> ## Documentation Index > Fetch the complete documentation index at: https://gcore.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Add trusted CA certificate > Add a trusted CA certificate to verify an origin. Enter all strings of the certificate in one string parameter. Each string should be separated by the "\n" symbol. ## OpenAPI ````yaml /api-reference/services_documented/cdn_api.yaml post /cdn/sslCertificates openapi: 3.1.0 info: title: Gcore OpenAPI – CDN API description: >- This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS Protection, Object Storage, Streaming, and FastEdge services. version: '2026-05-07T20:33:46.548242+00:00' servers: - url: https://api.gcore.com security: - APIKey: [] tags: - name: CDN service description: Information about the current state of the CDN service in your account. x-displayName: CDN service - name: CDN resources x-displayName: CDN resources - name: Origins x-displayName: Origins - name: Rules description: >- Rules allow to set up custom settings for certain file types or paths. By default, the rule inherits all options values from the related CDN resource. Each option in rule settings can be in one of the following states: - **Inherit** - Option is not added to the rule. Option inherits its value from the CDN resource settings. In this case, the option value is **null**. - **ON** - Option is added to the rule and enabled. Option values configured in the rule will override values from the CDN resource settings. - **OFF** - Option is added to the rule and disabled. Option will be turned off. x-displayName: Rules - name: Rule templates x-displayName: Rule templates - name: SSL certificates x-displayName: SSL certificates - name: Let's Encrypt certificates x-displayName: Let's Encrypt certificates - name: CA certificates x-displayName: CA certificates - name: CDN activity logs description: |- Get the history of users requests to CDN. It contains requests made both via the API and via the control panel. The following methods are not tracked in the activity logs: - HEAD - OPTIONS x-displayName: CDN activity logs - name: Log viewer description: >- Log viewer provides you with general information about CDN operation. This information does not contain all possible sets of fields and restricted by time. To receive full data, use Logs Uploader. x-displayName: Log viewer - name: Logs uploader description: >- Logs uploader allows you to upload logs with desired format to desired storages. Consists of three main parts: - **Policies** - rules that define which logs are uploaded and how they are uploaded. - **Targets** - destinations where logs are uploaded. - **Configs** - combinations of logs uploader policies, targets and resources to which they are applied. x-displayName: Logs uploader - name: Tools x-displayName: Tools - name: CDN Statistics description: >- Consumption statistics is updated in near real-time as a standard practice. However, the frequency of updates can vary, but they are typically available within a 24-hour period. Exceptions, such as maintenance periods, may delay data beyond 24 hours until servers resume and fill in the missing statistics. x-displayName: Statistics - name: Advanced analytics description: >- Advanced analytics allows to get statistics about unique visitors, traffic, and requests for countries, directories, browsers, devices, and operation systems for up to 90 days starting from today. Advanced analytics API is based on the [GraphQL framework](https://graphql.org/). Advanced analytics API has one single endpoint: https://api.gcore.com/cdn/advanced/v2/query You can pass the query