In November 2020, the Apigee Edge API reference documentation will move to a new experience based on the Apigee integrated portal and visitors to this site will be redirected.

You are viewing the Apigee Edge API reference documentation. For the main product docs, and to search all docs, go to

Create an alias from a JAR or PKCS file

Resource Summary


Content Type



Keystores and Truststores,



Create an alias from a JAR or PKCS file

Creates a new alias in the keystore from a certificate/key pair. The input certificate/key formats supported are PKCS12 and JAR.


Deprecation Warning: The password query paramater to this method has been deprecated for security reasons. If the private key requires a password, you must pass it as multipart/form-data. For example, if you are using cURL, use the -F password option to specify the password:


curl -X POST -H "Content-Type: multipart/form-data" \
-F file="@myKeystore.jar" -F password=key_pword \
"{org_name}/e/{env_name}/keystores/{keystore_name}/aliases?alias={alias_name}&format=keycertjar" \
-u orgAdminEmail:password 


See Creating keystores and truststores using the Edge management API for more examples.


If using a JAR file to create the alias, it must include the certificate and private key files, and a META-INF/ file that contains the following information:




A keystore JAR can contain just those three files. If you have a certificate chain, all certs in the chain must be appended into a single PEM file, where the last certificate should be signed by a root CA. The certs must be appended to the PEM file in the correct order, with an empty line between each cert.


If you want to create a truststore, create aliases from certificates only. For details, see Create an alias from a certificate PEM file

Resource URL /organizations/{org_name}/environments/{env_name}/keystores/{keystore_name}/aliases

Query Parameters

Name Values Description

Alias name.


Type of alias creation. Valid input values are keycertjar and pkcs12.


Flag that specifies whether to validate that the certificate hasn't expired. Set this value to true to skip validation.



Flag that specifies whether the Edge sys admin can download the private key. Set to true to enable the private key to be downloaded.


If false, do not throw an error when the file contains a chain with no newline between each cert. By default, Edge requires a newline between each cert in a chain.

Header Parameters

Name Values Description

Set as multipart/form-data.


Name Value Description

JAR file containing key, certificate, and a descriptor file (if "format=keycertjar"), or pfx/p12 file (if "format=pkcs12").

Request Body

org_name Mention the organization name true

env_name Mention the environment name true

keystore_name Mention the keystore name true

HTTP Basic

OAuth 2.0



Make a request and see the response.

Make a request and see the response.

Make a request and see the response.


Help or comments?

  • If something's not working: Ask the Apigee Community or see Apigee Support.
  • If something's wrong with the docs: Click the "Send Feedback" button.
    (Incorrect? Unclear? Broken link? Typo?)