api reference - huawei cloud · ssl certificate manager api reference issue 03 date 2020-01-20...

SSL Certificate Manager

API Reference

Issue 03

Date 2020-01-20

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. i

Contents

1 Before You Start....................................................................................................................... 11.1 Overview.................................................................................................................................................................................... 11.2 API Calling..................................................................................................................................................................................11.3 Endpoints....................................................................................................................................................................................11.4 Constraints................................................................................................................................................................................. 21.5 Concepts..................................................................................................................................................................................... 21.6 Selecting an API Type.............................................................................................................................................................3

2 API Overview............................................................................................................................ 4

3 Calling APIs............................................................................................................................... 63.1 Making an API Request......................................................................................................................................................... 63.2 Authentication.......................................................................................................................................................................... 93.3 Returned Values.................................................................................................................................................................... 10

4 SCM APIs..................................................................................................................................124.1 Purchasing an SSL Certificate........................................................................................................................................... 124.2 Querying the Certificate List............................................................................................................................................. 154.3 Querying Details of a Certificate..................................................................................................................................... 194.4 Modifying a Certificate....................................................................................................................................................... 234.5 Querying the Product Type of a Certificate................................................................................................................. 244.6 Querying the Product Details of a Certificate.............................................................................................................274.7 Applying for a Certificate................................................................................................................................................... 294.8 Verifying a CSR...................................................................................................................................................................... 334.9 Saving Certificate Information......................................................................................................................................... 354.10 Reading the Information Entered When Applying for a Certificate..................................................................384.11 Canceling an Application................................................................................................................................................. 414.12 Deleting a Certificate........................................................................................................................................................ 424.13 Uploading Authentication Information...................................................................................................................... 434.14 Downloading a Certificate...............................................................................................................................................454.15 Uploading a Certificate.....................................................................................................................................................464.16 Revoking a Certificate....................................................................................................................................................... 474.17 Pushing a Certificate......................................................................................................................................................... 494.18 Querying Push Records.....................................................................................................................................................504.19 Canceling Authorization for Privacy Information.................................................................................................... 52

SSL Certificate ManagerAPI Reference Contents

Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. ii

4.20 Adding an Additional Domain Name.......................................................................................................................... 53

5 Permissions Policies and Supported Actions...................................................................565.1 Introduction to Permissions Policies and Supported Actions.................................................................................565.2 API Actions.............................................................................................................................................................................. 57

A Appendix................................................................................................................................. 61A.1 Status Codes........................................................................................................................................................................... 61A.2 Error Codes............................................................................................................................................................................. 62A.3 Obtaining a Project ID........................................................................................................................................................ 65

B Change History...................................................................................................................... 67

SSL Certificate ManagerAPI Reference Contents

Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. iii

1 Before You Start

1.1 OverviewWelcome to SSL Certificate Manager (SCM) API Reference. SCM providescustomers with a one-stop management service for SSL certificates throughouttheir lifecycles. Jointly developed by HUAWEI CLOUD and globally well-knowndigital certificate agencies, SCM implements trusted identity authentication andsecure data transmission for websites.

You can use the APIs provided in this document to perform operations oncertificates, such as certificate application, querying the certificate list, anddeleting a certificate. For details about all supported operations, see APIOverview.

Before calling SCM APIs, ensure that you have understood the concepts related toSCM. For more information, see What Is SSL Certificate Manager?

1.2 API CallingSCM supports Representational State Transfer (REST) APIs, allowing you to callAPIs using HTTPS. For details about API calling, see Calling APIs.

1.3 EndpointsAn endpoint is the request address for calling an API. SCM is a global servicedeployed for all physical regions. Table 1-1 lists the endpoints of SCM. You canobtain SCM endpoints at Regions and Endpoints.

Table 1-1 SCM endpoints

Region EndpointRegion

Endpoint Protocol Type

All All scm.cn-north-4.myhuaweicloud.com

HTTPS

SSL Certificate ManagerAPI Reference 1 Before You Start

Issue 03 (2020-01-20) Copyright © Huawei Technologies Co., Ltd. 1

https://support.huaweicloud.com/en-us/productdesc-scm/scm_01_0001.html

https://developer.huaweicloud.com/en-us/endpoint?SCM

1.4 ConstraintsFor more constraints, see the API description.

1.5 Concepts● Account

An account is created upon successful registration with HUAWEI CLOUD. Theaccount has full access permissions for all of its cloud services and resources.It can be used to reset user passwords and grant user permissions. Theaccount is a payment entity and should not be used directly to performroutine management. For security purposes, create IAM users and grant thempermissions for routine management.

● IAM userAn IAM user is created using an account to use cloud services. Each IAM userhas its own identity credentials (password and access keys).An IAM user can view the account ID and user ID on the My Credentialspage of the console. The account name, username, and password will berequired for API authentication.

● RegionRegions are divided based on geographical location and network latency.Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service(EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP(EIP), and Image Management Service (IMS), are shared within the sameregion. Regions are classified into universal regions and dedicated regions. Auniversal region provides universal cloud services for common tenants. Adedicated region provides specific services for specific tenants.For details, see Region and AZ.

● Availability Zone (AZ)An AZ contains one or more physical data centers. Each AZ has independentcooling, fire extinguishing, moisture-proof, and electricity facilities. Within anAZ, computing, network, storage, and other resources are logically dividedinto multiple clusters. AZs within a region are interconnected using high-speed optical fibers to support cross-AZ high-availability systems.

● ProjectProjects group and isolate resources (including compute, storage, and networkresources) across physical regions. A default project is provided for eachregion, and subprojects can be created under each default project. Users canbe granted permissions to access all resources in a specific project. For morerefined access control, create subprojects under a project and create resourcesin the subprojects. Users can then be assigned permissions to access onlyspecific resources in the subprojects.



https://console.huaweicloud.com/iam/?locale=en-us#/myCredential

https://support.huaweicloud.com/en-us/usermanual-iaas/en-us_topic_0184026189.html

Figure 1-1 Project isolating model

1.6 Selecting an API TypeFor SSH key pairs, V2.1 and V2 API Types are available. It is recommended thatyou choose V2.1, which can better meet your demands.



2 API Overview

By using the APIs provided by SCM, you can use all functions of SCM.

API Description

Purchasing an SSLCertificate

Purchase an SSL certificate.

Querying the CertificateList

Query the certificate list.

Querying Details of aCertificate

Query details of a certificate.

Modifying a Certificate Modify the name or description of a certificate.

Querying the ProductType of a Certificate

Query the product type of a certificate.

Querying the ProductDetails of a Certificate

Query the product details of a certificate.

Applying for aCertificate

Apply for a certificate.

Verifying a CSR Verify a CSR.

Saving CertificateInformation

Save the information entered when applying for acertificate.

Reading the InformationEntered When Applyingfor a Certificate

Read the information saved when applying for acertificate.

Canceling anApplication

Cancel an application.

Deleting a Certificate Delete a certificate.

UploadingAuthenticationInformation

Upload authentication information, such as thebank license and company business license.

SSL Certificate ManagerAPI Reference 2 API Overview


API Description

Downloading aCertificate

Download a certificate.

Uploading a Certificate Upload a certificate.

Revoking a Certificate Revoke a certificate.

Pushing a Certificate Push a certificate to another HUAWEI CLOUDservice.

Querying Push Records Query the records of an SSL certificate to be pushedto another HUAWEI CLOUD service.

Canceling Authorizationfor Privacy Information

Cancel authorization for privacy information.

Adding an AdditionalDomain Name

Add an additional domain name.

SSL Certificate ManagerAPI Reference 2 API Overview


3 Calling APIs

3.1 Making an API RequestThis section describes the structure of a REST API request, and uses the IAM APIfor obtaining a user token as an example to demonstrate how to call an API. Theobtained token can then be used to authenticate the calling of other APIs.

Request URIA request URI is in the following format:

{URI-scheme} :// {Endpoint} / {resource-path} ? {query-string}

Although a request URI is included in the request header, most programminglanguages or frameworks require the request URI to be transmitted separately.

● URI-scheme:Protocol used to transmit requests. All APIs use HTTPS.

● Endpoint:Domain name or IP address of the server bearing the REST service. Theendpoint varies between services in different regions. It can be obtained fromRegions and Endpoints.For example, the endpoint of IAM in the CN North-Beijing1 region is iam.cn-north-1.myhuaweicloud.com.

● resource-path:Access path of an API for performing a specified operation. Obtain the pathfrom the URI of an API. For example, the resource-path of the API used toobtain a user token is /v3/auth/tokens.

● query-string:Query parameter, which is optional. Ensure that a question mark (?) isincluded before each query parameter that is in the format of "Parametername=Parameter value". For example, ?limit=10 indicates that a maximum of10 data records will be displayed.

For example, to obtain an IAM token in the CN North-Beijing1 region, obtain theendpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the

SSL Certificate ManagerAPI Reference 3 Calling APIs


https://support.huaweicloud.com/en-us/api-iam/iam_30_0001.html

https://developer.huaweicloud.com/en-us/endpoint

resource-path (/v3/auth/tokens) in the URI of the API used to obtain a usertoken. Then, construct the URI as follows:

https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens

Figure 3-1 Example URI

To simplify the URI display in this document, each API is provided only with a resource-path and a request method. The URI-scheme of all APIs is HTTPS, and the endpoints of allAPIs in the same region are identical.

Request MethodsThe HTTP protocol defines the following request methods that can be used tosend a request to the server:

● GET: requests the server to return specified resources.● PUT: requests the server to update specified resources.● POST: requests the server to add resources or perform special operations.● DELETE: requests the server to delete specified resources, for example, an

object.● HEAD: same as GET except that the server must return only the response

header.● PATCH: requests the server to update partial content of a specified resource.

If the resource does not exist, a new resource will be created.

For example, in the case of the API used to obtain a user token, the requestmethod is POST. The request is as follows:

POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens

Request HeaderYou can also add additional header fields to a request, such as the fields requiredby a specified URI or HTTP method. For example, to request for the authenticationinformation, add Content-Type, which specifies the request body type.

Common request header fields are as follows:

● Content-Type: specifies the request body type or format. This field ismandatory and its default value is application/json. Other values of this fieldwill be provided for specific APIs if any.

● X-Auth-Token: specifies a user token only for token-based API authentication.The user token is a response to the API used to obtain a user token. This APIis the only one that does not require authentication.







In addition to supporting token-based authentication, APIs also support authenticationusing access key ID/secret access key (AK/SK). During AK/SK-based authentication, anSDK is used to sign the request, and the Authorization (signature information) and X-Sdk-Date (time when the request is sent) header fields are automatically added to therequest.For more information, see AK/SK-based Authentication.

The API used to obtain a user token does not require authentication. Therefore,only the Content-Type field needs to be added to requests for calling the API. Anexample of such requests is as follows:

POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokensContent-Type: application/json

Request BodyThe body of a request is often sent in a structured format as specified in theContent-Type header field. The request body transfers content except the requestheader.

The request body varies between APIs. Some APIs do not require the request body,such as the APIs requested using the GET and DELETE methods.

In the case of the API used to obtain a user token, the request parameters andparameter description can be obtained from the API request. The followingprovides an example request with a body included. Set username to the name ofa user, domainname to the name of the account that the user belongs to, ********to the user's login password, and xxxxxxxxxxxxxxxxxx to the project name, suchas cn-north-1. You can learn more information about projects from Regions andEndpoints. Check the value of the Region column.

The scope parameter specifies where a token takes effect. You can set scope to an accountor a project under an account. In the following example, the token takes effect only for theresources in a specified project. For more information about this API, see Obtaining a UserToken.

POST https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokensContent-Type: application/json

{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "username", "password": "********", "domain": { "name": "domainname" } } } }, "scope": { "project": { "name": "xxxxxxxxxxxxxxxxxx" }









} }}

If all data required for the API request is available, you can send the request to callthe API through curl, Postman, or coding. In the response to the API used toobtain a user token, x-subject-token is the desired user token. This token canthen be used to authenticate the calling of other APIs.

3.2 AuthenticationRequests for calling an API can be authenticated using either of the followingmethods:

● Token-based authentication: Requests are authenticated using a token.● AK/SK-based authentication: Requests are authenticated by encrypting the

request body using an AK/SK pair. This method is recommended because itprovides higher security than token-based authentication.

Token-based Authentication

The validity period of a token is 24 hours. When using a token for authentication, cache itto prevent frequently calling the IAM API used to obtain a user token.

A token specifies temporary permissions in a computer system. During APIauthentication using a token, the token is added to requests to get permissions forcalling the API.

In Making an API Request, the process of calling the API used to obtain a usertoken is described. After a token is obtained, the X-Auth-Token header field mustbe added to requests to specify the token when calling other APIs. For example, ifthe token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request asfollows:

Content-Type: application/jsonX-Auth-Token: ABCDEFJ....

AK/SK-based Authentication

AK/SK-based authentication supports API requests with a body not larger than 12 MB. ForAPI requests with a larger body, token-based authentication is recommended.

