API Method -createCertificate and createCertificateP7B

Purpose

Use the “createCertificate” and “createCertificateP7B” method for creating the X509 certificate based on the profile selection.

Type of Method

POST

Request URL

http://www.example.com/emCAServices/rest/createCertificate http://www.example.com/emCAServices/rest/createCertificateP7B

Request Input Parameters

Parameter

Presence

Data Type

Description

signature

String

CSR file has to be generated and signed with PFX shared by us.

Pass Signed CSR data i.e., PKCS#7 data.

userName

String

You need to pass username that is registered with emCA for API process.

password

String

You need to pass the password that is registered with emCA for API process.

subscriberId

String

Pass the Subscriber ID.

applicationId

String

Pass the application ID.

profileName

String

Pass Certificate profile name to be used to create x509Certificate.

Sample JSON Object

requestData
{
"signature": "axcns/EEczS5nGivHuOHFabnKQhsRNPJLQq7AJnQtGWbl7DgU9WoSLbHf4cvBKozlMnU5E7XOwkxhbQm NQrxv12KAG2F5OYvZosUXaLbp0g3T1V3YRXn3KV74cPY7LM4uO62eHEWJ80PYB+pmXOPxLqGFPNsdvZ/A
+HPkuHpTnnjmUxqO8hDuHEc1y00hxJvasDEXzNU5SuDNWADQNYn45SJU+6H+9ty4GTfzjrNRaLvLHNQgQ 1lFkYEU5Fra8QiZWDqeH6F4h6D+CspxpGxFp4jqOddBvWhWmutSobjJItxEuRjCKaE2w/SPAguY9JKudl FmuPz0uIV4BAkTwFgKw==",
“userName” : "username" “password” : "password"
“profileName” : "Class2IndividualSignatureOneyear" “subscriberId” : "XXX",
                 “applicationId” : "XXX"
}

Parameter

Presence

Data Type

Description

requestData

String

All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by the emCA team.

Pass Encrypted JSON Object.

userName

String

You need to pass username that is registered with emCA for API process.

Header Details

Key

Presence

Value

Description

Application / JSON

Content-Type

Type of request should be in JSON Format.

Authentication Key

emKey

emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).

Sample Request Data

Header:
            Content-Type : application/json
           emKey	: 47b54594063957de22fce0aeddd51a6adf4a80aa

Request Body:
{
 
"requestData":" E7utLpuJ0Xy9WK0IdHXjLjmtb7yr1DBCgoevpUPvVK4+3//WS1SPpdyszTZzDZrDUr4YpE7TefGO0ZJN ouHck6+kQ6oQGmvGLzv5qxzCmnOI9nnvzB9WRiwXOSlBtRngYJfeIzRu9m1YHQbWhI1M9zkdRTQtzOU+ KpSE+SMf9uYllLJqh7Tscy0bt83+iLHvFpYCIKlfzBYWHJrav5H+97VqzSTyVsAPYP32cRHhlYTwraYB YVmLpwUiXJd2FkGbg4FoOQUZF+bSkcykZhmv8Y8GTaZAbH72befiCWaFs95tk3LfW/SiKICtSV4L5DEp z+1Gd/9KlqwZk84FsjgaKByEotYCB9FvQHFTMO6A3XQgGh7rvWDOQvIaLZoOQUkJ9n/IHl+cM0IKaWNt Cf/XPjazGlXuVgAAA3F4AlYVzU13X36Y4UlALfL/Zr3EIuYO8PlEQ+ivhj1vhY+/ObP6oEeaQSVDJsto TR6ShKonIJujK1T3Nl1pJ4jDhpIXAlDiBGkp2e3mSlVUAodGFWhASsI1Z5LZa2siFZQ0+jIc9HHvlQvu 7SBf1iNbXEhXsqwy2TkqhvwQL/+IdRuQyQ4zyjhN5DkUUNfyHsTXrwZom32WClkDHJ2VwJrLLkW3u4F5 ixFj3ctS1xfGC0M0pbZDCKWkWiyYcLJFZQPwVG6SuQH9CDDzBYRx8HBt3xUlurjXKjtttUHqV/IEh33U WkRFKmcELWhnIeUnSQgKV+VhyaiyNS9Sz+E1qqy5khILBjyY1N47Z5Vutf+fJIsndMA4TDpeMk9lj68n scQQbOzDDwSBUxYTCB9zdTrKBmQz3UTIT3ddL5HeBBqol+VqexbcbPJoQyf+0fjpIt96/sTmiFPH/bJt OJnHhdTAZdel0bXRcrkqGlWkilt3dRbNci1AlSkDfG2yhvj6UFqKZNIAYDo11pvjb8hzqoTLZnczcwQv pXbDqNK3F6wGSZmVEgrS6pOavP/o/KPcSdTret6KMOt+EBrFPmT+qPUtmXmkzSVEmvJDtHd+wUv+Wvrn gU4YulROrThmVri2zdUuz7LCEV10FzHTXsgX7hbncmwvv4YQGnslibYkuN3bXMR2BxAsAn4xAIf3h4LI HjCZPv59M09SbLePkHgWj7FtqPx8CMihkKCMIbUXjsCFpn64xr2RssYGZYg8nqhxqSmQgLunOGzlemIs Uf+DsRZxpotuAGQKJ/79UtY8N61VeZZsUJVjj2cenimVF6Hk9pdMXHblAUCEiGA8vBCqLSbHLUjAEaev q5Ost+RXdI8mKE5/kXpzybAcFdMVn7W8erS+/S0OIODRTBtS4HQ7e6oFp94NK2JwsEfpuwx66YZH4BoM xu8ZRxnzWaAfEavCk663tNwTpXeA+mQodDcG9xYq0L1DDGTiA+y1+u2LzXYPyTMqV7Yd+0WZmNzpnoNl Kk8qzeEUh4s456/WrWNQZSPWoU/9zWjmR4UBGetpGMyQ3Jo/6PRMHlZ8xVONmK31UvVcv50pwgl9+uLA 7JhI0Da9r7wtfsh/mzFOvX1XcGa3DEQyx5siw5GSZ7SKphboEfctBCq2pqbhkAT0rskQuPy35TOontXx mB5VXkKE5lyWl2SS9rur3MAtspTta6agZWiaeYnYmoh7Gg0y4MCag71XTpd/p/cUVnb5fqSNHBruBnG2b kxHFBuls8elbeyRtqrV01+elQnPvePDt1KMexX+ajPJItBFyp5lzdNjjweDeuDDP1257LYpgmhnF6ai mTpn1eipbhnx0ookmVbAPUK0Izzk+Smw7Fv4qvVXDOCcz+UFBJE5lMHwfVPChDkUfdq03MxWItn+fE6j +oS/4+JPKH8suUz6lhf+CVHwE4pPC4q/JcmZi4MopVViIiA+YTVGFqkHZnfsptx3KAcMJP81uKJJm7HG GN/PyYyVn5unfWw6cCkbp5vXt3onJT75S+tv2gdCJ8SW6m4O+H/wgx/Uf/xJESWOIB7sdW82GpqVxXqZ Q1qSQDfwZhXeOASm/eZs8VBHEzTaNHAQKaLkRzL/deB2TMC6eOEez5EdlX2j4jbnLPWef4M83Im8nx+i EswvpnuQiDu+ZFuLtwzBxIJ7WHSGocu8smW96MtDCd7buJGtkianjOj4C1SyWySuTfhMb9T1xdg6eQRG
 
