百度智能云

All Product Document

          Reference

          API Reference

          1. Introduction

          The certificate management module is mainly used to manage users' SSL certificates, which is convenient for users to enter and view SSL certificates.

          This document is suitable for developers. It mainly provides interfaces for creating certificates and viewing certificate lists.

          1.1 Terminology

          Noun Description
          certId Certificate ID, globally unique
          certName Certificate custom name
          certServerData Server certificate
          certPrivateData Certificate private key
          certLinkData Certificate chain data
          certCommonName Certificate Common Name
          certDNSNames Domain name included in the certificate
          certStartTime Certificate effective time
          certStopTime Certificate expiration time
          uploadPublicKey Upload the certificate public key to encrypt the data. Need to use the corresponding private key for confidential data later
          status Certificate use status, UNUSED means not used, IN_USE means in use
          expired Whether the certificate has expired, true indicates that it has expired
          certType Certificate type, 1 means server certificate, private key is required; 2 means client certificate, private key is not required

          1.2 Format Specifications

          Parameter Description
          certId Format: "Cert-xxxxxxxxxxxx" (12-bit random string), example: “cert-5atue8m3sxsv”。

          2. Call Method

          The Certificate Services API is provided as a Restful API.

          2.1 Request Structure

          2.1.1 Communication Potocol

          HTTP is currently supported, but HTTPS is not currently supported.

          2.1.2 Request Method

          Different types of APIs use different request methods, as shown below:

          API type Request method
          Read resource GET
          Modify resources PUT
          Batch query/create resource POST
          Deletion of resources DELETE
          Get resource status HEAD

          2.1.3 Character Encoding

          Both request and return results are encoded in UTF-8.

          2.2 Common Parameters

          2.2.1 Public Request Header

          Header Required or not Description
          Authorization Required See Authentication Mechanism
          Content-Type Required Always application/json; charset=utf-8
          x-bce-date Required For request time format, see [Time Format](#6.2 Time Format). The server will compare this time with the current server time. If the difference is more than 30 minutes, it will return RequestExpired Error

          2.2.2 Common Response Header

          Header Description
          Content-Type Always application/json; charset=utf-8
          x-bce-request-id [RequestId](#6.3 RequestId) corresponding to the request

          2.2.3 Authentication Mechanism

          See Public Cloud API Specification - Authentication Mechanism

          3.api list

          3.1 Create Certificate

          Method API Description
          POST /v1/certificate Create the certificate

          Request parameter

          Parameter name Parameter Type Required or not Description
          certName String Required Name of the certificate. The length is limited to 1-65 characters. It starts with a letter and only contains letters, numbers, ‘-’, ‘/’, ‘.’, ‘’, Java regular expression`^ [a-zA-Z]a-zA-Z0-9 \-/ \.]{2,64} $`
          certServerData String Required Data content of the server certificate (Base64 encoded)
          certPrivateData String Required Certificate private key data content (Base64 encoded)
          certLinkData String Optional Certificate chain data content (Base64 encoded)
          certType Integer Optional Certificate type, not required, default is 1

          Return parameter

          The return value is a certificate object (contains only certId and certName).

          Possible exception

          Exception code Description
          CertExceedLimit (409) Exceed the maximum number of users
          UnmatchedPairParameterInvalidException (400) Certificate validity time does not include current time
          PrivateKeyParameterInvalid (400) Private key parsing exception
          CertificateParameterInvalid (400) Certificate parsing exception
          CertChainParameterInvalid (400) Certificate chain parsing exception
          UnmatchedPairParameterInvalid (400) Public key and private key do not match

          Request example

              POST /v1/certificate HTTP/1.1
              HOST: certificate.baidubce.com
              Authorization: {authorization}
              Content-Type: application/json; charset=utf-8
              x-bce-date: 2014-06-01T23:00:10Z
          
              {
                  "certName": "TestCert",
                  "certServerData": "-----BEGIN CERTIFICATE-----\ngBs4mWchJjzl0IM3B+TrAD...\n-----END CERTIFICATE-----",
                  "certPrivateData": "-----BEGIN RSA PRIVATE KEY-----\n6JCfAxrrh7AoCg0jhqjgN/by0U2jwG/xFe...\n-----END RSA PRIVATE KEY-----"
              }

          Return example

              HTTP/1.1 200 OK
              Content-Type: application/json; charset=utf-8
              x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
          
              {
                  "certId": "cert-5atue8m3sxsv",
                  "certName": "TestCert"
              }

          3.2 Modify the Certificate Name

          Method API Description
          PUT / v1/certificate/{certId}? certName Modify the certificate name

          Possible exception

          Exception code Description
          AccessDeniedException No access
          ResourceNotFoundException Certificate does not exist

          Request parameter

          Parameter name Parameter Type Required or not Description
          certName String Required Certificate name

          Request example

              PUT /v1/certificate/cert-5atue8m3sxsv?certName HTTP/1.1
              HOST: certificate.baidubce.com
              Authorization: {authorization}
              Content-Type: application/json; charset=utf-8
              x-bce-date: 2014-06-01T23:00:10Z
          
              {
                  "certName": "TestCert"
              }

          Return example

              HTTP/1.1 200 OK
              Content-Type: application/json; charset=utf-8
              x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4

          3.3 Query the Certificate Based on the Certificate Name

          Method API Description
          GET / v1/certificate/certName={certName} Query user's certificate by certificate

          Request parameter

          Parameter name Parameter Type Required or not Description
          certName String Required Certificate name

          Return parameter

          Parameter name Parameter Type Description
          certs List<certificate> Array composed of certificates

          Request example

              GET /v1/certificate?certName=TestCert HTTP/1.1
              HOST: certificate.baidubce.com
              Authorization: {authorization}
              Content-Type: application/json; charset=utf-8
              x-bce-date: 2014-06-01T23:00:10Z

          Return example

              HTTP/1.1 200 OK
              Content-Type: application/json; charset=utf-8
              x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
          
              {
                  "certs": [
                      {
                          "certId": "cert-5atue8m3sxsv",
                          "certName": "TestCert",
                          "certCommonName": "httpstest.baidu.com",
                          "certStartTime": "2014-06-01T23:00:10Z",
                          "certStopTime": "2015-06-01T23:00:10Z",
                          "certCreateTime": "2014-06-01T23:00:10Z",
                          "certUpdateTime": "2014-06-01T23:00:10Z"
                      }
                  ] 
              }

          3.4 View Certificate List

          Method API Description
          GET /v1/certificate View a list of users' certificates

          Return parameter

          Parameter name Parameter Type Description
          certs List<certificate> Array composed of certificates

          Request example

              GET /v1/certificate HTTP/1.1
              HOST: certificate.baidubce.com
              Authorization: {authorization}
              Content-Type: application/json; charset=utf-8
              x-bce-date: 2014-06-01T23:00:10Z

          Return example

              HTTP/1.1 200 OK
              Content-Type: application/json; charset=utf-8
              x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
          
              {
                  "certs": [
                      {
                          "certId": "cert-5atue8m3sxsv",
                          "certName": "TestCert",
                          "certCommonName": "httpstest.baidu.com",
                          "certStartTime": "2014-06-01T23:00:10Z",
                          "certStopTime": "2015-06-01T23:00:10Z",
                          "certCreateTime": "2014-06-01T23:00:10Z",
                          "certUpdateTime": "2014-06-01T23:00:10Z"
                      },
                      {
                          "certId": "cert-xsdfwerdty67",
                          "certName": "TestCertFail",
                          "certCommonName": "httpstestfail.baidu.com",
                          "certStartTime": "2014-06-01T23:00:10Z",
                          "certStopTime": "2015-06-01T23:00:10Z",
                          "certCreateTime": "2014-06-01T23:00:10Z",
                          "certUpdateTime": "2014-06-01T23:00:10Z"
                      }
                  ] 
              }

          3.5 View Certificate List Details

          Method API Description
          GET /v1/certificate/detail View the details of the user's certificate list. Compared with the general query certificate list, the certificate includes the domain name and status information of the certificate.