In AK/SK-based authentication, AK/SK is used to sign requests and the signature isthen added to the requests for authentication.

● AK: access key ID, which is a unique identifier used in conjunction with asecret access key to sign requests cryptographically.

● SK: secret access key used in conjunction with an AK to sign requestscryptographically. It identifies a request sender and prevents the request frombeing modified.



https://curl.haxx.se/

https://www.getpostman.com/



In AK/SK-based authentication, you can use an AK/SK to sign requests based onthe signature algorithm or use the signing SDK to sign requests. For details abouthow to sign requests and use the signing SDK, see API Signature Guide.

NO TICE

The signing SDK is only used for signing requests and is different from the SDKsprovided by services.

3.3 Returned Values

Status Codes

After sending a request, you will receive a response containing the status code,response header, and response body.

A status code is a group of digits ranging from 1xx to 5xx. It indicates the status ofa response. For more information, see Status Codes.

If status code 201 is returned for the calling of the API for obtaining a usertoken, the request is successful.

Response Header

A response header corresponds to a request header, for example, Content-Type.

Figure 3-2 shows the response header for the API of obtaining a user token, inwhich x-subject-token is the desired user token. Then, you can use the token toauthenticate the calling of other APIs.

Figure 3-2 Header of the response to the request for obtaining a user token



https://support.huaweicloud.com/en-us/devg-apisign/api-sign-provide.html




(Optional) Response BodyA response body is generally returned in a structured format, corresponding to theContent-Type in the response header, and is used to transfer content other thanthe response header.

The following shows part of the response body for the API to obtain a user token.For the sake of space, only part of the content is displayed here.

{ "token": { "expires_at": "2019-02-13T06:52:13.855000Z", "methods": [ "password" ], "catalog": [ { "endpoints": [ { "region_id": "xxxxxxxx",......

If an error occurs during API calling, the system returns an error code and amessage to you. The following shows the format of an error response body:

{ "error_msg": "The format of message is error", "error_code": "AS.0001"}

In the preceding information, error_code is an error code, and error_msgdescribes the error.




4 SCM APIs

4.1 Purchasing an SSL Certificate

FunctionThis API is used to purchase an SSL certificate.

The request parameter agree_privacy_protection must be set to true. Otherwise, thecertificate purchase application cannot be submitted.

URI● URI format

POST /v2/{project_id}/scm/cert/purchase● Parameters

Parameter Mandatory Type Description

project_id Yes String Project ID.

RequestRequest parameters


cert_brand Yes String Certificate brand.For example: GLOBALSIGN

SSL Certificate ManagerAPI Reference 4 SCM APIs



cert_type Yes String Certificate type. Options:● OV_SSL_CERT:

Organization Validation(OV) SSL certificate.

● EV_SSL_CERT: ExtendedValidation (EV) SSLcertificate.

domain_type Yes String Domain name type. Options:● SINGLE_DOMAIN: single-

domain name type.● MULTI_DOMAIN: multi-

domain name type.● WILDCARD: wildcard

domain name type.

effective_time Yes Integer Certificate validity period, inyears. Options:● 1: Purchase a certificate

with a validity period ofone year.

● 2: Purchase a certificatewith a validity period oftwo years.

domain_numbers

Yes Integer Number of domain names.● If domain_type is set to

SINGLE_DOMAIN orWILDCARD, the value ofdomain_numbers is 1.

● If domain_type is set toMULTI_DOMAIN, thevalue range ofdomain_numbers is 2 to100.

order_number Yes Integer Number of purchasedcertificates. Value range:1-1000.




agree_privacy_protection

Yes Boolean Whether to agree with theprivacy statement.● true: Agree with the

privacy statement.● false: Disagree with the

privacy statement.You can purchase acertificate only when thisparameter is set to true.

ResponseResponse parameters


order_id Yes String Order ID.

cert Yes Array ofcertobjects

Certificate list. For details,see Table 4-1.

Table 4-1 cert


cert_id Yes String Certificate ID.

ExampleThe following describes how to purchase an OV certificate whose brand isGlobalSign, domain name type is multi-domain name, number of domain namesis 5, and validity period is one year.

● Example request{ "cert_brand":"GLOBALSIGN", "cert_type":"OV_SSL_CERT ", "domain_type":"MULTI_DOMAIN", "effective_time": 1, "domain_numbers": 5, "order_number": 1, "agree_privacy_protection":true }

● Example response{ "order_id": "CS1803192259ROA8U" "cert": [{ "cert_id": "scs1481110651012",



}] }

or{ "error_code": "SCM.XXXX", "error_msg": "XXXX" }

Status CodesTable 4-2 lists the normal status code returned by the API.

Table 4-2 Status code

Status Code Status Description

200 OK Request processed successfully.

Exception status code. For details, see Status Codes.

4.2 Querying the Certificate List

FunctionThis API is used to query the certificate list based on a certificate name or bounddomain name.

URI● URI format

GET /v2/{project_id}/scm/certlist?order_status=&content=&sort_key=&sort_dir=&limit=&offset=

● Parameters







order_status No String Certificate status. Options:● PAID: The certificate has

been paid.● ISSUED: The certificate

has been issued.● CHECKING: The

certificate application isbeing reviewed.

● CANCELCHECKING: Thecertificate applicationcancellation is beingreviewed.

● UNPASSED: Thecertificate applicationfails.

● EXPIRED: The certificatehas expired.

● REVOKING: Thecertificate revocationapplication is beingreviewed.

● REVOKED: Thecertificate has beenrevoked.

● UPLOAD: The certificateis being hosted.

● SUPPLEMENTCHECK-ING: Additional domainnames to be added for amulti-domain certificateis being reviewed.

● CANCELSUPPLEMENT-ING: The cancellation onadditional domainnames to be added isbeing reviewed.

content No String Keyword for search.

sort_key No String Sorting criterion. Options:● certExpiredTime:

certificate expirationtime.

● certStatus: certificatestatus.

● certUpdateTime:certificate update time.




sort_dir No String Sorting method. Sorting isperformed based on thesorting parametersort_key. Options:● ASC: ascending order.● DESC: descending order.

limit No Integer Maximum number ofpieces of certificateinformation to be displayedon each page. Options:● 10: Each page displays

up to 10 pieces ofcertificate information.

● 20: Each page displaysup to 20 pieces ofcertificate information.

● 50: Each page displaysup to 50 pieces ofcertificate information.

offset No Integer Offset. Value range: 1-30.



total Yes Integer Number of certificates in alist.

free_remain Yes Integer Remaining quota of thefree test certificate.

order_list Yes Array oforder_listobjects

Certificate list. For details,see Table 4-3.

