API Method - createCertificateById and createcertificateP7BById

Purpose

Use the “createCertificateById” and “createCertificateP7BById” method for creating the X509 certificate and p7B certificate based on the ID selection.

Type of Method

POST

Request URL

http://www.example.com/emCAServices/rest/createCertificateById

http://www.example.com/emCAServices/rest/createCertificateP7BById

Request Input Parameters

Parameter

Presence

Data Type

Description

userName

M

String

You need to pass username that is registered with emCA for API process.

password

M

String

You need to pass the password that is registered with emCA for API process.

ProfileID

M

String

Pass Certificate profile name to be used to create x509Certificate.

signature

M

String

Pass the signed data in section 5 i.e., PKCS#7 data

Note:

For these two APIs i.e., createCertificateById & createCertificateP7BById generate the signature (Sign data) by passing CSR.

For createPKCS12ById API generate the signature (Sign data) by passing CSR Information in below format.

“CN=Test123~SERIALNUMBER=04f85bdd24773b66e0bf16b0f59194c78855c7ffcb7c3cf40dce71ba4ff1e91~E=test987@test.com~O=eMudhra~OU=ESS~S=KARNATAKA~C=IN~PostalCode=570004~STREET= Bengaluru~ HOUSEIDENTIFIER=3-88~UID=test877~PSEUDONYM=test098~ PHONE=0123456789~TITLE=Mr~2.5.4.4=kumar~rfc822Name=arjun.kb@emudhra.com~dNSName=www.emudhra.com~dNSName=*.emudhra.com~iPAddress=10.80.106.78~iPAddress=10.80.106.79~registeredID=2.10.100.2.4.5~KeyAlogirthmAndSize=RSA-2048~Password=eMudhra@1”

subscriberId

M

String

Pass the Subscriber ID.

validity

O

String

Pass the validity in the form of (Days : Hours : Minutes : Seconds)

Days – 36135 (maximum days)

Hours - 23 (max hours)

Minutes - 59 (max minutes)

Seconds - 59 (max seconds)

to create certificate with the given validity.

applicationId

M

String

Pass application Id.

validFrom

O

String

Pass the valid from parameter in the form of (dd:MM:yyyy HH:mm:ss)

to create the certificate.

This parameter applies if the user certificate profile has ‘Support Customized Validity’.

Sample JSON Object

Parameter

Presence

Data Type

Description

requestData

M

String

All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by the emCA team.

Pass Encrypted JSON Object.

userName

M

String

You need to pass username that is registered with emCA for API process.

Header Details

Key

Presence

Value

Description

Application / JSON

M

Content-Type

Type of request should be in JSON Format.

Authentication Key

M

emKey

emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).

Sample Request Data

Header:
 
Request Body:


Content-Type : application/json
emKey                    : 47b54594063957de22fce0aeddd51a6adf4a80aa
 
