tencent cloud

Feedback

SSL Certificate Service

Last updated: 2024-11-26 09:57:16

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    SSL Certification ssl Supported Supported Resource level Partially supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    AddOneClickHttpsCnameRecord add oneclick https canme record Operation level * Supported
    AddWafProtection Add Waf protection to the domain name Resource level qcs::ssl::uin/:certificate/${CertificateId} Supported
    ApplyCertificate Request a free certificate Operation level * Supported
    BatchDeleteCSR Batch Delete CSR Resource level qcs::ssl::uin/${uin}:csr/${CSRId} Supported
    CancelAuditCertificate Cancel certificate review Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    CancelCertificateApply Cancellation of Paid Certificate Application Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    CancelCertificateOrder Cancel Certificate Signing Request From CA Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    CancelHostingCertificates Cancel certificate hosting Resource level qcs::ssl::uin/${uin}:* Supported
    CancelRevoke cancel revoked certificate Resource level qcs::ssl::uin/:certificate/${CertificateId} Supported
    CertificateInfoSubmit Submit certificate information Resource level qcs::ssl::uin/${uin}:certificate/${CertId} Supported
    CertificateOrderSubmit Submit certificate order Resource level qcs::ssl::uin/${uin}:certificate/${CertId} Supported
    CertificateReviewProcessing Reminder based on certificate ID Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    CommitCertificateInformation Commit Certificate Signing Request To CA Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    CompleteCertificate actively trigger certificate verification. Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    CreateCSR Create CSR Operation level * Supported
    CreateCertificate Create certificate order and pay auto Operation level * Supported
    CreateCertificateBindResourceSyncTask Create a certificate-associated cloud resource asynchronous task Operation level * Supported
    CreateCertificateByPackage Create certificates using stake points Operation level * Supported
    CreateCompany Create a pre-approved company Operation level * Supported
    CreateHostingCertificate Create certificate hosting Resource level qcs::ssl::uin/${uin}:* Supported
    CreateManager Create a pre-approved company administrator Resource level qcs::ssl::uin/${uin}:company/${CompanyId} Supported
    CreateManagerDomain Create manager domain Resource level qcs::ssl::uin/${uin}:manager/${ManagerId} Supported
    CreatePrivateCACertificate Create Private CA Certificate Operation level * Supported
    CreatePrivateRootCA Create Private Root CA Operation level * Supported
    CreatePrivateSubCA Create Private Sub CA Operation level * Supported
    CreateSaasWafForDnsPod Open small and micro enterprise version waf Operation level * Supported
    CreateWafCnameRecord Add Waf\'s Cname resolution record to DNSPod Operation level * Supported
    DeleteCertificate Delete Certificate Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    DeleteCertificates Batch Delete Certificates Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DeleteCompany delete company Resource level qcs::ssl::uin/${uin}:company/${CompanyId} Supported
    DeleteHostingCertificates Remove certificate hosting Resource level qcs::ssl::uin/${uin}:* Supported
    DeleteManager Delete Manager Resource level qcs::ssl::uin/${uin}:manager/${ManagerId} Supported
    DeleteManagerDomain delete manager domain name Resource level qcs::ssl::uin/${uin}:manager/${ManagerId} Supported
    DeleteOneClickHttps Delete a one-click https instance Operation level * Supported
    DeletePrivateCAResource Delete Private CA Resource Operation level * Supported
    DeleteWafProtection Delete waf domain name protection Operation level * Supported
    DeployCertificateInstance List of certificates deployed to cloud resource instances Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DeployCertificateRecordRetry Cloud resource deployment retry deployment record Operation level * Supported
    DeployCertificateRecordRollback One-click rollback of cloud resource deployment Operation level * Supported
    DownloadCertificate Download Certificate Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    ModifyCSR modify csr Infomation Resource level qcs::ssl::uin/${uin}:csr/${CSRId} Supported
    ModifyCertificateAlias Modify Certificate Alias Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    ModifyCertificateDownloadLimitSwitch Modify Certificate Download Limit Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ModifyCertificateName Modify Certificate Alias Operation level * Supported
    ModifyCertificateProject Assign Certificate To Project Resource level qcs::ssl::uin/:certificate/${CertificateIdList} Supported
    ModifyCertificateResubmit Re-initiate the audit for paid certificates that fail the audit or cancel the audit Resource level qcs::ssl::uin/:certificate/${CertificateId} Supported
    ModifyCertificateTags Modify the certificate label Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ModifyCertificatesExpiringNotificationSwitch Modified to ignore certificate expiration notifications. Turn certificate expiration notifications on or off. Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ModifyCloudMonitorCertificates Modify the cloud monitoring certificate Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ModifyCompany Modify pre-approved company information Resource level qcs::ssl::uin/${uin}:company/${CompanyId} Supported