Table 4-3 order_list



cert_name Yes String Certificate name.

domain Yes String Bound domain name.




cert_type Yes String Certificate type.

cert_brand Yes String Certificate brand.

domain_type Yes String Domain name type.

purchase_period Yes Integer Validity period.

expired_time Yes String Certificate expiration time.

order_status Yes String Certificate status.

domain_num Yes Integer Number of domain names.

wildcard_number

Yes Integer Number of wildcarddomain names.

cert_des Yes String Certificate description.

Example● Example request

None● Example response

{ "total": 1, "free_remain":"19", "order_list": [{ "cert_id": "scs1481110651012", "cert_name": "scs-0001", "domain": "*.example.com", "cert_type": "GE00V01", "cert_brand":"GLOBALSIGN", "domain_type":" SINGLE_DOMAIN ", "purchase_period":1, "expired_time":"15051501510501", "order_state":"completed ", "domain_num":10, "wildcard_number":2,"cert_des":"***********" }] }









4.3 Querying Details of a Certificate

Function

This API is used to query details of a certificate.

URI● URI format

GET /v2/{project_id}/scm/cert/{cert_id}● Parameters




Request

Request parameters

None

Response

Response parameters



order_id Yes String Order ID.

cert_name Yes String Certificate name.

cert_type Yes String Certificate type.Example: OV

cert_brand Yes String Certificate brand.Example: GLOBALSIGN




domain_type Yes String Domain name type.Example:MUILT_DOMAIN

domain_name Yes String Domain name bound to acertificate.Example:funnyzx.com;abc.com

domain_number Yes Integer Number of domains.Example: 3

cert_describe Yes String Certificate description.

push_support Yes String Whether a certificate canbe pushed.

revoke_reason Yes String Reason for certificaterevocation.

domain_name Yes String Domain name bound to acertificate. Multipledomain names areseparated by semicolons(;).Example:www.example.com;www.example1.com;www.example2.com

company_name Yes String Company name.

company_province Yes String State or region where acompany is located.

company_city Yes String City where a company islocated.

applicant_name Yes String Name of a companycontact.

applicant_phone Yes String Phone number of acompany contact.

applicant_email Yes String Email of a companycontact.

contact_name Yes String Name of a technicalcontact.

contact_phone Yes String Phone number of atechnical contact.




contact_email Yes String Email of a technicalcontact.

status Yes String Certificate status.

encrypt_type Yes String Signature encryptionalgorithm.

country Yes String Country code.

organization_unit Yes String Company department.

DNS_push_status Yes String DNS push status● ON: indicates that the

push is successful.● OFF: indicates that the

push fails.● NONE: indicates that

the push function isnot enabled.

auth Yes Array of authobjects

Certificate authenticationstatus. For details, seeTable 4-5.

Table 4-5 auth


method Yes String Authentication method.

status Yes String Certificate authenticationstatus.

domain_name Yes String Domain name for DNSauthentication.

host_record Yes String Host record of DNSauthentication.

record_type Yes String Record type of DNSauthentication.

record Yes String Record value of DNSauthentication.


None



● Example response{"cert_id": "scs1481110651012","order_id ": "CS1803192259ROA8U","cert_name": "test","cert_type": "OV","cert_brand": "GEOTRUST","domain_type": "MUILT_DOMAIN","domain_name": "funnyzx.com;abc.com","domain_number": 3,"cert_describe": "XXXXXXXXX","push_support": "on","revoke_reason":"xxxxxxxxxxx","domain_name": " www.test.com;*.example1.com;*.example2.com","company_name": "Huawei Technologies Co., Ltd.","company_province": "Guangdong","company_city": "Shenzhen","applicant_name": "Tom","applicant_phone": "13087654321","applicant_email": "[email protected]","contact_name": "Jacky","contact_phone": "13087654321","contact_email": "[email protected]","status": "PAID","encrypt_type": "SHA256withRSA2048","country": "CN","organization_unit": "unit","DNS_push_status": "ON","auth": [{"method": "DNS","status": " checking ","domain_name": "www.test.com","host_record": "dnsauth","record_type": "TXT","record": "201803272148qwedginciog08" }]}









4.4 Modifying a Certificate

Function

This API is used to change the name or description of a certificate.

URI● URI format

PUT /v2/{project_id}/scm/cert/{cert_id}

● Parameters




Request

Request parameters


modify_key Yes String Change key. The value can beCERT_NAME orDESCRIPTION.● CERT_NAME: indicates the

name of a certificate to bemodified.

● DESCRIPTION: indicatesthe description of acertificate to be modified.

modify_value Yes String Modification details.● If the change key is

CERT_NAME, the value cancontain only digits, letters,and hyphens (-). The valueis a string of 0 to 63characters and cannot benull.

● When the change key isDESCRIPTION, the value isa string of 0 to 255characters and can be null.



Response

Response parameters


response_info Yes String Request result.

Examples

The following describes how to change the certificate name to sssaaaa.

● Example request{"modify_key":"CERT_NAME","modify_value": "sssaaaa"}

● Example response{ "response_info":"success" }


Status Codes

Table 4-7 lists the normal status code returned by the API.





4.5 Querying the Product Type of a Certificate

Function

This API is used to query information about all products that are being sold onSCM.

URI● URI format

GET /v2/{project_id}/scm/cert/product



● Parameters




None



type_list Yes Array oftype_listobjects

Product type list. Fordetails, see Table 4-8.

Table 4-8 type_list


cert_type Yes String Certificate type.● OV_SSL_CERT:

OrganizationValidation (OV) SSLcertificate.

● EV_SSL_CERT:Extended Validation(EV) SSL certificate.

cert_brand Yes String Certificate brand.GLOBALSIGN: GlobalSignbrand.

domain_type Yes String Domain name type.● SINGLE_DOMAIN:

single-domain nametype.

● MULTI_DOMAIN:multi-domain nametype.

● WILDCARD: wildcarddomain name type.

product_id Yes String Product ID.




effective_time Yes Integer Certificate validity period(year).● 1: The validity period

of the certificate isone year.

● 2: The validity periodof the certificate istwo years.

product_name Yes String Product name.



{ "type_list": [{"cert_type": "OV_SSL_CERT","cert_brand":"GLOBALSIGN","domain_type":"SINGLE_DOMAIN","product_id":"00301-106005-0--0","effective_time":1," product_name ":"globalsign.single.ov.2"}]}









4.6 Querying the Product Details of a Certificate

FunctionThis API is used to query details about a specified certificate.

URI● URI format

GET /v2/{project_id}/scm/product/{product_id}● Parameters



product_id Yes String Product ID.


