Method: organizations.environments.keystores.aliases.create

Creates an alias from a key, certificate pair. The structure of the request is controlled by the format query parameter: * keycertfile - Separate PEM-encoded key and certificate files are uploaded. The request must have Content-Type: multipart/form-data and include fields keyFile and certFile. If uploading to a truststore, omit keyFile. A password field should be provided for encrypted keys. * pkcs12 - A PKCS12 file is uploaded. The request must have Content-Type: multipart/form-data with the file provided in the file field and a password field if the file is encrypted. * selfsignedcert - A new private key and certificate are generated. The request must have Content-Type: application/json and a body of CertificateGenerationSpec.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



Required. The name of the keystore. Must be of the form organizations/{organization}/environments/{environment}/keystores/{keystore}.

Authorization requires the following IAM permission on the specified resource parent:

  • apigee.keystorealiases.create

Query parameters



The alias for the key, certificate pair. Values must match regular expression [\w\s-.]{1,255}. This must be provided for all formats except 'selfsignedcert'; self-signed certs may specify the alias in either this parameter or the JSON body.



Required. The format of the data. Must be either selfsignedcert, keycertfile, or pkcs12.



If true, no expiry validation will be performed.



If true, do not throw an error when the file contains a chain with no newline between each certificate. By default, a newline is needed between each certificate in a chain.

Request body

The request body contains an instance of HttpBody.

Response body

If successful, the response body contains a newly created instance of Alias.

Authorization Scopes

Requires the following OAuth scope: