Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Gateway

Certificates

List Zero Trust certificates
client.zeroTrust.gateway.certificates.list(CertificateListParams { account_id } params, RequestOptionsoptions?): SinglePage<CertificateListResponse { id, binding_status, certificate, 9 more } >
GET/accounts/{account_id}/gateway/certificates
Get Zero Trust certificate details
client.zeroTrust.gateway.certificates.get(stringcertificateId, CertificateGetParams { account_id } params, RequestOptionsoptions?): CertificateGetResponse { id, binding_status, certificate, 9 more }
GET/accounts/{account_id}/gateway/certificates/{certificate_id}
Create Zero Trust certificate
client.zeroTrust.gateway.certificates.create(CertificateCreateParams { account_id, validity_period_days } params, RequestOptionsoptions?): CertificateCreateResponse { id, binding_status, certificate, 9 more }
POST/accounts/{account_id}/gateway/certificates
Delete Zero Trust certificate
client.zeroTrust.gateway.certificates.delete(stringcertificateId, CertificateDeleteParams { account_id } params, RequestOptionsoptions?): CertificateDeleteResponse { id, binding_status, certificate, 9 more }
DELETE/accounts/{account_id}/gateway/certificates/{certificate_id}
Activate a Zero Trust certificate
client.zeroTrust.gateway.certificates.activate(stringcertificateId, CertificateActivateParams { account_id, body } params, RequestOptionsoptions?): CertificateActivateResponse { id, binding_status, certificate, 9 more }
POST/accounts/{account_id}/gateway/certificates/{certificate_id}/activate
Deactivate a Zero Trust certificate
client.zeroTrust.gateway.certificates.deactivate(stringcertificateId, CertificateDeactivateParams { account_id, body } params, RequestOptionsoptions?): CertificateDeactivateResponse { id, binding_status, certificate, 9 more }
POST/accounts/{account_id}/gateway/certificates/{certificate_id}/deactivate
ModelsExpand Collapse
CertificateListResponse { id, binding_status, certificate, 9 more }
id?: string

Identify the certificate with a UUID.

maxLength36
binding_status?: "pending_deployment" | "available" | "pending_deletion" | "inactive"

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:
"pending_deployment"
"available"
"pending_deletion"
"inactive"
certificate?: string

Provide the CA certificate (read-only).

created_at?: string
formatdate-time
expires_on?: string
formatdate-time
fingerprint?: string

Provide the SHA256 fingerprint of the certificate (read-only).

in_use?: boolean

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org?: string

Indicate the organization that issued the certificate (read-only).

issuer_raw?: string

Provide the entire issuer field of the certificate (read-only).

type?: "custom" | "gateway_managed"

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:
"custom"
"gateway_managed"
updated_at?: string
formatdate-time
uploaded_on?: string
formatdate-time
CertificateGetResponse { id, binding_status, certificate, 9 more }
id?: string

Identify the certificate with a UUID.

maxLength36
binding_status?: "pending_deployment" | "available" | "pending_deletion" | "inactive"

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:
"pending_deployment"
"available"
"pending_deletion"
"inactive"
certificate?: string

Provide the CA certificate (read-only).

created_at?: string
formatdate-time
expires_on?: string
formatdate-time
fingerprint?: string

Provide the SHA256 fingerprint of the certificate (read-only).

in_use?: boolean

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org?: string

Indicate the organization that issued the certificate (read-only).

issuer_raw?: string

Provide the entire issuer field of the certificate (read-only).

type?: "custom" | "gateway_managed"

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:
"custom"
"gateway_managed"
updated_at?: string
formatdate-time
uploaded_on?: string
formatdate-time
CertificateCreateResponse { id, binding_status, certificate, 9 more }
id?: string

Identify the certificate with a UUID.

maxLength36
binding_status?: "pending_deployment" | "available" | "pending_deletion" | "inactive"

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:
"pending_deployment"
"available"
"pending_deletion"
"inactive"
certificate?: string

Provide the CA certificate (read-only).

created_at?: string
formatdate-time
expires_on?: string
formatdate-time
fingerprint?: string

Provide the SHA256 fingerprint of the certificate (read-only).

in_use?: boolean

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org?: string

Indicate the organization that issued the certificate (read-only).

issuer_raw?: string

Provide the entire issuer field of the certificate (read-only).

type?: "custom" | "gateway_managed"

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:
"custom"
"gateway_managed"
updated_at?: string
formatdate-time
uploaded_on?: string
formatdate-time
CertificateDeleteResponse { id, binding_status, certificate, 9 more }
id?: string

Identify the certificate with a UUID.

maxLength36
binding_status?: "pending_deployment" | "available" | "pending_deletion" | "inactive"

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:
"pending_deployment"
"available"
"pending_deletion"
"inactive"
certificate?: string

Provide the CA certificate (read-only).

created_at?: string
formatdate-time
expires_on?: string
formatdate-time
fingerprint?: string

Provide the SHA256 fingerprint of the certificate (read-only).

in_use?: boolean

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org?: string

Indicate the organization that issued the certificate (read-only).

issuer_raw?: string

Provide the entire issuer field of the certificate (read-only).

type?: "custom" | "gateway_managed"

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:
"custom"
"gateway_managed"
updated_at?: string
formatdate-time
uploaded_on?: string
formatdate-time
CertificateActivateResponse { id, binding_status, certificate, 9 more }
id?: string

Identify the certificate with a UUID.

maxLength36
binding_status?: "pending_deployment" | "available" | "pending_deletion" | "inactive"

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:
"pending_deployment"
"available"
"pending_deletion"
"inactive"
certificate?: string

Provide the CA certificate (read-only).

created_at?: string
formatdate-time
expires_on?: string
formatdate-time
fingerprint?: string

Provide the SHA256 fingerprint of the certificate (read-only).

in_use?: boolean

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org?: string

Indicate the organization that issued the certificate (read-only).

issuer_raw?: string

Provide the entire issuer field of the certificate (read-only).

type?: "custom" | "gateway_managed"

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:
"custom"
"gateway_managed"
updated_at?: string
formatdate-time
uploaded_on?: string
formatdate-time
CertificateDeactivateResponse { id, binding_status, certificate, 9 more }
id?: string

Identify the certificate with a UUID.

maxLength36
binding_status?: "pending_deployment" | "available" | "pending_deletion" | "inactive"

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:
"pending_deployment"
"available"
"pending_deletion"
"inactive"
certificate?: string

Provide the CA certificate (read-only).

created_at?: string
formatdate-time
expires_on?: string
formatdate-time
fingerprint?: string

Provide the SHA256 fingerprint of the certificate (read-only).

in_use?: boolean

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org?: string

Indicate the organization that issued the certificate (read-only).

issuer_raw?: string

Provide the entire issuer field of the certificate (read-only).

type?: "custom" | "gateway_managed"

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:
"custom"
"gateway_managed"
updated_at?: string
formatdate-time
uploaded_on?: string
formatdate-time