    ModifyDomainAuthMethod Modify the certificate domain name verification method Resource level qcs::ssl::uin/:certificate/${CertificateId} Supported
    ModifyDomainVerification Modify domain name verification method Operation level * Supported
    ModifyHostingCertificate Modify certificate hosting configuration Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ModifyHostingRelatedCertificate Modify Managed hosting Certificates Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ModifyManager Modify pre-approval manager Resource level qcs::ssl::uin/${uin}:manager/${ManagerId} Supported
    ModifyOneClickHttpsDomain Modify one-click https domain Operation level * Supported
    ModifyOneClickHttpsDomainAuthMethod Modify one-click https domain name verification method Operation level * Supported
    ModifyOneClickHttpsInit One-click https initialization Operation level * Supported
    ModifyWafProtection Modify the domain name to add Waf protection Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ModifyWafProtectionStatus Modify the enabled status of waf domain name protection Operation level * Supported
    ReceiveVoucherByActivity Receive Activity Voucher Operation level * Supported
    RefundCertificate Self Refund Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    RefundCertificateByPackage Certificate return benefits Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    RefundOneClickHttps One-click refund for https instances Operation level * Supported
    ReplaceCertificate reissue certificate Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ReplaceCertificateRecordRetry Managed certificate resource replacement failed record retry Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    ReplaceCertificateRecordRollback Certificate hosting Resource Replacement Success Record Rollback Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    RevokeCertificate revoke certificate Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    RevokePrivateCA Revoke Private CA Operation level * Supported
    RevokePrivateCACertificate Revoke Private CA Certificate Operation level * Supported
    SetAutoRenewFlag This interface (SetAutoRenewFlag) is used to set the certificate automatic renewal flag Resource level qcs::ssl::uin/:certificate/${CertId} Supported
    SubmitAuditManager Resubmit to the review manager Resource level qcs::ssl::uin/${uin}:manager/${ManagerId} Supported
    SubmitCertificateInformation Submit Certificate Signing Request Information Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    SubmitOneClickHttpsDomain Submit one-click https domain name Operation level * Supported
    TransferInPackage Transfer to equity points Operation level * Supported
    TransferOutPackage Transfer Out Equity Points Operation level * Supported
    UpdateBindResourceCertificateConfig Update the configuration information of the associated cloud resource certificate Operation level * Supported
    UpdateCertificateInstance One-click update of old certificate resources Operation level * Supported
    UpdateCertificateRecordRetry Cloud resource update retry deployment record Operation level * Supported
    UpdateCertificateRecordRollback One-click rollback of cloud resource updates Operation level * Supported
    UpdateUploadedCertificate Update an uploaded certificate Resource level qcs::ssl::uin/:certificate/{CertificateId} Supported
    UploadConfirmLetter upload confirm letter Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    UploadConfirmLetterFile This interface (UploadConfirmLetterFile) is used to upload the certificate confirmation letter file. Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    UploadExclusiveCertificate Upload the certificate. If you upload the same certificate content, the previous certificate ID will be returned directly. Operation level * Supported
    UploadRevokeLetter Upload revoke letter Resource level qcs::ssl::uin/$uin:certificate/$CertificateId Supported
    UploadRevokeLetterFile This interface (UploadRevokeLetterFile) is used to upload the certificate revocation confirmation letter file. Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    UploadSMCertificate Upload the national secret certificate Operation level * Supported
    VerifyDomainAgain Administrator domain name resubmission for verification Operation level * Supported
    VerifyManager Re-verify the manager Resource level qcs::ssl::uin/${uin}:manager/${ManagerId} Supported
    VerifyManagerDomain Pre-approved domain names actively trigger verification Operation level * Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CheckCSRAndPrivateKey Check CSR And Private Key Matched Operation level * Supported
    CheckCertificate Certificate check Operation level * Supported
    CheckCertificateChain This interface (CheckCertificateChain) is used to check whether the certificate chain is complete. Operation level * Supported
    CheckCertificateDomainVerification check certificate domain verification Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    CheckCreateFreeCertificate This interface (CheckCreateFreeCertificate) is used to check whether the domain name and account can create a free certificate Operation level * Supported
    CheckDomainCAA Check whether the domain name has passed CAA verification Operation level * Supported
    CheckDomainResolvedInDNSPod Check whether the domain name is resolved normally in DNSPod Operation level * Supported
    CheckInsureWhiteList Detect whitelist list of insured price Operation level * Supported
    CheckIntermediateCertIsSame check intermediate cert is same Operation level * Supported
