Create Certificate
Creates a new certificate.
If this is the first version, the certificate resource is created.
See Common parameters and headers for headers and parameters that are used by all requests.
In your request:
- Replace
{certificate-name}with the name of the certificate you want created.
For more information about creating certificates, see Get started with Key Vault certificates and Certificate creation methods.
For more information, see About keys, secrets, and certificates and Authentication, requests and responses.
POST https://{vaultBaseUrl}/certificates/{certificate-name}/create?api-version={api-version}URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
vaultBaseUrl
|
path | True |
|
The vault name, for example https://myvault.vault.azure.net. |
|
certificate-name
|
path | True |
|
The name of the certificate. Regex pattern: |
|
api-version
|
query | True |
|
Use the latest service version, 2016-10-01. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| attributes |
The attributes of the certificate (optional). |
||
| policy |
The management policy for the certificate. |
||
| tags |
|
Application specific metadata in the form of key-value pairs. |
Responses
| Name | Type | Description |
|---|---|---|
| 202 Accepted |
Created certificate bundle. |
|
| Other Status Codes |
Key Vault error response describing why the operation failed. |
Definitions
| Action |
The action that will be executed. |
| CertificateAttributes |
The certificate attributes. |
| CertificateOperation | |
| CertificatePolicy |
The management policy for the certificate. |
| Error |
Error encountered, if any, during the certificate operation. |
| IssuerParameters |
Parameters for the issuer of the X509 component of a certificate. |
| KeyProperties |
Properties of the key backing a certificate. |
| KeyVaultError | |
| LifetimeAction |
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate. |
| SecretProperties |
Properties of the secret backing a certificate. |
| SubjectAlternativeNames |
The subject alternative names. |
| Trigger |
The condition that will execute the action. |
| X509CertificateProperties |
Properties of the X509 component of a certificate. |
The action that will be executed.
| Name | Type | Description |
|---|---|---|
| action_type |
|
The type of the action. |
The certificate attributes.
| Name | Type | Description |
|---|---|---|
| created |
|
Creation time in UTC. |
| enabled |
|
Determines whether the object is enabled. |
| exp |
|
Expiry date in UTC. |
| nbf |
|
Not before date in UTC. |
| recoveryLevel |
|
Reflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval. |
| updated |
|
Last updated time in UTC. |
| Name | Type | Description |
|---|---|---|
| cancellation_requested |
|
Indicates if cancellation was requested on the certificate operation. |
| csr |
|
The certificate signing request (CSR) that is being used in the certificate operation. |
| error |
Error encountered, if any, during the certificate operation. |
|
| id |
|
The certificate id. |
| issuer |
Parameters for the issuer of the X509 component of a certificate. |
|
| request_id |
|
Identifier for the certificate operation. |
| status |
|
Status of the certificate operation. |
| status_details |
|
The status details of the certificate operation. |
| target |
|
Location which contains the result of the certificate operation. |
The management policy for the certificate.
| Name | Type | Description |
|---|---|---|
| attributes |
The certificate attributes. |
|
| id |
|
The certificate id. |
| issuer |
Parameters for the issuer of the X509 component of a certificate. |
|
| key_props |
Properties of the key backing a certificate. |
|
| lifetime_actions |
Actions that will be performed by Key Vault over the lifetime of a certificate. |
|
| secret_props |
Properties of the secret backing a certificate. |
|
| x509_props |
Properties of the X509 component of a certificate. |
Error encountered, if any, during the certificate operation.
| Name | Type | Description |
|---|---|---|
| code |
|
The error code. |
| innererror | ||
| message |
|
The error message. |
Parameters for the issuer of the X509 component of a certificate.
| Name | Type | Description |
|---|---|---|
| cty |
|
Type of certificate to be requested from the issuer provider. |
| name |
|
Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'. |
Properties of the key backing a certificate.
| Name | Type | Description |
|---|---|---|
| exportable |
|
Indicates if the private key can be exported. |
| key_size |
|
The key size in bytes. For example; 1024 or 2048. |
| kty |
|
The key type. |
| reuse_key |
|
Indicates if the same key pair will be used on certificate renewal. |
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |
Action and its trigger that will be performed by Key Vault over the lifetime of a certificate.
| Name | Type | Description |
|---|---|---|
| action |
The action that will be executed. |
|
| trigger |
The condition that will execute the action. |
Properties of the secret backing a certificate.
| Name | Type | Description |
|---|---|---|
| contentType |
|
The media type (MIME type). |
The subject alternative names.
| Name | Type | Description |
|---|---|---|
| dns_names |
|
Domain names. |
| emails |
|
Email addresses. |
| upns |
|
User principal names. |
The condition that will execute the action.
| Name | Type | Description |
|---|---|---|
| days_before_expiry |
|
Days before expiry. |
| lifetime_percentage |
|
Percentage of lifetime at which to trigger. Value should be between 1 and 99. |
Properties of the X509 component of a certificate.
| Name | Type | Description |
|---|---|---|
| ekus |
|
The enhanced key usage. |
| key_usage |
|
List of key usages. |
| sans |
The subject alternative names. |
|
| subject |
|
The subject name. Should be a valid X509 distinguished Name. |
| validity_months |
|
The duration that the ceritifcate is valid in months. |