> ## Documentation Index > Fetch the complete documentation index at: https://infisical.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create ## OpenAPI ````yaml POST /api/v1/cert-manager/ca/internal openapi: 3.0.3 info: title: Infisical API description: List of all available APIs that can be consumed version: 0.0.1 servers: - url: https://us.infisical.com description: Production server (US) - url: https://eu.infisical.com description: Production server (EU) - url: http://localhost:8080 description: Local server security: [] paths: /api/v1/cert-manager/ca/internal: post: tags: - PKI Certificate Authorities operationId: createInternalCertificateAuthorityV1 requestBody: required: true content: application/json: schema: type: object properties: name: type: string minLength: 1 maxLength: 64 description: >- The name of the Internal Certificate Authority to create. Must be slug-friendly. status: type: string enum: - active - disabled - pending-certificate description: The status of the Internal Certificate Authority. configuration: type: object properties: type: type: string enum: - root - intermediate description: The type of CA to create. friendlyName: type: string description: A friendly name for the CA. commonName: type: string default: '' description: The common name (CN) for the CA. organization: type: string default: '' description: The organization (O) for the CA. ou: type: string default: '' description: The organization unit (OU) for the CA. country: type: string default: '' description: The country name (C) for the CA. province: type: string default: '' description: The state of province name for the CA. locality: type: string default: '' description: The locality name for the CA. notBefore: type: string description: >- The date and time when the CA becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format. notAfter: type: string description: >- The date and time when the CA expires in YYYY-MM-DDTHH:mm:ss.sssZ format. maxPathLength: type: number minimum: -1 nullable: true description: >- The maximum number of intermediate CAs that may follow this CA in the certificate / CA chain. A maxPathLength of -1 implies no path limit on the chain. keyAlgorithm: type: string enum: - RSA_2048 - RSA_3072 - RSA_4096 - EC_prime256v1 - EC_secp384r1 - EC_secp521r1 - ML-DSA-44 - ML-DSA-65 - ML-DSA-87 - SLH-DSA-SHA2-128f - SLH-DSA-SHA2-128s - SLH-DSA-SHA2-192f - SLH-DSA-SHA2-192s - SLH-DSA-SHA2-256f - SLH-DSA-SHA2-256s - SLH-DSA-SHAKE-128f - SLH-DSA-SHAKE-128s - SLH-DSA-SHAKE-192f - SLH-DSA-SHAKE-192s - SLH-DSA-SHAKE-256f - SLH-DSA-SHAKE-256s description: >- The type of public key algorithm and size, in bits, of the key pair for the CA; when you create an intermediate CA, you must use a key algorithm supported by the parent CA. dn: type: string nullable: true parentCaId: type: string format: uuid nullable: true serialNumber: type: string nullable: true activeCaCertId: type: string format: uuid nullable: true crlDistributionPointUrls: type: array items: type: string maxLength: 2048 format: uri maxItems: 4 description: >- Additional CRL Distribution Point URLs (HTTP/HTTPS) embedded in every certificate issued by this CA. Up to 4 URLs; the Infisical-managed CRL endpoint is included by default unless disabled. disableManagedCrlDistributionPointUrl: type: boolean default: false description: >- When set to true, the Infisical-managed CRL endpoint URL will not be embedded in certificates issued by this CA. Only custom CRL Distribution Point URLs (if any) will be included. required: - type - keyAlgorithm additionalProperties: false required: - name - status - configuration additionalProperties: false responses: '200': description: Default Response content: application/json: schema: type: object properties: enableDirectIssuance: type: boolean default: true name: type: string id: type: string format: uuid status: type: string enum: - active - disabled - pending-certificate type: type: string enum: - internal configuration: type: object properties: type: type: string enum: - root - intermediate description: The type of CA to create. friendlyName: type: string description: A friendly name for the CA. commonName: type: string default: '' description: The common name (CN) for the CA. organization: type: string default: '' description: The organization (O) for the CA. ou: type: string default: '' description: The organization unit (OU) for the CA. country: type: string default: '' description: The country name (C) for the CA. province: type: string default: '' description: The state of province name for the CA. locality: type: string default: '' description: The locality name for the CA. notBefore: type: string description: >- The date and time when the CA becomes valid in YYYY-MM-DDTHH:mm:ss.sssZ format. notAfter: type: string description: >- The date and time when the CA expires in YYYY-MM-DDTHH:mm:ss.sssZ format. maxPathLength: type: number minimum: -1 nullable: true description: >- The maximum number of intermediate CAs that may follow this CA in the certificate / CA chain. A maxPathLength of -1 implies no path limit on the chain. keyAlgorithm: type: string enum: - RSA_2048 - RSA_3072 - RSA_4096 - EC_prime256v1 - EC_secp384r1 - EC_secp521r1 - ML-DSA-44 - ML-DSA-65 - ML-DSA-87 - SLH-DSA-SHA2-128f - SLH-DSA-SHA2-128s - SLH-DSA-SHA2-192f - SLH-DSA-SHA2-192s - SLH-DSA-SHA2-256f - SLH-DSA-SHA2-256s - SLH-DSA-SHAKE-128f - SLH-DSA-SHAKE-128s - SLH-DSA-SHAKE-192f - SLH-DSA-SHAKE-192s - SLH-DSA-SHAKE-256f - SLH-DSA-SHAKE-256s description: >- The type of public key algorithm and size, in bits, of the key pair for the CA; when you create an intermediate CA, you must use a key algorithm supported by the parent CA. dn: type: string nullable: true parentCaId: type: string format: uuid nullable: true serialNumber: type: string nullable: true activeCaCertId: type: string format: uuid nullable: true crlDistributionPointUrls: type: array items: type: string maxLength: 2048 format: uri maxItems: 4 description: >- Additional CRL Distribution Point URLs (HTTP/HTTPS) embedded in every certificate issued by this CA. Up to 4 URLs; the Infisical-managed CRL endpoint is included by default unless disabled. disableManagedCrlDistributionPointUrl: type: boolean default: false description: >- When set to true, the Infisical-managed CRL endpoint URL will not be embedded in certificates issued by this CA. Only custom CRL Distribution Point URLs (if any) will be included. required: - type - keyAlgorithm additionalProperties: false required: - name - id - status - type - configuration additionalProperties: false '400': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 400 message: type: string error: type: string details: {} required: - reqId - statusCode - message - error additionalProperties: false '401': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 401 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false '403': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 403 message: type: string details: {} error: type: string required: - reqId - statusCode - message - error additionalProperties: false '404': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 404 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false '422': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 422 message: {} error: type: string required: - reqId - statusCode - error additionalProperties: false '500': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 500 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false ````