## Create Keyless SSL Configuration

`client.KeylessCertificates.New(ctx, params) (*KeylessCertificate, error)`

**post** `/zones/{zone_id}/keyless_certificates`

Creates a Keyless SSL configuration that allows SSL/TLS termination without exposing private keys to Cloudflare. Keys remain on your infrastructure.

### Parameters

- `params KeylessCertificateNewParams`

  - `ZoneID param.Field[string]`

    Path param: Identifier.

  - `Certificate param.Field[string]`

    Body param: The zone's SSL certificate or SSL certificate and intermediate(s).

  - `Host param.Field[string]`

    Body param: The keyless SSL name.

  - `Port param.Field[float64]`

    Body param: The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

  - `BundleMethod param.Field[BundleMethod]`

    Body param: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

  - `Name param.Field[string]`

    Body param: The keyless SSL name.

  - `Tunnel param.Field[Tunnel]`

    Body param: Configuration for using Keyless SSL through a Cloudflare Tunnel

### Returns

- `type KeylessCertificate struct{…}`

  - `ID string`

    Keyless certificate identifier tag.

  - `CreatedOn Time`

    When the Keyless SSL was created.

  - `Enabled bool`

    Whether or not the Keyless SSL is on or off.

  - `Host string`

    The keyless SSL name.

  - `ModifiedOn Time`

    When the Keyless SSL was last modified.

  - `Name string`

    The keyless SSL name.

  - `Permissions []string`

    Available permissions for the Keyless SSL for the current user requesting the item.

  - `Port float64`

    The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

  - `Status KeylessCertificateStatus`

    Status of the Keyless SSL.

    - `const KeylessCertificateStatusActive KeylessCertificateStatus = "active"`

    - `const KeylessCertificateStatusDeleted KeylessCertificateStatus = "deleted"`

  - `Tunnel Tunnel`

    Configuration for using Keyless SSL through a Cloudflare Tunnel

    - `PrivateIP string`

      Private IP of the Key Server Host

    - `VnetID string`

      Cloudflare Tunnel Virtual Network ID

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/keyless_certificates"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  keylessCertificate, err := client.KeylessCertificates.New(context.TODO(), keyless_certificates.KeylessCertificateNewParams{
    ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    Certificate: cloudflare.F("-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF\nMQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ\nLIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N\nnTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO\nfSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8\n5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ\nqI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+\nsWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV\nRKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4\nUEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt\nvTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8\nuXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs\nESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8\n/cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw=\n-----END CERTIFICATE-----"),
    Host: cloudflare.F("example.com"),
    Port: cloudflare.F(24008.000000),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", keylessCertificate.ID)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "4d2844d2ce78891c34d0b6c0535a291e",
    "created_on": "2014-01-01T05:20:00Z",
    "enabled": false,
    "host": "example.com",
    "modified_on": "2014-01-01T05:20:00Z",
    "name": "example.com Keyless SSL",
    "permissions": [
      "#ssl:read",
      "#ssl:edit"
    ],
    "port": 24008,
    "status": "active",
    "tunnel": {
      "private_ip": "10.0.0.1",
      "vnet_id": "7365377a-85a4-4390-9480-531ef7dc7a3c"
    }
  }
}
```