    CheckInternalAccount Check whether it is an internal account Operation level * Supported
    CheckOneClickHttpsDomain One-Click https check domain Operation level * Supported
    CheckOneClickHttpsDomainVerification Detect one-click https domain name verification Operation level * Supported
    DeployCertificateClbInstance Deploy the certificate to the clb cloud resource instance list Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeActivityVoucherReceived Describe Activity Voucher Received Number Operation level * Supported
    DescribeAverageIssueTime Obtain the average certificate issuance time Operation level * Supported
    DescribeBindResourceCertificateConfig Query the configuration information of the associated cloud resource certificate Operation level * Supported
    DescribeCAARecords Query domain name CAA records Operation level * Supported
    DescribeCSR Describe CSR Infomation Resource level qcs::ssl::uin/${uin}:csr/${CSRId} Supported
    DescribeCSRContent Parse CSR Content Operation level * Supported
    DescribeCSRSet Describe CSR Set Resource level qcs::ssl::uin/${uin}:csr/${CSRId} Supported
    DescribeCertificate Get certificate information Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeCertificateBindResourceTaskDetail Query the result of the certificate association cloud resource task - return the association details Operation level * Supported
    DescribeCertificateBindResourceTaskResult Query the result of the cloud resource task associated with the certificate - only the total number is returned Operation level * Supported
    DescribeCertificateBindResources describe certificate Bound cloud resources Operation level * Supported
    DescribeCertificateDetail Get certificate details Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeCertificateDomainMonitorStatusFromSSLPod Query the domain name of the certificate corresponding to the monitoring status of SSLPod Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeCertificateOperateLogs Get Certificate Operate Log List Operation level * Supported
    DescribeCertificateOwners Get additional information about the certificate holder Operation level * Supported
    DescribeCertificateWebServer Query the domain name subject associated with the certificate The deployed WebSerber service type can only check single domain name certificates Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeCertificates Operation level * not supported
    DescribeCertificatesByDomains Obtain a list of certificates by domain name Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeCertificatesMatchDomains Obtain a list of certificates by domain name Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeCloudMonitorCertificates Get list of certificates with cloud monitoring status Operation level * Supported
    DescribeCompanies Query company list Resource level qcs::ssl::uin/${uin}:company/${CompanyId} Supported
    DescribeConfirmLetterDownloadUrl Describe Confirm Letter Download Url Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeDNSPodSaaSAllDomain Query all domain names protected by waf for small and micro enterprises Operation level * Supported
    DescribeDNSPodSaaSInfo Query the domain name protection details of the small and micro enterprise version Operation level * Supported
    DescribeDNSPodSaaSList Small and Micro Enterprise Edition Waf Instance Protection List Operation level * Supported
    DescribeDeleteCertificatesTaskResult Describe Delete Certificates Task Result Operation level * Supported
    DescribeDeployedResources Certificate query associated resources Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeDnsResolution Query whether DNS resolution takes effect in batches Operation level * Supported
    DescribeDomainInIcp Query whether the domain name is filed Operation level * Supported
    DescribeDomainValidateOptions This interface (DescribeDomainValidateOptions) is used to query domain name validation options Operation level * Supported
    DescribeDomainVerification Obtain pre-approved domain verification information Operation level * Supported
    DescribeDomainVerificationMethods Query the verification method of the domain name Operation level * Supported
    DescribeDomainVerifyInWaf Query whether the domain name can add waf Operation level * Supported
    DescribeDownloadCertificateUrl Get the download certificate link Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeExpiringCertificates Query for certificates that are about to expire Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeFreeCertificateList This interface (DescribeFreeCertificateList) is used to obtain the free certificate application list. Resource level qcs::ssl::uin/${uin}:* Supported
    DescribeFreeQuota Query the free certificate quota Operation level * Supported
    DescribeHostApiGatewayInstanceList Query the list of certificate apiGateway cloud resource deployment instances Operation level * Supported
    DescribeHostCdnInstanceList Query the list of certificate CDN cloud resource deployment instances Operation level * Supported
    DescribeHostClbInstanceList Query the list of certificate clb cloud resource deployment instances Operation level * Supported
    DescribeHostCosInstanceList Query the list of certificate cos cloud resource deployment instances Operation level * Supported
    DescribeHostDdosInstanceList Query the list of certificate ddos cloud resource deployment instances Operation level * Supported
    DescribeHostDeployRecord Query the list of certificate cloud resource deployment records Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeHostDeployRecordDetail Query the detailed list of certificate cloud resource deployment records Operation level * Supported