F3nAD2i9t0lMuhEMo6E++lQRPxGKOugsef7u6HTbzsx6apicQQf46Epn09qMgdnrbDsERsuTHqlZt+AS wNoNw++MDClbe5P5w13OXJqbzb+tjigXu2BE/76qjYW6srOQi4XabvF9vGPM+nWuuhyjdtV+MicsUkQw EfxnFIC7jgEEVTGIRW+RYYGtoLt7XGYcdo/gkAM6XGK3sbGzRY6hE9JyygTsjwOQVqx2Q2GYjTojcxSA kKyeOe4i7XctJO9mpXqR7Mi0Lum8dXv+rFu3EAomY23cQcLOIctTKLoPx9fKAvJEdnDfOPZ9sJ3qUjpY Pqbuv+TKYYL/aSLmipT/4hrc0GNtthBu/SN4Zdv9fjetCKz5GwYudBCCcDJDGMPrl+oawAr81bf0aPze 7RGdK0ki4LK24nL05ac6HBA3omiNiEf4eU40iCKKei+zHxMdadx0VTGbiRkPFBurtdnABY8H4+/CJU79 aAPpdk556UQfTYTs4raIfl2FgPfTW/YiM6xwqgZgorTRoxNnsnMzrmUsMETDoGRdCBK5Bqd2uIdhX9k9 fu96V02vNjVBHcT/Plmr81X/qF8nc+a6pmV+wK5I9eMwISOWVr67PApzzoeeYCOweuIDStE6NOMJ3cfE CX3ERYLGvKpEKvsXewKUwUtqAbBP0ti7jw8/kzRm3OXgpI+Qha7USoAXm20l/q0bhibdAR1x+H9+LuHf ronqu9VJBVO2XvHWw5lEkGxkfP+4FlPnyqU6UzWKy7mOpzH0/2gk1aShxuJ08cOrK6yec+CrLEgp5yJ0 UMd/oDTzjTMb7G2n6mscmQUTncqMWYLPql4nn7u0w+S2z6AnzADf47zaFcwFe2Mr7vqtJCJn6mCbclTM of0vYS2bhlNH2t9rstpA8uR2QTLQLuEOzY3Q84Rop1MrmuJ+mitglt0tbxJteBKeIJDAP2aF9wzrfZTa KMyOvReJByAu+rGOouPvfoPhUgROgo5XZbcOm7qa3CU24+bP24+pZC5pKMzayzoAC5dLlU6QmIbd1d4Y K3TVRjm+9CDBXCVg1VNWNA3S6FYdQTQxzgdRNn2IffmsFHmyL/GsiJbRu0BdJ0w2l2ghXjeDLrnYQnXc w40QJA/QNkCgqcL1Dyi6APr2kSCy2+s/sU4os9elgSNx2pjfsk9V+pnj6xZrjIYKogjRfwN2+4fiOhiC GYlOkmfzuoCY6kXVEIaxefE99arMPsqH1s4tz7Rf5pPdML9pEsbA0m2SZ/fVHIjPpZHBglpKZAAXYQvm fbgHAJJNOwucQHe/ar/4Q7PIiKdc1hamnc3yva0AzpDNxWAIiOZpOe8PbL40VfcYNH53QwjS/MdlT/4v YZ3VnR230btb9dWU3ZxfSlXnT2nGDNqZrnN+/8bi1pKL3d8kW2MTm1ZT04ee9T+M5+2mIxozCK638E1q fPp0m6K1V1W42/Jou7FKJTnqd3M2o6UYzqhOC318mn+36om8JaVaA6qBfwtzsxcA24UQrcwXuL1YjmCw c/3Lr6On5FdSZC89SAr8SEBdz4EHEVyh/QLQUv7+ZblO6T7MoGRvoubS6bYyKIjIPRbKJJpXPSMiD26G 5e6J9ICrnbrJaFqGbUTkgVmLQvipw5F4EBsSc03NcepFaTiwgGQaps23baTabRyks/UJXeswc5pttU1O X8fjr8pA2VVHBPSl91CF9na0TBXXJnO+2/PTfrDBlizK+EErm0QSr351ZKdVz7OPR64beL1km574MNvl 0AdvUYgXi9Dc5y6yUbvjPr2+8RsFNV4vVqx5sDN5iEBC+3hxVgYuBRHNAtOFwbr8LkibRUeuKUXb/e6F pmDkQNpSrrXet+h109oOm4l6g/6a0ErORo3e5n1Iuao654O9Hkd26Meqd02BjgCFBoRYHSXCDn/NhX6H
/Skeoj/QNCreVfueghNHPYBolsbMgcN1sCfiypGZiGAu8eafIf1jW12ET4oZxRSiKhjMV1S2ybnqb0TP 9UBkpuBhECpErk/lenOiIBjJCskfM/wyMoimMZIEtwdIZerGoFv7ip6uhmFvm0tLSfV3d8nIXCtUs2xb fTD00SQCX2W8fkpFRaIJpDxw73DJGHhsAhWvFJizgQ/nWrDK1Xh3UW+74D8Lix5HJdJH/clsTe/d6qT6 6slznkXDqn2WB1iWWU6ml3rmZj07C8Icz9HPFLeC8Wa0VDkEEvN/ICy5TiXr93+IKoUeTX2Bc9sDehdR Ou3y4v68rGNIlvXm1kqM+YZjruBDonry8cjDjNGV9n23ggOIqVbQyVWD+TgXk4GeUthXJEzhIiTqC5Wp 3XwA2m65gLls5e8V5hP76CDiHCV3yAHIt16R03SV1USTFGI9IuAt2FVVPFSmDQeD",
"userName":"username"
}

Process

When request is received by emCA service, we will decrypt the request JSON Object with same AES key that is shared to the client.
After successful decryption, request JSON object (Signed CSR data+Username+Password+ Profile Name+ Subscriber ID+ Application ID) is retrieved.
First emCA service will validate username and password and check if the IP Address used for request is registered with the same user.
If request is registered with the same user, then we check if the certificate is already created for requested applicationId or not.

