Method: organizations.environments.keystores.aliases.create

Creates an alias from a key/certificate pair.

The structure of the request is controlled by the format query parameter:

  • keycertfile - Separate PEM-encoded key and certificate files are uploaded. Set Content-Type: multipart/form-data and include the keyFile, certFile, and password (if keys are encrypted) fields in the request body. If uploading to a truststore, omit keyFile.
  • pkcs12 - A PKCS12 file is uploaded. Set Content-Type: multipart/form-data, provide the file in the file field, and include the password field if the file is encrypted in the request body.
  • selfsignedcert - A new private key and certificate are generated. Set Content-Type: application/json and include CertificateGenerationSpec in the request body.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



Required. Name of the keystore. Use the following format in your request: organizations/{org}/environments/{env}/keystores/{keystore}.

Authorization requires the following IAM permission on the specified resource parent:

  • apigee.keystorealiases.create

Query parameters



Alias for the key/certificate pair. Values must match the regular expression [\w\s-.]{1,255}. This must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either this parameter or the JSON body.



Required. Format of the data. Valid values include: selfsignedcert, keycertfile, or pkcs12



Flag that specifies whether to ignore expiry validation. If set to true, no expiry validation will be performed.



Flag that specifies whether to ignore newline validation. If set to true, no error is thrown when the file contains a certificate chain with no newline between each certificate. Defaults to false.

Request body

The request body contains an instance of HttpBody.

Response body

If successful, the response body contains a newly created instance of Alias.

Authorization Scopes

Requires the following OAuth scope: