CDN加速

新增证书

更新时间:2021-07-23 15:31:47

适用产品:通用功能

接口描述

新增SSL证书,包括证书名称、加密算法、证书文件、证书私钥、根证书等,系统会校验证书内容及公私钥是否匹配。

请求参数

XML
参数名称类型必填描述
nameString证书名称,客户粒度下是唯一的
commentString证书文件的备注
share-sslString是否共享,可选值为true和false,true表示共享证书,false表示非共享证书,默认为false 当share-ssl为true时,此份证书允许跨客户使用(API不支持跨客户使用证书,有需求请联系客服进行人工配置)
algorithmString加密算法,目前支持des和aes des加密算法为,将http头中的Date值做md5运算,将md5值的左8位作为key,右8位作为iv,然后对文件内容作des加密,将加密后的二进制内容作base64编码,以下为示例参考: date=`env LANG="en_US.UTF-8" date -u "+%a, %d %b %Y %H:%M:%S GMT"` md5str=`echo -n $date | openssl md5` key=`echo -n ${md5str:$((-32)):$((8))}|hexdump -e '8/1 "%02X"'` iv=`echo -n ${md5str:$((-8))}|hexdump -e '8/1 "%02X"'` 注意: 1、加密结果,file就是具体的某个证书文件(crt,key,ca) encodestr="`openssl enc -des -K $key -iv $iv -nosalt -e -in $file|base64 -w 0`" 2、http头的Date时间必须和证书加解密的时间一致
ssl-certificateString加密后的证书文件,加密算法参见algorithm字段算法。
ssl-keyString加密后的证书私钥,加密算法参见algorithm字段算法 上传时会进行openssl的公私钥等校验,校验不通过,则上传失败
ssl-certificate-chainString加密后的根证书,可选提供
csr-idint当你使用CSR文件方式上传证书时,必须输入csr-id.

返回参数

XML
参数名称类型描述
http status codeinthttpstatus=202;   表示成功调用接口
x-cnc-request-idString唯一标示的id,用于查询每次请求的任务 (适用全部接口)
LocationString用于访问该证书文件的URL,其中certificate-id为系统为该证书生成的唯一标示,其值为字符串
codeString错误代码,当HTTPStatus不为202时出现,表示当前请求调用的错误类型
messageString响应信息,成功时为success

错误码

错误代码(code)描述(message)HTTP状态码语义
InvalidURIWe are unable to parse the specified URI. Please check the syntax.400我们无法解析指定的URI。请检查语法。
PARSE_PARAM_ERRORError parameter.400入参解析错误
WRONG_OPERATORWrong operator [$operator] for the customer.400提交人不对应客户
ConfigErrorThe algorithm you specified is invalid.400无效算法,算法为**
SSLAlreadyExistsThe SSL name you provided is already in our system.409您提供的证书名称已经存在
CERT_PARSE_ERROR_CRTinvalid certContent.no found crtCnDomain in crtFile.400无效的证书内容,不能找到授权域名
CERT_PARSE_ERROR_KEYinvalid keyContent.400无效的key证书文件
CERT_PARSE_ERROR_CAinvalid caContent.400无效的ca证书文件
NOT_ACCEPTABLE_KEY_REQUIREDkeyContent is required.400key证书文件是必须的
NOT_ACCEPTABLE_KEY_REDUNDANTkeyContent is redundant.400key证书文件是冗余的
新增证书This operation requires a body. Ensure that the body is present and the Content-Type header is set.400缺少请求体
MalformedXMLThe XML you provided was not well-formed or did not validate against our published schema.400提供的xml不正确或者不符合规则
DecryptFailErrorDecryption failed. Please check that your SSL certificate is vaild.400证书内容解密错误。错误的证书文件或者key文件
BAD_REQUESTbad request.isShare is empty400请求错误,是否共享是空的
CERT_KEY_NOT_MATCHprivate key not match with public key.400私钥不能匹配公钥

示例

NO CSR METHOD - FOR DES
NO CSR METHOD - FOR AES
CSR METHOD
示例说明
请求示例
复制
#!/bin/bash
username="example_username"
apiKey="example_apiKey"
date=`env LANG="en_US.UTF-8" date -u "+%a, %d %b %Y %H:%M:%S GMT"`
password=`echo -en "$date" | openssl dgst -sha1 -hmac $apiKey -binary | openssl enc -base64`
curl -i --url "https://open.chinanetcenter.com/api/ssl/certificate" \
-X "POST" \
-u "$username:$password" \
-H "Date: $date" \
-H "Accept: application/xml" \
-d '<?xml version="1.0" encoding="utf-8"?>
<ssl-certificate>
  <name>mycertificate_100166</name>
  <comment>100166</comment>
  <share-ssl>false</share-ssl>
  <algorithm>des</algorithm>
  <ssl-certificate>z04vDsCTkBbd/wSpAMFKbdKGNw9wxPgUuIjEetxAn8sguY9VEO7o+jNmdHLWxqfck1emCwClzKgbLnm/7s8lTeAxSZVm6lJE2ETjow4qgGJWJCT8YbHuVAVTLzisBgVU5FeRnLuFkon2nKQ5bvCqloBLInJiGV3kaXwgEh/eN5ueqBt+UO9puWbCGxBos/Hzdsao/n1KpgRjBjwk0FRnuf+nb3feVHkCviVk/RLhagAFFfV3d0HkcGLN3D9TPNpUFVHUpqy0+CO5jHk1rbZSvdwvzuVhr2LJgQxASiraoY6azyQ9i+7NusOwDUQMoOkYMUs6pGYWATXvzeY7dCWt2hyCbL8qrA41AHeiIJqk2LrMzFnfqZ2lBFnGcAGoRBDZ5Azj4qv41dq5XQly7rFctkHzKlBfsk8syGjCds2cSUv6WK7BdhLRkrfhSGg7ZLfXcGV1ku+QJJV2DK2GqEzp0lDxp0byIloPZ1iHzVJlyNKbDILLaTDEpiYT0CFhL5Y9vqFnAoymsgTGy3ZywvSqeOMsskDjrpD2nk5nwz0fn4j2GIV2B0earfy9ADBkfSDvNtXQwz5g8LvROXXVcGTPOTDSf5NpOOI06XJ4Tni/m9XF3HKCg7uJl4Gf9BqdOUhVY4kOGEQmDVnp8OVxFMxOm0dR+MF75MwiE+Kg/H3Iw1LGWuLwvYtGuygdQv1U1cJIRPhV8Wgibw9ti0Q6s9QVtbaik4nb847DYxPGa87jdeVrjIlizsQ35wBzVsZbz8zzdOvA9/gHtOUAZ5g05DQax8QBwmJuVFPKy+qGQaRAsJPKd3ilHBykh3KmV8iw7dY92YJPWuyW7yy0cQEzjeUYfHspsGa8+iI5xCiTz8M2iY07MqQ8foviGn9VBS0nFpC55NA09V/whRiI5gom3Hc2soCwJ6lAMf+8vdzbwv/bE60vfO/E5jSqoS/QZvUC6ORuJJPHX8qE4o042IiCwYi147PDatqt99WnY+WaJmHKDBpIhY5R8fjh0sgwLCdyIWxRFtMd2EfnEVzkkZPvx5+cNycrUDgpGRgB2Th+gzFHpV63HphPkRIynF0+TJoGJKItkr2+7Y+Kqlni4au2SG360i3i64bPLdDIYvm84Dndx2xH07o9BYWZrMsqpMEKTYazhqNMwReEnkHCmpbZkjvvDkOh6VzgSKb3A9fLvhrTritsmKbMCKL+3ekz1jSG7Oc51nmcnXiITvSpkMxNS1kjMv0mgSD6pendPoVtbuOz1J6AI5g/LoJycIFp+nwvboM2nE4oA7FmCqJtVgrzD6y2TYp6skCq6wT2HeaAEGDHtEj1mJGcATHUNSxMAbh1R3kSCsJrRE5YAa9D5xOYgphrcz6/CaUTAthSA9h0fMBHfvjCTOkW2nwFH07HCF6lL3M2bTJhqkiTDGq2hUmT2Hell6qbIFGsN/cODXH3vXRlPHk2recuMgpoX9ASbrZ5nqaNapgthPg2F8Ao23Dfdes1onqDrtS6nLB9M76DdpVZq+7tVMxpQ5kfGWgzWIhG8SOzCZ2rDjPtXY65Ixr9LKr42L+ANhKauZ5+z6GHxzAK4OqeWTg1p9MbIX3kSfPdgCAztQE06wL3UtzVjIIf5x/+l0Y85iEwIGhx5DriBQtKmPyzATR2MGjcSodHCPvUBO+DkLgx3hBs7gBkQ/iEZX0xnCBspQnQcrKf4G0hbTPQpMLBPbfkhmrNDUpOvm6UkmU4NbAZAxWfKtDnUdO/YgpMsGnGA6DnQZtatgS+5X+Ibeua7gwAgxUMpuBgR/+Tlv5QCW/6P0quvRa42sZK31Zb+ygCTNEu4R/tUWiGsXx7XDoBG11PFOAf0BoUSIjnn3qO8TKCnB9YakZPCHiV+xQatzBjNRa4XrurLYTYX+IujLQ2X0Uw6JeHm8IY9thW1Ug6P5cEchEYMZCMggCK9fKuU37lf6lS6TXFo4/eFbt+8jv0gnPWc7cjYrB/93hy7RiNr2WIy3mHJrZZPKWmYg+/7+bLkX/6ORMkPpbeZbf0363QsLO3lyS0jpXLiUlGhdxHc/X4I8B9EZrdb6npLHiKMPoF75bA+u4Ia8XjnjDjego9T+yPZP8naQnJyiOVypMaOCctH1JkotCGoIGRAzDAnspw3sWZFDoUwteEeds3XU0+NtWotvef+yfB8zzegDXuAP7wHuh/FHXnrB5nsp6l9kFNS7QF7ZvU46S8BcRKmv0btWj09qS4mjKWpQ/yovZ5hl+fD02klvJ4zmj+1K3j8WvRO+YrbYyVF5tKDRxsJ+0vbmVaWjivtAFfsP7GrChs2hm8adsPf1hC+3f+cErDvQB4Ycg2ngoC2v15TvJc0LEkvzaPBDz5VxTucDHjsOFLLvnJLPgofntDaWWgqvrVIZ1dlcIviFC8ncrQ9GDLToV6o13BoyhXxoHoXlbbi2lWyxOWLhyH0zQnDpAh63L5QntQn9a092yAmDuGgj2BMkjpqpEuV8Zx5TFBiMf5Yqg2IoVWmmLyqo8ojGDiB9HrwaAvFn2nN+WWirkzebPokQO8UTm084zH+w==</ssl-certificate>
  <ssl-key>z04vDsCTkBbi8xQSvUu/n2w4tMx+R+NVYnHI8rOqxkzAUrOcTajlZFfGKZJa82rm5j0RFi3V6V1JDTXqxvQgSH9zac2xpkznWapxU5gelfeb4dUt1Ik2QZSHhi/P6r8wjOnuDOKmcM+0FLdmiKKHLMLwQWU8RLtL2nCrM0aGvFL6IM2a41ffMufW0T/7VMWzYB0t5eUZHfSm4Qv8MOrnKLU6hnEl9zmWmUPJv0ljKFED0PdgLVF2wfD82tNbj8RUhLjIpIKX3TXRbFq8aq3HT1vwE6PjJRjk0TZY/k46Ml3qie60ImM4t2pBPvd6M1Yb2+b3RQkfNpjYu5HSjcum1+Pw4qKhpOXEBHe3htKjxjbEak0bPNqh4OA9Kwyx/pMig2KzgK64DXhSX1tqHj/oNe5lpmeEcw8w24aZBybBPSNpb1EDoy8YX838j5FI8tkaqBF6SPVN1Ud/YeTD5JF/EXfoW/tdcucbuIRtsPEn+iGP+PRMubz/+hfYwq1B7kzJXRcUnziCL/TM98cvzeSxmKWe4PvjbRhpURbr5ijtF2zDrXv3tJCNlMCuIZQgwJSMs3wPdGY5B0nwbs10Gf43GVzmfgObbsWv8/rRuHqiI3GxYRqFIQSRsOUB7J//Ncu96qfKNApwvkCOZ3Ok6I55fYuf6oshjVRUi5eRuQAem7oFSE1QpQVipf1iDql6pYTn/7hnQARqkUNp6redTw7eASKjmHA04yZ5p2AArhwBBKxrozR1jPbRC86FTlhSI9cAlt0lBpZwtP6sXIguq3MapDVCacrhnGfiEm1XpHK18lmc1zCKQ7+UosZeDQyzUqLoVhblIjeEI60HeJU3DNQ1raDWIfzhN9TmQ49AXf1cNEeLCEd9FeH3e5tnXBdWJkz0qFH5qv1sBMMv4I+M7byFc0RkXlNv9ZMCe6QbLNrogWYQ5dwqjb9ryUbs7uE9E2SZhioNbP8eCM39cSUmuL3qRs+Zg2pQOkgjoKFBolsaQ7kwxBgWVF9KPe4Uk59nuiVVy3uBtpDlTReyuvzuDUsKui2rR9VIjXEQ5maRNaDMyYY349tqUuvMlrC+JjRu+18cwROOq/KFQNJH+nadtwFaV/ZiXCVDMpE2NHTZ9a1VnchtflUMnm79LshJTr2nePPtmRbMZ0S5wTQyUVXOzklyo3HFMkdNNO9HAE52C+Kpgakw9AhGCjip2nJJyYy41rskgWwDAKgeeYUwL1TFDb6o2BQ8J95gbgwNLUsh+V9jrV+Tqu0XsvF0KE20Cf7rKTT8Z1A1tKHFXj/aTBwWw+qFBq123JFQojHDeKFgKhPqFVSCc4NT+TEeuIQQsX7t1mXRBvPw69Atk1ZOmz8i4vdeDM9vMoDemw+P42bBoIOz0/jFgnOM3pnQjKaVJD5W7Otokx1GLn0FKBJFxnFND7YXmoD8XzMMpaW7r/b1F2TZsJNi2usmFzUOcgWHX5Lgr09NKi0K9s+UTbx1VEvcgpzAAJfO1okBgUplaZz5nrY+aaoJbW3HZVuKKzgyHRO6srkVkzkE8/mPRcHS7UIIAU9XIF7sg957C0FIUesvhS1V+7MLqzU5AFwT79oJVPxm2vdAbPjYaSsL9FWlXRVJVOxR2tymtb6TDYmGCCWex66z1J1Fxa3s9Jk5QK3A3FITwbetxkQ+kkoSw4phSiq6iTiyx89dZNqeuKo92CMT6ijm/JjdgwDJ+9AC21gRBOmpCeC7+CUKMoOayS+1Z6rXYGVIHfjZJdwKnm2e0RMQtGIDx1ttm6M5HWGLcXinXUvCcufsflhOd8gdxyRiV7m0jPcpqk4jlORLUEPV+Z0JMOM+Caevpa6WE67Q5BfAGki4GkUda6CzLhs2LxuBcu8qF4+mk7DLucSpkuWizlYGHJX2PTD7KEn3QvHVkQzaSXth3ses5ZH11EoKv3xPL41SPsVsQXTcwGkKtbd73JVkJnf2pvMnDtxuP2gd3E6fQUSGuXsXe6PgYymtiuWbS9R+6gVUD9wVpc6DmMC5DpJLwdtUgzWs3IKAFcpJRzXwdzuf4Hb+h4MdzGXGrlqlfvjUXzUKzwoBDepTXekPuxthEXx/UIW5R9Cb5LzQZHgT1eWCNUcMtMWgp+anFiv8IE1gpHgVYx3gPzW5v8kjYCF9JrFUox58/JdRzCvEaOKY/EKqGI362/lwoR1o+UBcPp0jRyv8J/5adDGxtLuroI100nXVS5uKzlQrGMIaxj/MHIHwvp/a+Aipbu4EZEfd1KPBLztKpXtVQrwUAD1Z</ssl-key>
  <ssl-certificate-chain/>
</ssl-certificate>'
返回示例
复制
HTTP/1.1 202 OK
Date: Fri, 17 May 2017 06:33:26 GMT
Content-Type: application/xml;charset=utf-8
x-cnc-request-id:c54cbbb4-19fe-407a-930c-3988b62ed2fd
Location:https://open.chinanetcenter.com/api/ssl/certificate/100166
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <message>success</message>
</response>