Skip to main content

certificates

Creates, updates, deletes, gets or lists a certificates resource.

Overview

Namecertificates
TypeResource
Idcloudflare.origin_ca_certificates.certificates

Fields

The following fields are returned by SELECT queries:

Get Certificate response

NameDatatypeDescription
idstringIdentifier. (example: 023e105f4ecef8ad9ca31a8372d0c353)
certificatestringThe Origin CA certificate. Will be newline-encoded. (example: -----BEGIN CERTIFICATE-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE-----)
csrstringThe Certificate Signing Request (CSR). Must be newline-encoded. (example: -----BEGIN CERTIFICATE REQUEST-----
MIICxzCCAa8CAQAwSDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lz
Y28xCzAJBgNVBAcTAkNBMRQwEgYDVQQDEwtleGFtcGxlLm5ldDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALxejtu4b+jPdFeFi6OUsye8TYJQBm3WfCvL
Hu5EvijMO/4Z2TImwASbwUF7Ir8OLgH+mGlQZeqyNvGoSOMEaZVXcYfpR1hlVak8
4GGVr+04IGfOCqaBokaBFIwzclGZbzKmLGwIQioNxGfqFm6RGYGA3be2Je2iseBc
N8GV1wYmvYE0RR+yWweJCTJ157exyRzu7sVxaEW9F87zBQLyOnwXc64rflXslRqi
g7F7w5IaQYOl8yvmk/jEPCAha7fkiUfEpj4N12+oPRiMvleJF98chxjD4MH39c5I
uOslULhrWunfh7GB1jwWNA9y44H0snrf+xvoy2TcHmxvma9Eln8CAwEAAaA6MDgG
CSqGSIb3DQEJDjErMCkwJwYDVR0RBCAwHoILZXhhbXBsZS5uZXSCD3d3dy5leGFt
cGxlLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEAcBaX6dOnI8ncARrI9ZSF2AJX+8mx
pTHY2+Y2C0VvrVDGMtbBRH8R9yMbqWtlxeeNGf//LeMkSKSFa4kbpdx226lfui8/
auRDBTJGx2R1ccUxmLZXx4my0W5iIMxunu+kez+BDlu7bTT2io0uXMRHue4i6quH
yc5ibxvbJMjR7dqbcanVE10/34oprzXQsJ/VmSuZNXtjbtSKDlmcpw6To/eeAJ+J
hXykcUihvHyG4A1m2R6qpANBjnA0pHexfwM/SgfzvpbvUg0T1ubmer8BgTwCKIWs
dcWYTthM51JIqRBfNqy4QcBnX+GY05yltEEswQI55wdiS3CjTTA67sdbcQ==
-----END CERTIFICATE REQUEST-----)
expires_onstringWhen the certificate will expire. (example: 2014-01-01 05:20:00 +0000 UTC)
hostnamesarrayArray of hostnames or wildcard names bound to the certificate. Hostnames must be fully qualified domain names (FQDNs) belonging to zones on your account (e.g., example.com or sub.example.com). Wildcards are supported only as a *. prefix for a single level (e.g., *.example.com). Double wildcards (*.*.example.com) and interior wildcards (foo.*.example.com) are not allowed. The wildcard suffix must be a multi-label domain (*.example.com is valid, but *.com is not). Unicode/IDN hostnames are accepted and automatically converted to punycode.
request_typestringSignature type desired on certificate ("origin-rsa" (rsa), "origin-ecc" (ecdsa), or "keyless-certificate" (for Keyless SSL servers). (origin-rsa, origin-ecc, keyless-certificate) (example: origin-rsa)
requested_validitynumberThe number of days for which the certificate should be valid. (7, 30, 90, 365, 730, 1095, 5475)

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
getselectcertificate_idGet an existing Origin CA certificate by its serial number. You can use an Origin CA Key as your User Service Key or an API token when calling this endpoint (see above).
listselectzone_id, page, per_page, limit, offsetList all existing Origin CA certificates for a given zone. You can use an Origin CA Key as your User Service Key or an API token when calling this endpoint (see above).
createinserthostnames, request_type, csrCreate an Origin CA certificate. You can use an Origin CA Key as your User Service Key or an API token when calling this endpoint (see above).
deletedeletecertificate_idRevoke an existing Origin CA certificate by its serial number. You can use an Origin CA Key as your User Service Key or an API token when calling this endpoint (see above).

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
certificate_idstringThe certificate ID.
limitinteger
offsetinteger
pagenumber
per_pagenumber
zone_idstring

SELECT examples

Get an existing Origin CA certificate by its serial number. You can use an Origin CA Key as your User Service Key or an API token when calling this endpoint (see above).

SELECT
id,
certificate,
csr,
expires_on,
hostnames,
request_type,
requested_validity
FROM cloudflare.origin_ca_certificates.certificates
WHERE certificate_id = '{{ certificate_id }}' -- required
;

INSERT examples

Create an Origin CA certificate. You can use an Origin CA Key as your User Service Key or an API token when calling this endpoint (see above).

INSERT INTO cloudflare.origin_ca_certificates.certificates (
csr,
hostnames,
request_type,
requested_validity
)
SELECT 
'{{ csr }}' /* required */,
'{{ hostnames }}' /* required */,
'{{ request_type }}' /* required */,
{{ requested_validity }}
RETURNING
errors,
messages,
result,
success
;

DELETE examples

Revoke an existing Origin CA certificate by its serial number. You can use an Origin CA Key as your User Service Key or an API token when calling this endpoint (see above).

DELETE FROM cloudflare.origin_ca_certificates.certificates
WHERE certificate_id = '{{ certificate_id }}' --required
;