None



cert_type Yes String Certificate type.● OV_SSL_CERT:

OrganizationValidation (OV) SSLcertificate.

● EV_SSL_CERT:Extended Validation(EV) SSL certificate.

cert_brand Yes String Certificate brand.GLOBALSIGN: GlobalSignbrand.




domain_type Yes String Domain name type.● SINGLE_DOMAIN:

single-domain nametype.

● MULTI_DOMAIN:multi-domain nametype.

● WILDCARD: wildcarddomain name type.

effective_time Yes Integer Certificate validity period,in years.● 1: The validity period

of the certificate is oneyear.

● 2: The validity periodof the certificate is twoyears.



{"cert_type": "OV_SSL_CERT","cert_brand":"GLOBALSIGN","domain_type":"SINGLE_DOMAIN","effective_time":1}


Status Codes








4.7 Applying for a Certificate

Function

This API is used to complete certificate application information, such as thedomain name bound to a certificate and the applicant's detailed information.

The request parameter agree_privacy_protection must be set to true. Otherwise, thecertificate application information cannot be submitted.

URI● URI format

POST /v2/{project_id}/scm/cert/{cert_id}/complete

● Parameters




Request

Request parameters


domain Yes String Domain name bound to acertificate.● If the certificate to be

purchased is a single-domain or wildcarddomain namecertificate, enter thesingle-domain orwildcard domain name.

● If the certificate to bepurchased is a multi-domain certificate,select one domainname as the primarydomain name.

Example:www.example.com




sans No String Additional domain nameof the certificate that isbound to a multi-domaincertificate.Set this parameter onlywhen the certificate to bepurchased is a multi-domain certificate and thenumber of additionaldomain names can beincreased.Multiple domain namesmust be separated bysemicolons (;).Example:www.example.com;www.example1.com;www.example2.com

CSR No String Certificate CSR, whichmust match the domainname.

company_name Yes String Company name. Thisparameter is mandatoryfor certificates of the OVand EV types.The value is a string of 0to 63 characters.

company_unit No String Department name. Thisparameter is optional forcertificates of the OV andEV types.The value is a string of 0to 63 characters.

company_province

Yes String State or region where acompany is located. Thisparameter is mandatoryfor certificates of the OVand EV types.The value is a string of 0to 63 characters.




company_city Yes String City where a company islocated. This parameter ismandatory for certificatesof the OV and EV types.The value is a string of 0to 63 characters.

country Yes String Country code.● CN: China● HK: Hong Kong SAR,

China● US: United States

applicant_name Yes String Applicant name.The value is a string of 0to 63 characters.

applicant_phone Yes String Phone number of anapplicant.Example: 13212345678

applicant_email Yes String Email of an applicant.Example:example.huawei.com

contact_name No String Name of a technicalcontact.The value is a string of 0to 63 characters.

contact_phone No String Phone number of atechnical contact.Example: 13212345678

contact_email No String Email of a technicalcontact.Example:example.huawei.com




auto_dns_auth No Boolean Whether to push DNSauthentication informationto HUAWEI CLOUD DNS.● true: DNS

authenticationinformation is pushedto HUAWEI CLOUDDNS.

● false: DNSauthenticationinformation is notpushed to HUAWEICLOUD DNS.


Yes Boolean Whether to agree with theprivacy statement.● true: Agree with the

privacy statement.● false: Disagree with the

privacy statement.You can submit yourcertificate application onlywhen this parameter is setto true.



request_info Yes String Request result.

ExampleThe following describes how to supplement information about a certificate.

● Example request{ "domain":"www.xzz.com", "company_name": "Huawei Chengdu branch", "company_province": "Sichuan", "company_city": "Chengdu", "applicant_name": "Tom", "applicant_phone":"13212345678", "applicant_email":"[email protected]", "CSR":"", "sans":"", "country":"CN", "company_unit": "Human Resource Dept",



"contact_name": "Jacky", "contact_phone":"13512345678", "contact_email":"[email protected]", "auto_dns_auth":false, "agree_privacy_protection":true}

● Example response{ "request info":"success"}


Status Codes






4.8 Verifying a CSR

Function

This API is used to verify a certificate signing request (CSR) and resolve thedomain name.

URI● URI format

POST /v2/{project_id}/scm/check-csr

● Parameters



Request

Request parameters




CSR Yes String Certificate signingrequest.



domain_name Yes String Domain name in theCSR.

ExampleThe following describes how to verify a CSR.

● Example request{ "CSR":"-----BEGIN NEW CERTIFICATE REQUEST-----******-----END NEW CERTIFICATE REQUEST-----"}

● Example response{ "domain": "a.example1.com"}









4.9 Saving Certificate Information

Function

This API is used to save certificate information entered during certificateapplication.

The request parameter agree_privacy_protection must be set to true. Otherwise,certificate information cannot be saved.

URI● URI format

POST /v2/{project_id}/scm/cert/{cert_id}/save● Parameters




Request

Request parameters


domain Yes String Domain name bound toa certificate.

sans No String Additional domainnames of a multi-domain certificate.Multiple domain namesare separated bysemicolons (;).

CSR No String Certificate CSR, whichmust match the domainname.

company_name Yes String Company name. Thisparameter is mandatoryfor certificates of the OVand EV types.The value is a string of 0to 63 characters.




company_unit No String Department name. Thisparameter is optionalfor certificates of the OVand EV types.The value is a string of 0to 63 characters.

company_province Yes String State or region where acompany is located. Thisparameter is mandatoryfor certificates of the OVand EV types.The value is a string of 0to 63 characters.

company_city Yes String City where a company islocated. This parameteris mandatory forcertificates of the OVand EV types.The value is a string of 0to 63 characters.

country Yes String Country code.

applicant_name Yes String Applicant name.The value is a string of 0to 63 characters.



contact_name No String Name of a technicalcontact.The value is a string of 0to 63 characters.

contact_phone No String Phone number of atechnical contact.Example: 13212345678

contact_email No String Email of a technicalcontact.Example:example.huawei.com





Yes Boolean Whether to agree withthe privacy statement.● true: Agree with the

privacy statement.● false: Disagree with

the privacystatement.

You can save certificateinformation only whenthis parameter is set totrue.

Response

Response parameters



Example

The following describes how to save supplemented information about a certificate.

● Example request{ "domain":"www.xzz.com", "company_name": "Huawei Chengdu branch", "company_province": "Sichuan", "company_city": "Chengdu", "applicant_name": "Tom", "applicant_phone":"13212345678", "applicant_email":"[email protected]", "CSR":"", "sans":"", "country":"CN", "company_unit": "Human Resource Dept", "contact_name": "Jacky", "contact_phone":"13512345678", "contact_email":"[email protected]", "agree_privacy_protection":true}





Status Codes






4.10 Reading the Information Entered When Applyingfor a Certificate

Function

This API is used to read the saved information about a certificate.

