## Create Keyless SSL Configuration

`client.keylessCertificates.create(KeylessCertificateCreateParamsparams, RequestOptionsoptions?): KeylessCertificate`

**post** `/zones/{zone_id}/keyless_certificates`

Creates a Keyless SSL configuration that allows SSL/TLS termination without exposing private keys to Cloudflare. Keys remain on your infrastructure.

### Parameters

- `params: KeylessCertificateCreateParams`

  - `zone_id: string`

    Path param: Identifier.

  - `certificate: string`

    Body param: The zone's SSL certificate or SSL certificate and intermediate(s).

  - `host: string`

    Body param: The keyless SSL name.

  - `port: number`

    Body param: The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

  - `bundle_method?: BundleMethod`

    Body param: A ubiquitous bundle has the highest probability of being verified everywhere, even by clients using outdated or unusual trust stores. An optimal bundle uses the shortest chain and newest intermediates. And the force bundle verifies the chain, but does not otherwise modify it.

    - `"ubiquitous"`

    - `"optimal"`

    - `"force"`

  - `name?: string`

    Body param: The keyless SSL name.

  - `tunnel?: Tunnel`

    Body param: Configuration for using Keyless SSL through a Cloudflare Tunnel

    - `private_ip: string`

      Private IP of the Key Server Host

    - `vnet_id: string`

      Cloudflare Tunnel Virtual Network ID

### Returns

- `KeylessCertificate`

  - `id: string`

    Keyless certificate identifier tag.

  - `created_on: string`

    When the Keyless SSL was created.

  - `enabled: boolean`

    Whether or not the Keyless SSL is on or off.

  - `host: string`

    The keyless SSL name.

  - `modified_on: string`

    When the Keyless SSL was last modified.

  - `name: string`

    The keyless SSL name.

  - `permissions: Array<string>`

    Available permissions for the Keyless SSL for the current user requesting the item.

  - `port: number`

    The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

  - `status: "active" | "deleted"`

    Status of the Keyless SSL.

    - `"active"`

    - `"deleted"`

  - `tunnel?: Tunnel`

    Configuration for using Keyless SSL through a Cloudflare Tunnel

    - `private_ip: string`

      Private IP of the Key Server Host

    - `vnet_id: string`

      Cloudflare Tunnel Virtual Network ID

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const keylessCertificate = await client.keylessCertificates.create({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  certificate:
    '-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\nBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF\nMQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ\nLIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N\nnTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO\nfSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8\n5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ\nqI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+\nsWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV\nRKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4\nUEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt\nvTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8\nuXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs\nESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8\n/cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw=\n-----END CERTIFICATE-----',
  host: 'example.com',
  port: 24008,
});

console.log(keylessCertificate.id);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "4d2844d2ce78891c34d0b6c0535a291e",
    "created_on": "2014-01-01T05:20:00Z",
    "enabled": false,
    "host": "example.com",
    "modified_on": "2014-01-01T05:20:00Z",
    "name": "example.com Keyless SSL",
    "permissions": [
      "#ssl:read",
      "#ssl:edit"
    ],
    "port": 24008,
    "status": "active",
    "tunnel": {
      "private_ip": "10.0.0.1",
      "vnet_id": "7365377a-85a4-4390-9480-531ef7dc7a3c"
    }
  }
}
```