> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Create

> Upload a new TLS certificate




## OpenAPI

````yaml https://raw.githubusercontent.com/ngrok/ngrok-openapi/refs/heads/main/ngrok.yaml post /tls_certificates
openapi: 3.0.0
info:
  title: ngrok OpenAPI
  version: 1.0.0
servers:
  - url: https://api.ngrok.com
security:
  - authentication: []
paths:
  /tls_certificates:
    post:
      tags:
        - TLSCertificates
      summary: Create
      description: |
        Upload a new TLS certificate
      operationId: TlsCertificatesCreate
      parameters:
        - $ref: '#/components/parameters/ngrokVersion'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TLSCertificateCreate'
      responses:
        '201':
          description: |
            Upload a new TLS certificate
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TLSCertificate'
components:
  parameters:
    ngrokVersion:
      name: ngrok-version
      in: header
      required: true
      schema:
        type: integer
        default: 2
  schemas:
    TLSCertificateCreate:
      type: object
      required:
        - certificate_pem
        - private_key_pem
      properties:
        description:
          description: >
            human-readable description of this TLS certificate. optional, max
            255 bytes.
          type: string
        metadata:
          description: >
            arbitrary user-defined machine-readable data of this TLS
            certificate. optional, max 4096 bytes.
          type: string
        certificate_pem:
          description: >
            chain of PEM-encoded certificates, leaf first. See [Certificate
            Bundles](https://ngrok.com/docs/cloud-edge/endpoints#certificate-chains).
          type: string
        private_key_pem:
          description: >
            private key for the TLS certificate, PEM-encoded. See [Private
            Keys](https://ngrok.com/docs/cloud-edge/endpoints#private-keys).
          type: string
    TLSCertificate:
      type: object
      properties:
        id:
          description: |
            unique identifier for this TLS certificate
          type: string
        uri:
          description: |
            URI of the TLS certificate API resource
          type: string
        created_at:
          description: |
            timestamp when the TLS certificate was created, RFC 3339 format
          type: string
        description:
          description: >
            human-readable description of this TLS certificate. optional, max
            255 bytes.
          type: string
        metadata:
          description: >
            arbitrary user-defined machine-readable data of this TLS
            certificate. optional, max 4096 bytes.
          type: string
        certificate_pem:
          description: >
            chain of PEM-encoded certificates, leaf first. See [Certificate
            Bundles](https://ngrok.com/docs/cloud-edge/endpoints#certificate-chains).
          type: string
        subject_common_name:
          description: |
            subject common name from the leaf of this TLS certificate
          type: string
        subject_alternative_names:
          $ref: '#/components/schemas/TLSCertificateSANs'
          description: >
            subject alternative names (SANs) from the leaf of this TLS
            certificate
        issued_at:
          description: >
            timestamp (in RFC 3339 format) when this TLS certificate was issued
            automatically, or null if this certificate was user-uploaded
          type: string
        not_before:
          description: |
            timestamp when this TLS certificate becomes valid, RFC 3339 format
          type: string
        not_after:
          description: |
            timestamp when this TLS certificate becomes invalid, RFC 3339 format
          type: string
        key_usages:
          description: >
            set of actions the private key of this TLS certificate can be used
            for
          type: array
          items:
            type: string
        extended_key_usages:
          description: >
            extended set of actions the private key of this TLS certificate can
            be used for
          type: array
          items:
            type: string
        private_key_type:
          description: >
            type of the private key of this TLS certificate. One of rsa, ecdsa,
            or ed25519.
          type: string
        issuer_common_name:
          description: |
            issuer common name from the leaf of this TLS certificate
          type: string
        serial_number:
          description: |
            serial number of the leaf of this TLS certificate
          type: string
        subject_organization:
          description: |
            subject organization from the leaf of this TLS certificate
          type: string
        subject_organizational_unit:
          description: |
            subject organizational unit from the leaf of this TLS certificate
          type: string
        subject_locality:
          description: |
            subject locality from the leaf of this TLS certificate
          type: string
        subject_province:
          description: |
            subject province from the leaf of this TLS certificate
          type: string
        subject_country:
          description: |
            subject country from the leaf of this TLS certificate
          type: string
    TLSCertificateSANs:
      type: object
      properties:
        dns_names:
          description: >
            set of additional domains (including wildcards) this TLS certificate
            is valid for
          type: array
          items:
            type: string
        ips:
          description: |
            set of IP addresses this TLS certificate is also valid for
          type: array
          items:
            type: string
  securitySchemes:
    authentication:
      type: http
      scheme: bearer

````