API overview - Certificate Management Service - Alibaba Cloud ドキュメントセンター

API standard and pre-built SDKs in multi-language

The OpenAPI specification of this product (cas/2020-06-30) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.

Custom signature

If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).

Before you begin

An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.

To call APIs securely, configure the following:

A RAM user account
An AccessKey pair for the account

Private CA certificates

API	Title	Description
CreateRootCACertificate	CreateRootCACertificate	Creates a root CA certificate.
CreateSubCACertificate	CreateSubCACertificate	Creates an intermediate certificate authority (CA) certificate.
CreateExternalCACertificate	CreateExternalCACertificate	Creates and issues an external intermediate CA certificate using a Certificate Signing Request (CSR) and API parameters.
GetCAInstanceStatus	GetCAInstanceStatus	Queries the status of a private root or intermediate CA instance that you purchased in the Certificate Management Service console.
DescribeCACertificateCount	DescribeCACertificateCount	Queries the number of created Certificate Authority (CA) certificates.
DescribeCACertificateList	DescribeCACertificateList	Queries information about all root and intermediate certificate authority (CA) certificates.
DescribeCACertificate	DescribeCACertificate	Queries the details of a CA certificate.
UpdateCACertificateStatus	UpdateCACertificateStatus	Changes the status of a root Certificate Authority (CA) certificate or an intermediate CA certificate from ISSUE to REVOKE.

Client certificates and server certificates

API	Title	Description
CreateCustomCertificate	CreateCustomCertificate	Issues a digital certificate with a specified subject, subject alternative name, key usage, and extended key usage.
CreateClientCertificate	CreateClientCertificate	Issues a client certificate based on a system-generated Certificate Signing Request (CSR).
CreateClientCertificateWithCsr	CreateClientCertificateWithCsr	Issues a client certificate based on a custom Certificate Signing Request (CSR).
CreateServerCertificate	CreateServerCertificate	Creates a server-side certificate from a system-generated Certificate Signing Request (CSR).
CreateServerCertificateWithCsr	CreateServerCertificateWithCsr	Issues a server-side certificate based on a custom Certificate Signing Request (CSR).
CreateRevokeClientCertificate	CreateRevokeClientCertificate	Revokes a client certificate or a server certificate.
DeleteClientCertificate	DeleteClientCertificate	Deletes a revoked client or server-side certificate.
DescribeCertificatePrivateKey	DescribeCertificatePrivateKey	Retrieves the encrypted private key of a single client certificate or server-side certificate.
DescribeClientCertificate	DescribeClientCertificate	Queries the details of a single client or server-side certificate by its unique identifier.
DescribeClientCertificateStatus	DescribeClientCertificateStatus	Queries the status of client and server-side certificates using their unique identifiers.
ListClientCertificate	ListClientCertificate	Queries the details of all client and server-side certificates.
ListRevokeCertificate	ListRevokeCertificate	Queries the details of all revoked client and server-side certificates.

Other

API	Title	Description
ListPcaCaCertificate	ListPcaCaCertificate	Queries private CA certificates.
ListCert	ListCert	Retrieves a list of certificates.
UploadPcaCertToCas	UploadPcaCertToCas	Uploads a PCA certificate to Certificate Service.

Others

API	Title	Description
AssignCertificateCount	AssignCertificateCount	Assigns the total number of certificates to a data source.
DescribeClientCertificateForSerialNumber	DescribeClientCertificateForSerialNumber	Queries the details of multiple client or server-side certificates by their serial numbers.
DescribeClientCertificateStatusForSerialNumber	DescribeClientCertificateStatusForSerialNumber	Queries the status of client and server-side certificates using their serial numbers.
DescribePcaAndExternalCACertificateList	DescribePcaAndExternalCACertificateList	Returns all your certification authority (CA) certificates. These include certificates generated by Private CA and imported external certificates.
ListAllEndEntityInstance	ListAllEndEntityInstance	Queries end-entity instances.
ListCACertificateLog	ListCACertificateLog	Queries the operation logs for a CA certificate.
ListTagResources	ListTagResources	Queries the associations between resources (SSL Certificate instances) and their tags.
MoveResourceGroup	MoveResourceGroup	Moves a resource to a different resource group.
TagResources	TagResources	Attaches tags to one or more resources.
UntagResources	UntagResources	Removes tags from resources.
UpdatePcaCertificate	UpdatePcaCertificate	Updates the properties of a certificate.