API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (cas/2020-06-30) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. To call APIs securely, create a Resource Access Management (RAM) user with API access only, configure its AccessKey pairs, and implement the principle of least privilege (PoLP) through RAM policies. Use the Alibaba Cloud account only when its permissions are explicitly required for specific scenarios.
Private CA certificates
|
API |
Title |
Description |
| CreateRootCACertificate | CreateRootCACertificate | Creates a root certificate authority (CA) certificate. |
| CreateSubCACertificate | CreateSubCACertificate | Creates a subordinate certificate authority (CA) certificate under an existing root CA. |
| CreateExternalCACertificate | CreateExternalCACertificate | Creates an external subordinate certificate authority (CA) certificate by using a certificate signing request (CSR) and optional API pass-through parameters. |
| GetCAInstanceStatus | GetCAInstanceStatus | Queries the status of a private certificate authority (CA) instance, including the remaining certificate quota. |
| DescribeCACertificateCount | DescribeCACertificateCount | Queries the number of certificate authority (CA) certificates that you created. |
| DescribeCACertificateList | DescribeCACertificateList | Queries all root and subordinate certificate authority (CA) certificates. |
| DescribeCACertificate | DescribeCACertificate | Retrieves information about a certificate authority (CA) certificate. |
| UpdateCACertificateStatus | UpdateCACertificateStatus | Changes the status of a root or subordinate certificate authority (CA) certificate, such as revoking or disabling an active CA. |
Client certificates and server certificates
|
API |
Title |
Description |
| CreateCustomCertificate | CreateCustomCertificate | Issues a custom digital certificate with specified subject, subject alternative names (SANs), key usage, and extended key usage attributes. |
| CreateClientCertificate | CreateClientCertificate | Issues a client certificate by using a system-generated certificate signing request (CSR). You must create a root CA certificate and a subordinate CA certificate before calling this operation. |
| CreateClientCertificateWithCsr | CreateClientCertificateWithCsr | Issues a client certificate by using a custom certificate signing request (CSR). |
| CreateServerCertificate | CreateServerCertificate | Issues a server certificate by using a system-generated certificate signing request (CSR). |
| CreateServerCertificateWithCsr | CreateServerCertificateWithCsr | Issues a server certificate by using a custom certificate signing request (CSR). |
| CreateRevokeClientCertificate | CreateRevokeClientCertificate | Revokes a client certificate or a server certificate issued by a private certificate authority (CA). |
| DeleteClientCertificate | DeleteClientCertificate | Deletes a revoked client certificate or server certificate. Only revoked certificates can be deleted. |
| DescribeCertificatePrivateKey | DescribeCertificatePrivateKey | Queries the encrypted private key of a client certificate or server certificate. |
| DescribeClientCertificate | DescribeClientCertificate | Retrieves a client certificate or server certificate by its unique identifier. |
| DescribeClientCertificateStatus | DescribeClientCertificateStatus | Queries the status of a client certificate or server certificate by its unique identifier. |
| ListClientCertificate | ListClientCertificate | Lists all client certificates and server certificates issued by a private certificate authority (CA). |
| ListRevokeCertificate | ListRevokeCertificate | Queries all revoked client certificates and server certificates. |
Other
|
API |
Title |
Description |
| ListPcaCaCertificate | ListPcaCaCertificate | Lists private certificate authority (CA) certificates. |
| ListCert | ListCert | Queries the certificates managed by Certificate Management Service. |
| UploadPcaCertToCas | UploadPcaCertToCas | Uploads a private CA certificate to Certificate Management Service for centralized management. |
Others
|
API |
Title |
Description |
| AssignCertificateCount | AssignCertificateCount | Assigns the certificate quota to a subordinate certificate authority (CA) instance. |
| DescribeClientCertificateForSerialNumber | DescribeClientCertificateForSerialNumber | Retrieves client certificates or server certificates by their serial numbers. |
| DescribeClientCertificateStatusForSerialNumber | DescribeClientCertificateStatusForSerialNumber | Queries the status of client certificates or server certificates by their serial numbers. |
| DescribePcaAndExternalCACertificateList | DescribePcaAndExternalCACertificateList | Queries all certificate authority (CA) certificates, including certificates generated by Private CA and imported external CA certificates. |
| ListAllEndEntityInstance | ListAllEndEntityInstance | Queries the end-entity instances under a private certificate authority (CA). |
| ListCACertificateLog | ListCACertificateLog | Queries the operation logs of a certificate authority (CA) certificate, such as issuance and revocation events. |
| ListTagResources | ListTagResources | Queries the tags that are attached to Certificate Management Service resources. |
| MoveResourceGroup | MoveResourceGroup | Moves a Certificate Management Service resource to a different resource group. |
| TagResources | TagResources | Attaches tags to one or more Certificate Management Service resources. |
| UntagResources | UntagResources | Removes tags from one or more Certificate Management Service resources. |
| UpdatePcaCertificate | UpdatePcaCertificate | Updates the properties of a private CA certificate, such as the export status. |