 
{


"requestData":" "requestData" : "E7utLpuJ0Xy9WK0IdHXjLjmtb7yr1DBCgoevpUPvVK4+3//WS1SPpdyszTZzDZrDUr4YpE7TefGO0ZJ NouHck6+kQ6oQGmvGLzv5qxzCmnNAyO6dGH82OwnZqxOViPf9iDHnLwFLX3ZpFdQkQaGrnQYkmfc1akm
/xxQvnLaWcaVXKBV29O5zGt8bTPmHvXd+1QLesyjuk/sjd9X2l4cmjr9P6gq1gtC0Sow3U/SNpXk3jAr J/sD/yQ8wh3aF7rOxP0DgEnK8QGW2/FdvCSla4XdtTq16WiSybr2lWDOHeomQBWSMN5M0f82CZIuF33R H5kjK06LBz5VyL13QdI7GW/HopMpjSUgNWv3HqNqaMdY+8VS8yx9AW9zQ0KgM5gonyWFlIq6z6gmvDbS dGNhWj9gG5NFN38F/pTFusm3rFaaJl5WY/8dQpvkz71kMME92EwnhK+K5EY9QcPKLWPLErWOrRaN1klc Tu9Uni4MnQOCbAik98XObvOntVN7H7lJmuJrSlHgz+eN2oT2y8fFZJPcjQAc+JfiE4KI6M6DnSB+5byI mgEOfUkqogkFg/v2QYyvq2RHRP4tPFBMbziGoBqtsLwjPPybQAi5pAligOckb5wtELfnR9Qv9uKriPIQ iXEufP/NWjhW58fil7bC/yf1rMKQJid6QNj8O8Wl2oU1qJaHg3Tqbm53UxJPLchUOTd4UAFGVxvNkQLg z1oRjZyp3x4NtAyZwGbFFg1gC/enFaSdcjyZ3UmLpIbpcF9ONXJOeUmZnKyBmwVoAAmlc/8/9r5Gz5ze
+ZgK0PbPO1wfqFD6W7tvUzA0uGUwO35txC3KW9FQ1P7xq673mIM8zZe4M/f/ejkU+ynTStLzpxXxOD22 j/aCxw1CCrtWmcswGqpnk6MHqjr7W+meGY0R8ufYCa8y7fbCkhbD1b/Bmv/mH3+bJvBZC1JncdXVoBNb 0EHvhjAhbjbmswo416dK7pCwVVEXNw5xKgxYXSGYFkRH5Y0NG48gSUCrVWd44ulLeyClCAULSIzqZFAB R3vLefMy9X/jANT5+LAF04LKrEGM9de2/ioU/I203g8jqYKBDOnmOKlMLzllsflMLSzvHIoycLCGdYc+ BAfI/5gs4pLmB26fWSZNeut5vUNVK2avL91YIvdkYlot5G31aRavTUSeCUQImjUdeYi40N7ek4rz6XWp oB0SFH+w6XHb/iPeuPt2M2uwKe9pQyRTjZccXcOVCFNZqZzerDJgjYjHfgXsZduQJJIQ8mgKHECg5VE+ dvGqA7Q632Vyw4dk+juAu4bu+Xpa4SrkHyTMdHnKGHjbMqo5ti4oYFgb367isclft17qRTRhE/LjrySv xaGd9rv+TT+a7WuiTZRG3bSdMIP6ENUEq5qOp63AxT+eGoolEOEj3mc8mf3l49fUsCYvPHtkir4e9a2f 0Eyv78umlZ8rku0p7qh6TH4IdTU9VbNR8Pz/BT4wN/0kCmfM+ZH0TB/0xvPg4cIXKfMvWLi+WydZizKg gV1uZ32abQAxCEu6zqaB/wWehxE6LAC5ag9Fz/K57W9g2ZwP1j2pIgxkR1/7PZziBLA7MwPw8XSjua2w 3e0uQBKYw/yqZuW9HXeEfl0dm8e04vPXY/+vDQogL+ivNpxD29yvxHueXCrnstFQZ16JswP0HgvDbP+1


nrRwMImc2sbe+21MvIPuwU8zkJroLHZw3+E0xvlwbn9WJ7Tt5Co3j1V3OEhMunLAtdR05rTDYp1ay/1F s5ugDUIJjueGHTTNQ0BqqnYh3KZYRP5FZ3oBhPztUSV6SPLq6VhDNo72kwpBr9vssKN7yKY8O/DO68+9
/FW8pdt1v7qYQlG75iCKEuAn7iocCXO0c9VnRbQS9lYxFlolZW2LxZKA5s57AhSkRgCgS4r8wbs3cMhu 1G/FMgrpBvnMzNdUmaPjjo5Yo+4iCzY9s4bhlguU+adkxtPzHbDFqAYfF0WLBLoVv7kEOMpPtKjhH2cS Vbsge9vD69rwzhpdvPyeyNwFwwlFWCKdv38DFXwn+yvZQ1XQ/7OtWN/Mfv43UCvxHqCv9d0X2G1wQbT9 bxi24h1cwPRzvkliMCojinQsPahhKCHmLb5l3Nyi/8NCFVPPUJNdtteMvbn3VSmEjBmYef9iExxsTJBX jCswFxmrRP/Va0uUr9m8BGrBqFEnneDkkIVbk/enoIqpGZ8uk2bfUNf1Upq7vFCWII0APP+Wht8dbZjI MnCIucx3sGWnwcmBXXGFD4/GX7UatLSH6wMS8u3/6CzxcMvyAx/uwDzIGjpNEfQqFZLkI4/XyKZ0ugPc Lie7mQj+Gyw8ad1XLPSXka1lWMzVeMFIE9Kd4fVnHEWV3fTQW+hAX7T5QufOb8wJ7uxY9zXkjdV1y6hy 6NyA56Ily6HuWAs2GvHUf3NVAnY4fSQQCq2OaidlvZR0FHQJZc44F6bWuUqC2mvKigADm54nlA6MZM/L eJTJZvPgHsQkYZoEAe2YO1cS2lJ5h54n3nmYpLBCehwLzqE3z5/AELqKMabyMYYxNkg5EPLF/UAci+/2 CcFoG8YawgJg++pibaVY1dzkuJ1/QE+hRtfv3sJqajo5RZpzFWstmJ09HqHzv0bL7mXAhIPNcQtOKejI
/8BK/yRCl8+HrBOuUZG2VpPhe6pWBJe61+JEKz932kAv1jJc6iRqw4+3GJzUUbr8UlmMUif1RMMob7qV BD0fLnZSrwIR8Dd1KlgyhdXrcUieeo9z40kWsbFUXkL2hnYWFcPWtRSnTmYrhKHjOM77qXnrOUYbAwbW G7sX7ccPqGYG+5NHU8A5JSJ1sN+8EzeNSnmdinvo6SAfQUhJ6SYPw8BH2zKAhvgH4XZOQUkbWnlXpDc+ xC3rhCTmXgwe9akLL71uN002tC3+2YW2FYFupKZdtIQR2S0rmS2zk7PEaDSSjnJnaytcF969cDYldXlj EL28oS2W9cxD7ZGDuEZCs5/vb05NGEV6CRi4avj8qOuH/pgWPofru+e+P1/v0Dy5H0fZRoABMbJ0Vfl0 q1onDY1JXYxV+SGHsnZLTNwgR71QWY+d/HM6xw//kS/tsvjpjAVCo5KvqIuijTqP9H7jokMStik8JPFf XAOIWroajHGVmePm1eZNXvcBgHBuuQ6iLkqGbD0VRIo4mClIymQ/5uamdAxGBmR5LLdraEat9gjQ6jp4 bJLzLA3EZCgZGv0oG62dfYb5zzQFKJ+xMYEGEB5cJAVJERaVcA/T19dPr55McJ+mLvj5Bf7wrLG8VKk4 2IGmeCoO4g4yjh37lxdEjV2VmFA0Mk8bicei2omPoaBu5kdCWettf/8xe0GhtOXqTg9FBPB0BZdT5Zxn qO5ZTAHWDqECywqoJrGWC9jHTscYb7x+Pf7hnVFa36SmiY7uVdBo3r6usDkQwOGqBkHyLAAPtubNNQ6O 2OmcqSB3hQo9/5spFRbcJUKdi1926garxNQrbgu27hxCm7XD0NYkqAPgCBGsCn13qPcv0Y/bk0DZhu4M QEbydAWhe+fnW4IRnm9cs+5jMaaBMFe9X0wv1MSZkrtzDLGnHiA+B3Nl8ZNqdCDeNHBfO6mkLUmnCO1F eKtRKICkjeD0c9RGQLiJyhGMHEvc2FajnA17emACARqvvQAs6oKvTIHW5UU+TVawgQ/2CAOIstazD6pg nH22iICuROB3E/tJnmKMNcR4TJxAP/ueF",
"userName":"username"
}

Process

  • When request is received by the emCA service, we will decrypt the request JSON Object with same AES key that is shared with the client.

  • After successful decryption, request JSON object (Signed CSR data + Username + Password + Profile Id + Application ID + Subscriber ID + Validity + Valid From) is retrieved.