          Return parameter

          Parameter name Parameter Type Description
          certs List<certificateDetail> Array composed of certificateDetail

          certificateDetail parameter list

          Parameter name Parameter Type Description
          certId String Certificate ID
          certName String Certificate name
          certCommonName String Certificate Common Name
          certStartTime DateTime Certificate effective time
          certStopTime DateTime Certificate expiration time
          certCreateTime DateTime Certificate creation time
          certUpdateTime DateTime Certificate renewal time
          certType Integer Certificate type
          certDNSNames String A list of domain names included in the certificate, separated by commas
          status String Certificate use status, UNUSED means not used, IN_USE means in use
          expired boolean Whether the certificate has expired

          Request example

              GET /v1/certificate/detail HTTP/1.1
              HOST: certificate.baidubce.com
              Authorization: {authorization}
              Content-Type: application/json; charset=utf-8
              x-bce-date: 2014-06-01T23:00:10Z

          Return example

              HTTP/1.1 200 OK
              Content-Type: application/json; charset=utf-8
              x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
          
              {
                  "certs": [
                      {
                          "certId": "cert-5atue8m3sxsv",
                          "certName": "TestCert",
                          "certCommonName": "httpstest.baidu.com",
                          "certStartTime": "2014-06-01T23:00:10Z",
                          "certStopTime": "2015-06-01T23:00:10Z",
                          "certCreateTime": "2014-06-01T23:00:10Z",
                          "certUpdateTime": "2014-06-01T23:00:10Z",
                          "certDNSNames": "baidu.com",
                          "status": "IN_USE",
                          "expired": false
                      },
                      {
                          "certId": "cert-xsdfwerdty67",
                          "certName": "TestCertFail",
                          "certCommonName": "httpstestfail.baidu.com",
                          "certStartTime": "2014-06-01T23:00:10Z",
                          "certStopTime": "2015-06-01T23:00:10Z",
                          "certCreateTime": "2014-06-01T23:00:10Z",
                          "certUpdateTime": "2014-06-01T23:00:10Z",
                          "certDNSNames": "baidu.com",
                          "status": "UNUSED",
                          "expired": true
                      }
                  ] 
              }

          3.6 Obtain Certificate Information

          Method API Description
          GET / v1/certificate/{certId} Get application information with certificate ID {certId}

          Return parameter

          The return value is a certificate object

          certificate parameter list

          Parameter name Parameter Type Description
          certId String Certificate ID
          certName String Certificate name
          certCommonName String Certificate Common Name
          certStartTime DateTime Certificate effective time
          certStopTime DateTime Certificate expiration time
          certCreateTime DateTime Certificate creation time
          certUpdateTime DateTime Certificate renewal time
          certType Integer Certificate type

          Possible exception

          Exception code Description
          AccessDeniedException No access
          ResourceNotFoundException Certificate does not exist

          Request example

          GET /v1/certificate/cert-5atue8m3sxsv HTTP/1.1
          HOST: certificate.baidubce.com
          Authorization: {authorization}
          Content-Type: application/json; charset=utf-8
          x-bce-date: 2014-06-01T23:00:10Z

          Return example

          HTTP/1.1 200 OK
          Content-Type: application/json; charset=utf-8
          x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
          
          {
              "certId": "cert-5atue8m3sxsv",
              "certName": "TestCert",
              "certCommonName": "httpstest.baidu.com",
              "certStartTime": "2014-06-01T23:00:10Z",
              "certStopTime": "2015-06-01T23:00:10Z",
              "certCreateTime": "2014-06-01T23:00:10Z",
              "certUpdateTime": "2014-06-01T23:00:10Z",
              "certType": 1
          }

          3.7 Delete Certificate

          Method API Description
          DELETE / v1/certificate/{certId} Delete the certificate

          Possible exception

          Exception code Description
          OperationNotAllowedException Certificate in use
          AccessDeniedException No access
          ResourceNotFoundException Certificate does not exist

