检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Querying the List of OBS Buckets Function This API is used to query the list of OBS buckets. This API can be used only when an agency is created. For details about how to create an agency, see Certificate Revocation > Creating an Agency in this document.
If the problem is still not resolved, please contact technical support. 403 PCA.00000006 Obtaining OBS buckets failed. Please contact technical support. Obtaining OBS buckets failed. Please contact technical support.
Certificate Revocation List (CRL) management PCA periodically releases and updates a private certificate revocation list (CRL) to your OBS buckets for downloading. Applications, services, and devices can use CRLs to periodically check certificate status.
* - obsBucketName: OBS bucket name, which is used to release the CRLs. OBS buckets must be authorized. * - crlName: name of the CRL file. If this parameter is not specified, the CA ID is used as the file name by default.
The specified OBS bucket must exist. Otherwise, an error will be reported. valid_days No Integer CRL update interval, in days. This parameter is mandatory when the CRL release function is enabled.
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
OBS Bucket Select an OBS bucket you already have or click Create OBS Bucket to create an OBS bucket. CRL Update Period How often the CRL is updated. PCA will generate a new CRL at the specified time. You can set the period to an integer between 7 and 30.
Revoking a certificate Revoke certificates, including creating an agency, querying an agency, and querying the OBS bucket list.
OBS Administrator: a system policy, which is the Object Storage Service (OBS) administrator. Table 2 lists the common operations supported by each system-defined policy of SCM. Select the proper system-defined policies as required.
OBS Bucket Select an OBS bucket you already have or click Create OBS Bucket to create an OBS bucket. CRL Update Period Indicates the CRL update period. PCA will generate a new CRL at the specified time. You can set the period to an integer between 7 and 30.
Creating an Agency Function This API is used to create an OBS agency for PCA to access OBS buckets and update the CRL. Your token must have the secu_admin role assigned.
Object Storage Service (OBS) OBS is an object-based cloud storage service. It provides massive, secure, highly reliable, and low-cost data storage capabilities. When you revoke a certificate in CCM, the CRL of the revoked certificate is stored in your OBS bucket for query.
Minimum: 7 Maximum: 30 crl_dis_point String The address of the CRL file in the OBS bucket. NOTE: This parameter is composed of crl_name, obs_bucket_name, and OBS address.
Minimum: 7 Maximum: 30 crl_dis_point String The address of the CRL file in the OBS bucket. NOTE: This parameter is composed of crl_name, obs_bucket_name, and OBS address.
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
URI GET /v1/private-certificate-authorities/obs/agencies Request Parameters Table 1 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String User token. For details, see Obtaining a User Token.
Certificate Revocation Checking the Agency Permission Creating an Agency Querying the List of OBS Buckets Parent topic: Managing Private Certificates
How Can I Check Whether DNS Verification Takes Effect for Windows OSs? This topic describes how to check whether domain ownership DNS verification takes effect on Windows OSs. After you submit a certificate application to the CA, complete the domain ownership verification by DNS.
A scheduled task for releasing new CRLs will fail to be executed in any of the following cases: The private CA has been deleted; the private CA has expired; the OBS bucket has been deleted; or the authorization for the OBS bucket has been canceled.
