Create a certificate
Stay organized with collections
Save and categorize content based on your preferences.
Issue/ create a new certificate using a certificate authority.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
Go
To authenticate to CA Service, set up Application Default Credentials.
For more information, see
Set up authentication for a local development environment.
import (
"context"
"fmt"
"io"
privateca "cloud.google.com/go/security/privateca/apiv1"
"cloud.google.com/go/security/privateca/apiv1/privatecapb"
"google.golang.org/protobuf/types/known/durationpb"
)
// Create a Certificate which is issued by the Certificate Authority present in the CA Pool.
// The key used to sign the certificate is created by the Cloud KMS.
func createCertificate(
w io.Writer,
projectId string,
location string,
caPoolId string,
caId string,
certId string,
commonName string,
domainName string,
certDuration int64,
publicKeyBytes []byte) error {
// projectId := "your_project_id"
// location := "us-central1" // For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
// caPoolId := "ca-pool-id" // The CA Pool id in which the certificate authority exists.
// caId := "ca-id" // The name of the certificate authority which issues the certificate.
// certId := "certificate" // A unique name for the certificate.
// commonName := "cert-name" // A common name for the certificate.
// domainName := "cert.example.com" // Fully qualified domain name for the certificate.
// certDuration := int64(31536000) // The validity of the certificate in seconds.
// publicKeyBytes // The public key used in signing the certificates.
ctx := context.Background()
caClient, err := privateca.NewCertificateAuthorityClient(ctx)
if err != nil {
return fmt.Errorf("NewCertificateAuthorityClient creation failed: %w", err)
}
defer caClient.Close()
// Set the Public Key and its format.
publicKey := &privatecapb.PublicKey{
Key: publicKeyBytes,
Format: privatecapb.PublicKey_PEM,
}
// Set Certificate subject config.
subjectConfig := &privatecapb.CertificateConfig_SubjectConfig{
Subject: &privatecapb.Subject{
CommonName: commonName,
},
SubjectAltName: &privatecapb.SubjectAltNames{
DnsNames: []string{domainName},
},
}
// Set the X.509 fields required for the certificate.
x509Parameters := &privatecapb.X509Parameters{
KeyUsage: &privatecapb.KeyUsage{
BaseKeyUsage: &privatecapb.KeyUsage_KeyUsageOptions{
DigitalSignature: true,
KeyEncipherment: true,
},
ExtendedKeyUsage: &privatecapb.KeyUsage_ExtendedKeyUsageOptions{
ServerAuth: true,
ClientAuth: true,
},
},
}
// Set certificate settings.
cert := &privatecapb.Certificate{
CertificateConfig: &privatecapb.Certificate_Config{
Config: &privatecapb.CertificateConfig{
PublicKey: publicKey,
SubjectConfig: subjectConfig,
X509Config: x509Parameters,
},
},
Lifetime: &durationpb.Duration{
Seconds: certDuration,
},
}
fullCaPoolName := fmt.Sprintf("projects/%s/locations/%s/caPools/%s", projectId, location, caPoolId)
// Create the CreateCertificateRequest.
// See https://pkg.go.dev/cloud.google.com/go/security/privateca/apiv1/privatecapb#CreateCertificateRequest.
req := &privatecapb.CreateCertificateRequest{
Parent: fullCaPoolName,
CertificateId: certId,
Certificate: cert,
IssuingCertificateAuthorityId: caId,
}
_, err = caClient.CreateCertificate(ctx, req)
if err != nil {
return fmt.Errorf("CreateCertificate failed: %w", err)
}
fmt.Fprintf(w, "Certificate %s created", certId)
return nil
}
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]