeploymentJob | CreateDeploymentJob | Creates a certificate deployment task. After an SSL certificate is issued, you can create a certificate deployment task to immediately deploy the certificate to an Alibaba Cloud service or deploy the certificate to the service at a specific point in time. Then, the certificate can implement trusted identity authentication and ensure the security of data transmission for your website hosted on the service. |
| Decrypt | Decrypt | This API operation decrypts certificates in a certificate repository. |
| DeleteCertificateRequest | DeleteCertificateRequest | Deletes an order in which the application for a domain validated (DV) certificate failed. |
| DeleteCsr | DeleteCsr | Deletes a Certificate Signing Request (CSR) that is no longer required. |
| DeleteDeploymentJob | DeleteDeploymentJob | Deletes a deployment task. |
| DeletePCACert | DeletePCACert | Deletes a private certificate from a certificate application repository. |
| DeleteWorkerResource | DeleteWorkerResource | Deletes the worker of a deployment task. |
| DescribeCloudResourceStatus | DescribeCloudResourceStatus | Queries the number of third-party cloud resources on which you deployed certificates by using a multi-cloud deployment task. |
| DescribeDeploymentJob | DescribeDeploymentJob | Queries the details of a deployment task. You can call the CreateDeploymentJob operation to create a deployment task and obtain the ID of the task. |
| DescribeDeploymentJobStatus | DescribeDeploymentJobStatus | Queries the number of worker tasks in a deployment task. |
| DescribePackageState | DescribePackageState | Queries the quota for domain validated (DV) certificates that you purchase and the quota usage. |
| Encrypt | Encrypt | This API operation encrypts certificates in a certificate repository. |
| GetCertWarehouseQuota | GetCertWarehouseQuota | Queries the API call quota for certificate application repositories. When you call API operations for signature generation, signature verification, data encryption, and data decryption, your API call quota for certificate application repositories is consumed. If your API call quota is exhausted, you can no longer call specific certificate application repository-related operations. You can call this operation to query the API call quota for certificate application repositories. |
| GetCsrDetail | GetCsrDetail | Obtains the content of a certificate signing request (CSR) file. |
| ListCert | ListCert | Queries the certificates in a certificate repository. |
| ListCertWarehouse | ListCertWarehouse | Queries certificate repositories. |
| ListCloudAccess | ListCloudAccess | Queries a list of AccessKey pairs for multi-cloud deployment. |
| ListCloudResources | ListCloudResources | Queries the certificate resources of a cloud service provider and cloud services. |
| ListContact | ListContact | Queries a list of contacts. |
| ListCsr | ListCsr | Queries the details of Certificate Signing Requests (CSRs). |
| ListDeploymentJob | ListDeploymentJob | Queries a list of deployment tasks that are created. |
| ListDeploymentJobCert | ListDeploymentJobCert | Queries the basic information about a deployment task. After you create a deployment task, you can call this operation to obtain the basic information about the deployment task, including the instance ID, type, and name of the certificate. |
| ListWorkerResource | ListWorkerResource | Queries the details about the worker tasks of a deployment task. Alibaba Cloud allows you to deploy multiple certificates at a time. Therefore, a deployment task may include multiple worker tasks in multiple cloud services. A worker task refers to a task that deploys a certificate to a cloud resource in a cloud service. |
| MoveResourceGroup | MoveResourceGroup | Changes the resource group to which a certificate or certificate order belongs. |
| RenewCertificateOrderForPackageRequest | RenewCertificateOrderForPackageRequest | Submits a renewal application for an issued certificate. |
| UpdateDeploymentJob | UpdateDeploymentJob | Updates a deployment task. |
| UpdateDeploymentJobStatus | UpdateDeploymentJobStatus | Updates the status of a deployment task. |
| UpdateWorkerResourceStatus | UpdateWorkerResourceStatus | Rolls back or executes a worker task in a deployment task. |
| Verify | Verify | Use this operation to verify the signature of a Private Certificate Authority (PCA) certificate in a certificate repository. |