parameters as a JSON object in the payload of a POST request to this endpoint. You can use curl to make requests to the Advanced analytics API. Alternatively, you can use a GraphQL client to construct queries and pass requests to the Advanced analytics API. You can write queries in GraphQL much like in SQL: specify the data set (CDN resource), the metrics to retrieve (such as unique visitors and traffic), and filter or group by dimensions (for example, a country). x-displayName: Advanced analytics - name: Origin shielding x-displayName: Origin shielding - name: IP addresses list x-displayName: IP addresses list - name: Purge history x-displayName: Purge history paths: /cdn/sslCertificates: post: tags: - CA certificates summary: Add trusted CA certificate description: >- Add a trusted CA certificate to verify an origin. Enter all strings of the certificate in one string parameter. Each string should be separated by the "\n" symbol. operationId: add-trusted-ca-certificate requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ssl_ca_add' responses: '201': description: Successful. content: application/json: schema: $ref: '#/components/schemas/ssl_ca_response' x-codeSamples: - lang: Python source: |- import os from gcore import Gcore client = Gcore( api_key=os.environ.get("GCORE_API_KEY"), # This is the default and can be omitted ) ca_certificate = client.cdn.trusted_ca_certificates.create( name="Example CA cert", ssl_certificate="-----BEGIN CERTIFICATE-----\nMIIC0zCCAbugAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20wHhcNMjAwNjI2MTIwMzUzWhcNMjEwNjI2MTIwMzUzWjAWMRQwEgYD\nVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAN4nnSfTsMEnfPgL7rkbImxZAQoND+bpPoX8q16iXZz3fFfqdRk+uEIpU3Brleeg\np0zrrT2eI3+c2h/PRod0Fam4TO6EcfwuboUFzV3j6yw6aWdfBjWZsWBR/FoqWLYq\nb3UejN7yiTYNSiIy3zVpi9pnFM8N8qT+VGBrRDGef2v9JCzhsSSU7wAYM5HKZTp+\nWHojjiyB2hOYqft7A2WlTEDmHFa5UcPHMRZKATUYI1T2TRVqLlSiE2mJ3dFRXGM2\nZAS33J0NVUjkx3w8RmJ7DNflEFJt/6IXdfaokVgfza7LFarrQFQP/YURXEeJT7jm\nDvKpZ/a8wu3ve6N4ykC+CBsCAwEAAaMrMCkwDwYDVR0TBAgwBgEB/wIBADAWBgNV\nHREEDzANggtleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAovxY5lm89Eod\nL8CH3dZzIH7nv8MXtwgpv2vth4PDq2btLS8xrqm2SsA/cV+DsbDjh5CxQLoDX+8V\ng8NtY+ipOE0hdJAUo7UVlsxuAY4frkmLL1/RwpjZg+Z2NAxpR7xGWgoMn7CH481w\nAOBypAuCxcfcyyAOttdS+YMRJnpL6z8/C3W0LGkNOs26Qhu1/U8lfz1f9F4XummD\nu2SCmJsAd1PrL1shsyh4HtmFjuY698aTjYUDUleAnx7ytrGlZuLOIeoQi7tcsLJJ\nTPMbxTLgGN2HEkdJerFRBNViuWvqioEyYlzZ3MshOCR2wsL4wrXrCF0Y3cNOYcIh\nZ8z+wUAP2g==\n-----END CERTIFICATE-----\n", ) print(ca_certificate.id) - lang: Go source: "package main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/G-Core/gcore-go\"\n\t\"github.com/G-Core/gcore-go/cdn\"\n\t\"github.com/G-Core/gcore-go/option\"\n)\n\nfunc main() {\n\tclient := gcore.NewClient(\n\t\toption.WithAPIKey(\"My API Key\"),\n\t)\n\tcaCertificate, err := client.CDN.TrustedCaCertificates.New(context.TODO(), cdn.TrustedCaCertificateNewParams{\n\t\tName: \"Example CA cert\",\n\t\tSslCertificate: \"-----BEGIN CERTIFICATE-----\\nMIIC0zCCAbugAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLZXhh\\nbXBsZS5jb20wHhcNMjAwNjI2MTIwMzUzWhcNMjEwNjI2MTIwMzUzWjAWMRQwEgYD\\nVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\\nAN4nnSfTsMEnfPgL7rkbImxZAQoND+bpPoX8q16iXZz3fFfqdRk+uEIpU3Brleeg\\np0zrrT2eI3+c2h/PRod0Fam4TO6EcfwuboUFzV3j6yw6aWdfBjWZsWBR/FoqWLYq\\nb3UejN7yiTYNSiIy3zVpi9pnFM8N8qT+VGBrRDGef2v9JCzhsSSU7wAYM5HKZTp+\\nWHojjiyB2hOYqft7A2WlTEDmHFa5UcPHMRZKATUYI1T2TRVqLlSiE2mJ3dFRXGM2\\nZAS33J0NVUjkx3w8RmJ7DNflEFJt/6IXdfaokVgfza7LFarrQFQP/YURXEeJT7jm\\nDvKpZ/a8wu3ve6N4ykC+CBsCAwEAAaMrMCkwDwYDVR0TBAgwBgEB/wIBADAWBgNV\\nHREEDzANggtleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAovxY5lm89Eod\\nL8CH3dZzIH7nv8MXtwgpv2vth4PDq2btLS8xrqm2SsA/cV+DsbDjh5CxQLoDX+8V\\ng8NtY+ipOE0hdJAUo7UVlsxuAY4frkmLL1/RwpjZg+Z2NAxpR7xGWgoMn7CH481w\\nAOBypAuCxcfcyyAOttdS+YMRJnpL6z8/C3W0LGkNOs26Qhu1/U8lfz1f9F4XummD\\nu2SCmJsAd1PrL1shsyh4HtmFjuY698aTjYUDUleAnx7ytrGlZuLOIeoQi7tcsLJJ\\nTPMbxTLgGN2HEkdJerFRBNViuWvqioEyYlzZ3MshOCR2wsL4wrXrCF0Y3cNOYcIh\\nZ8z+wUAP2g==\\n-----END