          Request example

              DELETE /v1/certificate/cert-5atue8m3sxsv HTTP/1.1
              HOST: certificate.baidubce.com
              Authorization: {authorization}
              Content-Type: application/json; charset=utf-8
              x-bce-date: 2014-06-01T23:00:10Z

          Return example

              HTTP/1.1 200 OK
              Content-Type: application/json; charset=utf-8
              x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4

          3.8 Replace Certificate

          Method API Description
          PUT / v1/certificate/{certId}? certData Replace expired and unused certificates

          Request parameter

          Parameter name Parameter Type Required or not Description
          certName String Required Name of the certificate. The length is limited to 1-65 characters. It starts with a letter and only contains letters, numbers, ‘-’, ‘/’, ‘.’, ‘’, Java regular expression`^ [a-zA-Z]a-zA-Z0-9 \-/ \.]{2,64} $`
          certServerData String Required Data content of the server certificate (Base64 encoded)
          certPrivateData String Required Certificate private key data content (Base64 encoded)
          certLinkData String Optional Certificate chain data content (Base64 encoded)
          certType Integer Optional Certificate type, not required, default is 1

          Possible exception

          Exception code Description

          | OperationNotAllowedException(409)
          | AccessDeniedException (403)
          | ResourceNotFoundException (404)
          | CertExceedLimit (409)
          | UnmatchedPairParameterInvalidException (400)
          | PrivateKeyParameterInvalid (400)
          | CertificateParameterInvalid (400)
          | CertChainParameterInvalid (400)
          | UnmatchedPairParameterInvalid (400)

          Request example

              PUT /v1/certificate/cert-5atue8m3sxsv?certData HTTP/1.1	
              HOST: certificate.baidubce.com	
              Authorization: {authorization}	
              Content-Type: application/json; charset=utf-8	
              x-bce-date: 2014-06-01T23:00:10Z	
           	
              {	
                  "certName": "TestCert",	
                  "certServerData": "-----BEGIN CERTIFICATE-----\ngBs4mWchJjzl0IM3B+TrAD...\n-----END CERTIFICATE-----",	
                  "certPrivateData": "-----BEGIN RSA PRIVATE KEY-----\n6JCfAxrrh7AoCg0jhqjgN/by0U2jwG/xFe...\n-----END RSA PRIVATE KEY-----",	
                  	
              }	

          Return example

              HTTP/1.1 200 OK	
              Content-Type: application/json; charset=utf-8	
              x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4	

          6 Schedule

          6.1 Error Status Code

          CODE MESSAGE HTTP Status Code Description
          OperationNotAllowed Resource status conflict. 409 CONFLICT Resource status conflict, and the requested operation can not be performed
          ResourceNotFound Resource not found. 404 NOT_FOUND The requested resource does not exist
          ParametersNotChanged Parameters not changed. 403 FORBIDDEN Request parameters have not changed
          ResourceNameDuplicated Resource name duplicated. 409 CONFLICT Resource name duplicated.
          ParametersInvalid Parameters invalid. 400 BAD REQUEST Request parameter is invalid
          AccessDenied Access denied. 403 FORBIDDEN No access

          6.2 Time Format

          There are various methods to express date and time. For the sake of uniformity, unless it is a convention or a corresponding specification, wherever the date and time is required, UTC time shall be used, ISO 8601 shall be followed, and the following constraints shall be met:

          1. Fields expressing the date all utilize the YYYY-MM-DD format, e.g. 2014-06-01 which means June 1, 2014.
          2. Fields expressing time all utilize the hh:mm:ss format, with the capital letter Z added at the end, which means UTC time. E.g. 23:00:10Z means UTC time: 23:00:10.
          3. When the date and time is combined, the capital letter T is added between the two items, e.g. 2014-06-01T23:00:10Z means UTC time: 23:00:10 on June 1, 2014.

          6.3 RequestId

          All requests should uniquely correspond to an ID to identify the request. requestId can be used in many scenarios such as problem location, performance analysis, and so on. All logs should have a requestId for subsequent analysis.

          Previous
          Create a Certificate by a Third-party Organization
          Next
          JAVA-SDK