API overview - Certificate Management Service

API standard and pre-built SDKs in multi-language

The OpenAPI specification of this product (cas/2020-06-30) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.

Custom signature

If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).

Before you begin

An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.

To call APIs securely, configure the following:

A RAM user account
An AccessKey pair for the account

Private CA certificates

API	Title	Description
CreateRootCACertificate	CreateRootCACertificate	Creates a root CA certificate.
CreateSubCACertificate	CreateSubCACertificate	Creates an intermediate certificate authority (CA) certificate.
CreateExternalCACertificate	CreateExternalCACertificate	Creates and issues an external intermediate CA certificate using a Certificate Signing Request (CSR) and API parameters.
GetCAInstanceStatus	GetCAInstanceStatus	Queries the status of a private root or intermediate CA instance that you purchased in the Certificate Management Service console.
DescribeCACertificateCount	DescribeCACertificateCount	Queries the total number of certificate authority (CA) certificates.
DescribeCACertificateList	DescribeCACertificateList	Queries information about all root and intermediate certificate authority (CA) certificates.
DescribeCACertificate	DescribeCACertificate	Queries the details of a CA certificate.
UpdateCACertificateStatus	UpdateCACertificateStatus	Changes the status of a root CA certificate or an intermediate CA certificate from Issued to Revoked.

Client certificates and server certificates

API	Title	Description
CreateCustomCertificate	CreateCustomCertificate	Issues a digital certificate with the specified subject, subject alternative names, key usage, and extended key usage.
CreateClientCertificate	CreateClientCertificate	Issues a single client certificate based on a system-generated Certificate Signing Request (CSR).
CreateClientCertificateWithCsr	CreateClientCertificateWithCsr	Issues a client certificate based on a Certificate Signing Request (CSR).
CreateServerCertificate	CreateServerCertificate	Issues a server certificate based on a system-generated Certificate Signing Request (CSR).
CreateServerCertificateWithCsr	CreateServerCertificateWithCsr	Issues a server certificate based on a custom certificate signing request (CSR).
CreateRevokeClientCertificate	CreateRevokeClientCertificate	Revokes a client certificate or a server certificate.
DeleteClientCertificate	DeleteClientCertificate	Deletes a revoked client or server-side certificate.
DescribeCertificatePrivateKey	DescribeCertificatePrivateKey	Retrieves the encrypted private key of a client certificate or a server certificate.
DescribeClientCertificate	DescribeClientCertificate	Queries the details of a client or server certificate using its unique identifier.
DescribeClientCertificateStatus	DescribeClientCertificateStatus	Queries the status of client and server certificates using their unique identifiers.
ListClientCertificate	ListClientCertificate	Queries the details of all client and server-side certificates.
ListRevokeCertificate	ListRevokeCertificate	Queries the details of all revoked client and server-side certificates.

Other

API	Title	Description
ListPcaCaCertificate	ListPcaCaCertificate	Queries private certificate authority (CA) certificates.
ListCert	ListCert	Retrieves a list of certificates.
UploadPcaCertToCas	UploadPcaCertToCas	Uploads a PCA certificate to Certificate Service.

Others

API	Title	Description
AssignCertificateCount	AssignCertificateCount	Assigns the total number of certificates to a data source.
DescribeClientCertificateForSerialNumber	DescribeClientCertificateForSerialNumber	Queries for the details of multiple client certificates or server-side certificates by their serial numbers.
DescribeClientCertificateStatusForSerialNumber	DescribeClientCertificateStatusForSerialNumber	Queries the status of client and server-side certificates using their serial numbers.
ListAllEndEntityInstance	ListAllEndEntityInstance	Queries end-entity instances.
ListCACertificateLog	ListCACertificateLog	Queries the operation logs for a CA certificate.
ListTagResources	ListTagResources	Queries the associations between resources (SSL Certificate instances) and their tags.
MoveResourceGroup	MoveResourceGroup	Moves a resource to a different resource group.
TagResources	TagResources	Attaches tags to one or more resources.
UntagResources	UntagResources	Removes tags from resources.
UpdatePcaCertificate	UpdatePcaCertificate	Updates certificate properties.