If certificate is already created for the applicationId then return existing certificate.
If certificate is not created for applicationId then we create certificate using next step.

If it is same then signed CSR data (signature) is validated by checking whether CSR is signed by the same PFX file which is registered for the specific user.
If validation fails at any point in processing the request, the emCA service will throw error/failure message. (Refer error messages section)

Response Parameters

Parameter

Data Type

Description

response

String

Returns JSON Object

JSON Object Contains below parameters

Parameter

Data Type

Description

status

String

Returns Status of the request as success if CSR is signed by selected certificate profile and generates x509 certificate.

Returns status of the request as failure when authentication fails or unregistered user tries to call the API

result

String

Returns

In case of success: base 64 encoded x509 certificate data

In case of failure: Error message will be displayed.

subscriberId

String

Returns Subscriber Id

requestId

String

Return request ID when user is manually authorized and request accepted successfully. Otherwise it will return null.

Response JSON Format

Sample:
Success:
Response Body()
{
"status":"success",
"result":"base 64 encoded x509 certificate	data",
“subscriberId”:”XXX” "requestId": null, 
}


Response Body (Is Manual Authorization Enabled is checked from emCA )
{
"status": "Success",
"result": " your request proceded sucssusfully", "subscriberId": "XXXX",
"requestId": “XXXX”,
}
Failure:
{
"status":"failure", "result":"<Error message>" “subscriberId”:null "requestId": null,
}

Sample for base 64 encoded x509 certificate data

"    MIIDFjCCAf6gAwIBAgIDLcbYMA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNVBAMTE0NBIENlcnRpZmljYXRlIE
RlbW8wHhcNMTgxMTMwMTQyMzQxWhcNMTkxMTMwMTQyMzQxWjAeMRwwGgYDVQQDExNPdXRlciBDYSBDZXJp ZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA85ht/RjoUDj49ss8PXPEPuuhbdEc9v zSBA9JmNF6TFNHrfRFyXAY7lZ/9eaCDHCnVO7aJRu8Pav7/G2ATJskyZsZQce2QlkxJ14Ap4BfROqAGkAw uq0JPmDWH2Y3CgJ+eOwFz4E7/pyUiacUBTv+1OIGiZCKpfjd5KrZOvkouRP6SWCGFrkJfab/1Xlbetfp9A PQ/ZTiSWeUmJnV/KN+Z5OLpTqomhoFb7Esh4pjTJ5/sTqnswyVAinvANOHlOIgv//dZVvGWRSsIaRmrqZM SmEpNy5wxj2EG3cHgDQ/iEOB75SQYL8NXM7VtwQn9hpOmUlnYJrFoOkzIe+JfH6eBwIDAQABo10wWzAMBg NVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFG/1cyZ2p0wvCldUy6jV4Y2VIqLeMB0GA1UdDgQWBBR+ulEtG2vc
xAo+l/B2yJU8fU43FTALBgNVHQ8EBAMCBsAwDQYJKoZIhvcNAQELBQADggEBAJBroL1EqaxbgQxhMAvdzt PGcdTkSqb2PgZQM7Q8mi6HcQSJl3AmpVyqwW/K/4+CgTzcC+7qgMiTuMmdkbpUJioqiauVYgK5WANnyFo5 Wt3l2EP8Crx+YpchVPq17EPu+R6id5gUqJB/h9Z3m5HJK5O+PDgqyK/WSnvgl5EqjzBuwTq3JVkiYYs6Eo
XmgBTjWCGl61odjJYvyin6bLbbmAtz12A7fYlww6UyvDiwFX57bJE+rNQ+ZMr+CnQVG7HEQSR9WQFa3Qrs RuBNpRuKeh/IIGsDAjC2FBZOlS70rZ5KdhJiX5FiVMfhV3imGf0GjGh8V035gmDYnAyuxPp3aRI="

Error Messages

Error Message

Description

Invalid Certificate Profile

If the given certificate profile Name is invalid

Signature verification failed

If signature parameter (CSR) is not signed by the pfx shared by eMudhra

Please enter valid data

If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile.

PreviousAPI Methods NextAPI Method -createPKCS12

Last updated 7 months ago