CERTIFICATE-----\\n\",\n\t})\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\tfmt.Printf(\"%+v\\n\", caCertificate.ID)\n}\n" components: schemas: ssl_ca_add: type: object properties: name: type: string description: |- CA certificate name. It must be unique. example: Example CA cert sslCertificate: type: string description: |- Public part of the CA certificate. It must be in the PEM format. example: | -----BEGIN CERTIFICATE----- MIIC0zCCAbugAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLZXhh bXBsZS5jb20wHhcNMjAwNjI2MTIwMzUzWhcNMjEwNjI2MTIwMzUzWjAWMRQwEgYD VQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN4nnSfTsMEnfPgL7rkbImxZAQoND+bpPoX8q16iXZz3fFfqdRk+uEIpU3Brleeg p0zrrT2eI3+c2h/PRod0Fam4TO6EcfwuboUFzV3j6yw6aWdfBjWZsWBR/FoqWLYq b3UejN7yiTYNSiIy3zVpi9pnFM8N8qT+VGBrRDGef2v9JCzhsSSU7wAYM5HKZTp+ WHojjiyB2hOYqft7A2WlTEDmHFa5UcPHMRZKATUYI1T2TRVqLlSiE2mJ3dFRXGM2 ZAS33J0NVUjkx3w8RmJ7DNflEFJt/6IXdfaokVgfza7LFarrQFQP/YURXEeJT7jm DvKpZ/a8wu3ve6N4ykC+CBsCAwEAAaMrMCkwDwYDVR0TBAgwBgEB/wIBADAWBgNV HREEDzANggtleGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAovxY5lm89Eod L8CH3dZzIH7nv8MXtwgpv2vth4PDq2btLS8xrqm2SsA/cV+DsbDjh5CxQLoDX+8V g8NtY+ipOE0hdJAUo7UVlsxuAY4frkmLL1/RwpjZg+Z2NAxpR7xGWgoMn7CH481w AOBypAuCxcfcyyAOttdS+YMRJnpL6z8/C3W0LGkNOs26Qhu1/U8lfz1f9F4XummD u2SCmJsAd1PrL1shsyh4HtmFjuY698aTjYUDUleAnx7ytrGlZuLOIeoQi7tcsLJJ TPMbxTLgGN2HEkdJerFRBNViuWvqioEyYlzZ3MshOCR2wsL4wrXrCF0Y3cNOYcIh Z8z+wUAP2g== -----END CERTIFICATE----- required: - name - sslCertificate ssl_ca_response: type: object properties: id: type: integer description: CA certificate ID. example: 1 name: type: string description: CA certificate name. example: Example CA certificate deleted: type: boolean description: >- Defines whether the certificate has been deleted. Parameter is **deprecated**. Possible values: - **true** - Certificate has been deleted. - **false** - Certificate has not been deleted. example: true cert_issuer: type: string description: Name of the certification center that issued the CA certificate. example: example.com cert_subject_cn: type: string description: Domain name that the CA certificate secures. example: example.com cert_subject_alt: type: string description: Alternative domain names that the CA certificate secures. example: DNS:example.com validity_not_before: type: string description: >- Date when the CA certificate become valid (ISO 8601/RFC 3339 format, UTC.) example: '2020-06-26T12:03:53Z' validity_not_after: type: string description: >- Date when the CA certificate become untrusted (ISO 8601/RFC 3339 format, UTC.) example: '2021-06-26T12:03:53Z' sslCertificateChain: type: string description: Parameter is **deprecated**. example: '' hasRelatedResources: type: boolean description: |- Defines whether the CA certificate is used by a CDN resource. Possible values: - **true** - Certificate is used by a CDN resource. - **false** - Certificate is not used by a CDN resource. example: false securitySchemes: APIKey: description: >- API key for authentication. Make sure to include the word `apikey`, followed by a single space and then your token. Example: `apikey 1234$abcdef` type: apiKey in: header name: Authorization ````