    DescribeHostDisasterConfig Query certificate automated disaster downgrade configuration Operation level * Supported
    DescribeHostLighthouseInstanceList Querying the List of Certificate Lighthouse Cloud Resource Deployment Instances Operation level * Supported
    DescribeHostLiveInstanceList Query the list of certificate live cloud resource deployment instances Operation level * Supported
    DescribeHostTCMInstanceList Query the list of deployable instances of the Container Service Gateway Operation level * not supported
    DescribeHostTSEInstanceList Query the list of deployable instances of the certificate native gateway Operation level * Supported
    DescribeHostTeoInstanceList Query the list of certificate teo cloud resource deployment instances Operation level * Supported
    DescribeHostTkeInstanceList Query certificate tke cloud resource deployment instance list Operation level * Supported
    DescribeHostUpdateRecord Query the list of certificate cloud resource update records Operation level * Supported
    DescribeHostUpdateRecordDetail Query the detailed list of certificate cloud resource update records Operation level * Supported
    DescribeHostVodInstanceList Querying the List of Certificate Vod Cloud Resource Deployment Instances Operation level * Supported
    DescribeHostWafInstanceList Query the list of certificate waf cloud resource deployment instances Operation level * Supported
    DescribeHostingList Describe the certificate hosting list Resource level qcs::ssl::uin/${uin}:* Supported
    DescribeHostingReplaceRecordDetail Query the details of certificate hosting resource deployment records Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeManagerDetail Describe Manager Detail Info Resource level qcs::ssl::uin/${uin}:manager/${ManagerId} Supported
    DescribeManagerDomains Query the domain name of the administrator Resource level qcs::ssl::uin/${uin}:manager/${ManagerId} Supported
    DescribeManagers DescribeManagers Resource level qcs::ssl::uin/${uin}:company/${CompanyId} Supported
    DescribeOneClickDetail One-Click https detail Operation level * Supported
    DescribePackage Get the benefits package details Operation level * not supported
    DescribePackageConsumeByCertificates Query the consumption information of interest points according to the certificate ID Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribePackageLogs Obtain the operation details of the benefit package Operation level * Supported
    DescribePackages Get a list of benefit packages Operation level * Supported
    DescribePeakPoints Get the peak QPS of multiple time periods Operation level * Supported
    DescribePeakQps Get the client\'s QPS peak value Operation level * Supported
    DescribePreDetectionRecords Query the certificate records that failed the pre-test Resource level qcs::ssl::uin/${uin}:* Supported
    DescribePrivateCACertificate Describe Private CA Certificate Detail Operation level * Supported
    DescribePrivateRootCA Describe Private Root CA Detail Operation level * Supported
    DescribePrivateSubCA Describe Private Sub CA Detail Operation level * Supported
    DescribeRecommendWildcardCertificates Describe Recommend Buy Wildcard Certificates Operation level * Supported
    DescribeRecordExisted Query whether there is a corresponding resolution record for the domain name Operation level * Supported
    DescribeResourceInstanceCount Query the list of certificate clb cloud resource deployment instances Operation level * Supported
    DescribeRevokeLetterDownloadUrl Describe Revoke Letter Download Url Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeRevokeLetterInfo Describe Revoke Letter information Resource level qcs::ssl::uin/${uin}:certificate/${CertificateId} Supported
    DescribeTCBEnvironments Describe TCB Environments Operation level * Supported
    DescribeTopDomainQuota Query the free certificate main domain quota Operation level * Supported
    DescribeUploadLetterPreSignUrl This interface (DescribeUploadLetterPreSignUrl) is used to generate a pre-signed link Resource level qcs::ssl::uin/:certificate/${CertificateId} Supported
    DescribeVIPLevel Query user VIP level Operation level * Supported
    DescribeWafCnameRecords Batch query whether there are Cname records Operation level * Supported
    DescribeWafInstancePackageInfo waf instance package details Operation level * Supported
    DescribeWafInstances Get the list of user Waf instances Operation level * Supported
    DescribeWafProtectionList Query the Waf Instance Protection List for Non-Small and Micro Enterprises Operation level * Supported
    DownloadPrivateCA Download PrivateCA Operation level * Supported
    GetCertificatePrice get certificate price Operation level * Supported
    GetInnerCertByFingerprint Query internal account certificate information by certificate fingerprint Operation level * not supported
    GetUbiTradeParam get ubi trade param Operation level * not supported
    GetUserProject Get user project Operation level * Supported
    UploadCertificate Upload Certificate Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeCountGroupByStatus Obtain the number of certificates according to the state Operation level * Supported
    DescribeOneClickList One-Click https list Operation level * Supported
    DescribePrivateCACertificates Describe Private CA Certificate List Operation level * Supported
    DescribePrivateRootCAs Describe Private Root CA List Operation level * Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support