URI● URI format

POST /v2/{project_id}/scm/cert/{cert_id}/read● Parameters




Request

Request parameters

None

Response

Response parameters


domain_name Yes String Domain name bound to acertificate.Example:www.domain.com




sans Yes String Additional domain namesof a multi-domaincertificate. Multipledomain names areseparated by semicolons(;).If a single-domain orwildcard domaincertificate is applied for,the value of thisparameter is empty.

CSR Yes String Certificate signingrequest.

country Yes String Country code. Example:● CN: China● HK: Hong Kong SAR,

China● US: United States

company_name Yes String Company name.

company_unit Yes String Department name

company_province

Yes String State or region where acompany is located.Example: Sichuan

company_city Yes String City where a company islocated.Example: Chengdu

applicant_name Yes String Applicant name.Example: Tom



contact_name Yes String Name of a technicalcontact.

contact_phone Yes String Phone number of atechnical contact.




contact_email Yes String Email of a technicalcontact.

bl Yes String Whether the picture ofbank account openingpermit has beenuploaded.● 0: The picture of bank

account openingpermit has not beenuploaded.

● 1: The picture of bankaccount openingpermit has beenuploaded.

tl Yes String Whether the businesslicense of the companyhas been uploaded.0: The business license ofthe company has notbeen uploaded.1: The business license ofthe company has beenuploaded.



{ "domain_name": "www.xzz.com", "sans": "", "CSR": null, "country": "CN", "company_unit": "Human Resource Dept", "company_name": "Huawei Chengdu branch", "company_province": "Sichuan", "company_city": "Chengdu", "applicant_name": "Tom", "applicant_phone": "13245678932", "applicant_email": "[email protected]", "contact_name": "Jacky", "contact_phone": "13526456325", "contact_email": "[email protected]", "bl": "0", "tl": "1"}

or{ "error_code": "SCM.XXXX",



"error_msg": "XXXX" }

Status Codes






4.11 Canceling an Application

Function

This API is used to cancel an application of certificate reviewing.

URI● URI format

POST /v2/{project_id}/scm/cert/{cert_id}/cancel-cert● Parameters




Request

Request parameters

None

Response

Response parameters



message Yes String Request result.





{ "cert_id": " scs1481110651012", "message": "success"}







4.12 Deleting a Certificate

FunctionThis API is used to delete a certificate, that is, delete a certificate from HUAWEICLOUD.

URI● URI format

DELETE /v2/{project_id}/scm/cert/{cert_id}● Parameter description





None



Response

Response parameters




None

● Example response{ "message": "success"}


Status Codes






4.13 Uploading Authentication Information

Function

This API is used to upload the authentication information picture required forcertificate review.

URI● URI format

POST /v2/{project_id}/scm/cert/{cert_id}/info/{type}/upload_authentication

● Parameters





type Yes String Type of the content to beuploaded.● BL: bank account

opening permit.● TL: business license of

a company.



None





{ <Upload content>}

● Example response{ "request_info":"success"}









4.14 Downloading a Certificate

Function

This API is used to download a certificate.

URI● URI format

GET /v2/{project_id}/scm/cert/{cert_id}/cert_file● Parameter description




Requests

Request parameters

None

Responses

Certificate file, which is a compressed package with the .rar extension.

Examples● Example request


{ <Object Content>}


Status Codes








4.15 Uploading a Certificate

Function

This API is used to upload a certificate to SCM.

URI● URI format

POST /v2/{project_id}/scm/cert/upload● Parameters



Request

Request parameters


cert_name Yes String Certificate name.The value is a string of 0to 63 characters.

cert Yes String Certificate chain content.

private_key Yes String Private key of a certificate.

Response

Response parameters





Example

The following describes how to upload a certificate named test.

● Example request{ "cert_name":"test", "cert":"-----BEGIN CERTIFICATE----- *** -----END CERTIFICATE-----", "private_key": "-----BEGIN RSA PRIVATE KEY----- *** -----END RSA PRIVATEKEY-----"}

● Example response{ "cert_id": " scs1481110651012"}


Status Codes






4.16 Revoking a Certificate

Function

This API is used to revoke a certificate.

URI● URI format

POST /v2/{project_id}/scm/cert/{cert_id}/revoke

● Parameters






Request

Request parameters


reason Yes String Reason for revoking acertificate.The value is a string of 0 to63 characters.

Response

Response parameters


message Yes String Revocation request result.

Examples

The following uses the certificate revocation reason "certificate information filledincorrectly" as an example.

● Example request{ "reason": "certificate information filled incorrectly",}

● Example response{ "message":"success"}


Status Codes








4.17 Pushing a Certificate

FunctionThis API is used to push an SSL certificate to another HUAWEI CLOUD service,such as Web Application Firewall (WAF), Elastic Load Balance (ELB), and ContentDelivery Network (CDN).

URI● URI format

POST /v2/{project_id}/scm/cert/{cert_id}/push● Parameters






service_type Yes String Type of the service to whicha certificate is pushed.Options:CDN, ELB, Enhance_ELB,and WAF

remote_project Yes String Region where the targetservice to which a certificateis pushed.




ExampleThe following describes how to push a certificate to WAF in region cn-north-7.



● Example request{ "service_type":"WAF", "remote_project":"cn-north-7"}

● Example response{ "message":"success"}







4.18 Querying Push Records

FunctionThis API is used to query the last 10 certificate push records, which are to bepushed to another HUAWEI CLOUD service.

URI● URI format

GET /v2/{project_id}/scm/cert/{cert_id}/push-history● Parameters





None





push_history_list Yes Array ofpush_history_list objects

Push record list. Fordetails, see Table 4-22.

Table 4-22 push_history_list


push_time Yes String Push time, inmilliseconds.

push_remote_project

Yes String Push project.

push_service Yes String Push service type.● WAF: A certificate is

pushed to WAF.● CDN: A certificate is

pushed to CDN.● ELB: A certificate is

pushed to classic ELB.● Enhance_ELB: A

certificate is pushed toenhanced ELB.



{ "push_history_list": [ { "push_time": "1556257820000", "push_remote_project": null, "push_service": "CDN" }, { "push_time": "1556257447000", "push_remote_project": "cn-north-7_test", "push_service": "WAF" } ]}

or{ "error_code": "SCM.XXXX",



"error_msg": "XXXX" }

Status Codes






4.19 Canceling Authorization for Privacy Information

Function

This API is used to cancel authorization for privacy information and delete theprivacy data saved in SCM.

URI● URI format

DELETE /v2/{project_id}/scm/privacy-protection/{cert_id}● Parameters




Request

Request parameters

None

Response

Response parameters







{ "message":"success"}


Status Codes






4.20 Adding an Additional Domain Name

Function

This API is used to add an additional domain name. If you have a multi-domainSSL certificate and available quota for additional domain names, you can addadditional domain names for the certificate after it is issued.

URI● URI format

POST /v2/{project_id}/scm/cert/{cert_id}/supplement● Parameters




Request

Request parameters




ori_sans Yes String Additional domain name boundto a multi-domain certificate.If multiple domain names aredisplayed, the domain namesare separated by semicolons (;).Example:example.domain.com;example.domain1.com

add_sans No String Additional domain name to beadded for a multi-domaincertificate.If multiple domain names needto be entered, separate thedomain names by semicolons(;).Example:example.domain2.com;example.domain3.com

email No String Email of a contact.




ExampleThe following describes how to add an additional domain nameexample.domain.com.

● Example request{ "ori_sans ": "abc.com;xyz.com", "add_sans ": "example.domain.com", "email": "[email protected]"}





5 Permissions Policies and SupportedActions

5.1 Introduction to Permissions Policies and SupportedActions

This chapter describes fine-grained permissions management for your SCM. If yourHUAWEI CLOUD account does not need individual IAM users, then you may skipover this chapter.

By default, new IAM users do not have permissions assigned. You need to add auser to one or more groups, and attach permissions policies or roles to thesegroups. Users inherit permissions from the groups to which they are added andcan perform specified operations on cloud services based on the permissions.

Permissions are classified into roles and policies based on the authorizationgranularity. Roles are a type of coarse-grained authorization mechanism thatdefines permissions related to user responsibilities. Policies define API-basedpermissions for operations on specific resources under certain conditions, allowingfor more fine-grained, secure access control of cloud resources.

Policy-based authorization is useful if you want to allow or deny the access to an API.

A HUAWEI CLOUD account has all of the permissions required to call all APIs, butIAM users must have the required permissions specifically assigned. Thepermissions required for calling an API are determined by the actions supported bythe API. Only users who have been granted permissions allowing the actions cancall the API successfully. For example, if an IAM user queries ECSs using an API,the user must have been granted permissions that allow the ecs:servers:listaction.

Supported Actions

SCM provides system-defined policies that can be directly used in IAM. You canalso create custom policies and use them to supplement system-defined policies,

SSL Certificate ManagerAPI Reference 5 Permissions Policies and Supported Actions


implementing more refined access control. Operations supported by policies arespecific to APIs. The following are common concepts related to policies:

● Permission: A statement in a policy that allows or denies certain operations.● Actions: Added to a custom policy to control permissions for specific

operations.● Authorization Scope: A custom policy can be applied to IAM projects or

enterprise projects or both. Policies that contain actions supporting both IAMand enterprise projects can be assigned to user groups and take effect in bothIAM and Enterprise Management. Policies that only contain actionssupporting IAM projects can be assigned to user groups and only take effectfor IAM. Such policies will not take effect if they are assigned to user groupsin Enterprise Management. For details about the differences between IAMand enterprise projects, see What Are the Differences Between IAM andEnterprise Management?

● APIs: REST APIs that can be called in a custom policy.

SCM supports the actions (shown in API Actions) that can be defined in custompolicies. The actions include uploading, applying for, and downloading acertificate.

5.2 API ActionsPermissions Actions Authorization

ScopeAPIs

Querying thecertificate list

scm:cert:list ● Supported:Projects

● Notsupported:Enterpriseprojects

GET /v2/{project_id}/scm/certlist

Queryingdetails of acertificate

scm:cert:get ● Supported:Projects


GET /v2/{project_id}/scm/cert/{cert_id}

Querying theproduct typeof a certificate

scm:certType:get

● Supported:Projects


GET /v2/{project_id}/scm/cert/product



https://support.huaweicloud.com/en-us/iam_faq/iam_01_0101.html

https://support.huaweicloud.com/en-us/iam_faq/iam_01_0101.html

Permissions Actions AuthorizationScope

APIs

Querying theproductdetails of acertificate

scm:certProduct:get



GET /v2/{project_id}/scm/product/{product_id}

Canceling anapplication

scm:cert:cancel ● Supported:Projects


POST /v2/{project_id}/scm/cert/{cert_id}/cancel-cert

Purchasing acertificate

scm:cert:purchase



POST /v2/{project_id}/scm/cert/purchase

Applying for acertificate

scm:cert:complete



POST /v2/{project_id}/scm/cert/{cert_id}/complete

Saving theinformationentered whenapplying for acertificate

scm:cert:complete



POST /v2/{project_id}/scm/cert/{cert_id}/save

Reading theinformationentered whenapplying for acertificate

scm:cert:complete



POST /v2/{project_id}/scm/cert/{cert_id}/read

Modifying acertificate

scm:cert:edit ● Supported:Projects


PUT /v2/{project_id}/scm/cert/{cert_id}




APIs

Deleting acertificate

scm:cert:delete ● Supported:Projects


DELETE /v2/{project_id}/scm/cert/{cert_id}

Downloadinga certificate

scm:cert:download



GET /v2/{project_id}/scm/cert/{cert_id}/cert_file

Uploadingauthenticationinformation

scm:cert:complete



POST /v2/{project_id}/scm/cert/{cert_id}/info/{type}/upload_authentication

Revoking acertificate

scm:cert:revoke ● Supported:Projects


POST /v2/{project_id}/scm/cert/{cert_id}/revoke

Pushing acertificate

scm:cert:pushThe followingaction needsto be addedwhen acertificate is tobe pushed toCDN:cdn:configuration:queryHttpsConf



POST /v2/{project_id}/scm/cert/{cert_id}/push

Queryingpush records

scm:pushHistory:list



GET /v2/{project_id}/scm/cert/{cert_id}/push-history




APIs

Uploading acertificate

scm:cert:upload



POST /v2/{project_id}/scm/cert/upload

Verifying aCSR

scm:cert:complete



POST /v2/{project_id}/scm/check-csr

Adding anadditionaldomain name

scm:cert:supplement



POST /v2/{project_id}/scm/cert/{cert_id}/supplement

Cancelingprivacyauthorization

scm:privacyProtection:delete



DELETE /v2/{project_id}/scm/privacy-protection/{cert_id}



A Appendix

A.1 Status CodesStatusCode

Status Description


202 Accept The job was successfully delivered.However, it will be postponed because thesystem is busy currently.

204 No Content The request is processed successfully andno content is returned.

300 multiple choices The requested resource has multipleavailable responses.

400 Bad Request The request parameter is incorrect.

401 Unauthorized You need to enter the username andpassword to access the requested page.

403 Forbidden The server understood the request, but isrefusing to fulfill it.

404 Not Found The requested resource does not exist ornot found.

405 Method Not Allowed The method specified in the request is notallowed.

406 Not Acceptable The response generated by the servercannot be accepted by the client.

407 Proxy AuthenticationRequired

You must use the proxy server forauthentication. Then, the request can beprocessed.

SSL Certificate ManagerAPI Reference A Appendix


StatusCode

Status Description

408 Request Timeout The request timed out.

409 Conflict The request cannot be processed due to aconflict.

500 Internal Server Error Internal service error.

501 Not Implemented Failed to complete the request. The serverdoes not support the requested function.

502 Bad Gateway Failed to complete the request, because theserver receives an invalid request.

503 Service Unavailable Failed to complete the request due tosystem exception.

504 Gateway Timeout A gateway timeout error occurs.

A.2 Error Codes

IntroductionA customized message is returned when errors, such as 400 or 500 errors, occur inan extended public cloud API. This section describes error codes and theirmeanings.

Response Format● HTTP status code

500

● Response example{ "error_code": "SCM.0000", "error_msg": "System internal error. Please contact the technical support."}

Error Code Description


SCM.3000 System internal error.

SCM.0001 SCM is unavailable.

SCM.0002 The tenant ID or domain ID is incorrect.

SCM.0003 The current user does not have the requiredpermission.

SCM.0004 Response to a request for submitting acertificate failed.




SCM.0005 The request parameter is incorrect.

SCM.0007 Failed to download the certificate.

SCM.0008 The certificate ID is incorrect.

SCM.0009 Failed to upload the certificate because thecertificate is not bound to a domain name.

SCM.0010 The certificate type or status does notsupport this operation.

SCM.0011 The number of user certificates has reachedthe upper limit.

SCM.0012 The uploaded private key failed to beresolved. Ensure that the certificate hasbeen issued.

SCM.0013 The uploaded certificate chain failed to beresolved. Ensure that the certificate hasbeen issued.

SCM.0014 The uploaded certificate does not match theprivate key.

SCM.0015 The number or format of domain namesfilled does not meet the requirements of thepurchased certificate.

SCM.0016 The certificate order is abnormal.

SCM.0017 The certificate product is abnormal.

SCM.0018 Failed to cancel the order.

SCM.0019 Response to a request for submitting acertificate CSB failed.

SCM.0020 The certificate ID is incorrect.

SCM.0021 The country code format is incorrect.

SCM.0022 The phone number format is incorrect.

SCM.0023 An error occurred when modifying thecertificate (modifying a key value).

SCM.0024 An error occurred when modifying thecertificate (modifying the content).

SCM.0025 The free quota is exceeded.

SCM.0026 Certificate revocation exception.

SCM.0027 The revocation reason is not entered.




SCM.0028 Certificate push exception.

SCM.0030 The push service type is not supported.

SCM.0031 Certificate parsing exception.

SCM.0032 Incorrect certificate name.

SCM.0033 The CSR is not bound to a domain name.

SCM.0034 CSR parsing exception.

SCM.0035 The CSR domain name does not match theentered domain name.

SCM.0036 The number of domain names does notmatch the product.

SCM.0037 Failed to encrypt the certificate.

SCM.0038 Failed to decrypt the certificate.

SCM.0039 ELB service support exception.

SCM.0040 Certificate not supported by CDN.

SCM.0042 The certificate has expired.

SCM.0043 The certificate has not taken effect.

SCM.0044 CDN does not support the certificate name.

SCM.0045 CDN does not support duplicate certificates.

SCM.0046 CDN permission denied.

SCM.0047 The certificate name length is not supportedby CDN.

SCM.0048 The certificate is being used by CDN.

SCM.0049 Certificate brand exception.

SCM.0050 Certificate type exception.

SCM.0051 Domain name type exception.

SCM.0052 Certificate validity period exception.

SCM.0053 WAF does not support certificates with thesame name.

SCM.0054 WAF does not support the certificate name.

SCM.0055 WAF service exception.

SCM.0056 The service does not support the region.

SCM.0057 The length exceeds the limit (255 bytes).




SCM.0058 Enhance_ELB service exception.

SCM.0059 The certificate private key is empty.

SCM.0060 The order quantity is incorrect.

SCM.0061 region parameter error.

SCM.0062 DNS query failed.

SCM.0063 Duplicate domain name.

SCM.0064 The order is being processed.

SCM.0065 The file size exceeds the upper limit.

SCM.0066 The certificate domain name type does notsupport the current operation.

SCM.0067 The existing additional domain name ismodified.

A.3 Obtaining a Project ID

Obtaining a Project ID by Calling an APIYou can obtain the project ID by calling the API used to query projectinformation based on the specified criteria.

The API used to obtain a project ID is GET https://{Endpoint}/v3/projects.{Endpoint} is the IAM endpoint and can be obtained from Regions andEndpoints. For details about API authentication, see Authentication.

In the following example, id indicates the project ID.{ "projects": [ { "domain_id": "65382450e8f64ac0870cd180d14e684b", "is_domain": false, "parent_id": "65382450e8f64ac0870cd180d14e684b", "name": "xxxxxxxx", "description": "", "links": { "next": null, "previous": null, "self": "https://www.example.com/v3/projects/a4a5d4098fb4474fa22cd05f897d6b99" }, "id": "a4a5d4098fb4474fa22cd05f897d6b99", "enabled": true } ], "links": { "next": null, "previous": null, "self": "https://www.example.com/v3/projects" }}







Obtaining a Project ID from the ConsoleA project ID is required for some URLs when an API is called. To obtain a projectID, perform the following operations:

1. Log in to the management console.2. Click the username and choose Basic Information from the drop-down list.3. On the Account Info page, click Manage next to Security Credentials.

On the API Credentials page, view project IDs in the project list.

Figure A-1 Viewing project IDs



B Change History

Released On Description

2020-01-20 This issue is the fourth official release.Updated descriptions in section"Permissions and Supported Actions"based on the changes on the IAMconsole.

2019-09-11 This is the second official release.Optimized section "Obtaining a ProjectID."

2019-08-13 This is the first official release.

SSL Certificate ManagerAPI Reference B Change History


api reference - huawei cloud · ssl certificate manager api reference issue 03 date 2020-01-20...

Documents