  • First emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.

  • If request is registered with the same user, then we check if the certificate is already created for the requested applicationId or not.

  1. If certificate is already created for applicationId then return existing certificate.

  2. If certificate is not created for applicationId then we create certificate using the next step.

  • If it is same then signed CSR data (signature) is validated by checking whether CSR is signed by same PFX file which is registered for the specific user.

  • If validation fails at any point in processing the request, the emCA service will throw error/failure message. (Refer error messages section)

Response Parameters

Parameter

Data Type

Description

response

String

Returns JSON Object

JSON Object Contains below parameters

Parameter

Data Type

Description

status

Strin

Returns Status of the request as success if CSR is signed by selected certificate profile id and generates x509 certificate.

Returns status of the request as failure when authentication fails or unregistered user tries to call the API

result

String

Returns

In case of success: base 64 encoded x509 certificate data

In case of failure: Error message will be displayed

subscriberId

String

Returns Subscriber Id

requestId

String

This is used in another API where Is Manual Authorization Enabled is checked from emCA application. In this case one request ID will be generated that user has to provide to create certificate from another API

OR

This is used in another API where Is Manual Authorization Enabled is checked from emCA application. In this case one application ID will be passed by user while user request for certificate creation through another API.

Response JSON Format

Sample:
Success:
Response Body()
{
"status":"success",
"result":"base 64 encoded x509 certificate	data",
“subscriberId”:”XXX” "requestId": null 
}
Response Body (Is Manual Authorization Enabled is checked from emCA )
{
"status": "Success",
"result": " your request proceded sucssusfully", "subscriberId": "XXXX",
"requestId": “XXXX” 
}
Failure:
{
"status":"failure", "result":"<Error message>" “subscriberId”:null "requestId": null
}

Sample for Base64 encoded x509 certificate data

"MIIHCwYJKoZIhvcNAQcCoIIG/DCCBvgCAQExADALBgkqhkiG9w0BBwGgggbgMIIB+DCCAWGgAwIBAgIRAMXqvbqIkM14Ii3WJq25AFswDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UEAxMQUm9vdCBDZXJ0aWZpY2F0ZTAe
Fw0xOTEwMTcwODMxMzdaFw0yMDEwMTYwODMxMzdaMBsxGTAXBgNVBAMTEFJvb3QgQ2VydGlmaWNhdGUwgZ 8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAEsaioS62rcpQdrH8BkUq/bsolxNXGvWWubGk/DbR1WxAT WA0z59klKbmFYIF96jfEQBAPIo/yzWcE+aFDIRvA7Myv3luHUygID7XglxhKSGXJh+aKdqT1dIVxQbVUKB a8wHPhWCOT0peyfvHBmJhOMRya72fLQpGzBBpvata7AgMBAAGjPDA6MAwGA1UdEwQFMAMBAf8wCwYDVR0P BAQDAgGGMB0GA1UdDgQWBBQl5oIKM70kfhb1S2Ax9PllaXA6nDANBgkqhkiG9w0BAQsFAAOBgQCb7Eww4x bwejNc1jWkQLLjqv7d0l20UbSRgx7zmBS6RSCBEOjjDpfEABxoqZFGEtNKcGPD5Mb2TUvxvPHZ43f9YDHr 2p2mFPLTujksnfxiYUz3/Ri5oimiRuq/ZofBk2OOjWZBSJA4xtkQetkcebCAZQMHTyDx3KiZTk8V6SgyCz CCAkEwggEpoAMCAQICEQDwZoddkxrT3xRaOVr0nyA7MA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNVBAMTDkNB IENlcnRpZmljYXRlMB4XDTE5MTAxNzE0MjUzMVoXDTIwMTAxNzE1MjYzMVowDjEMMAoGA1UEAxMDQ1NSMF
kwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAgokWLXUb2DneBpQ481Oq6HeoWDJ8mvmtfgK9n4/c6sj8YB1 JKzzVaZm+WOvN3K4mOjhx3TN+ugVwmdSeaUhv6NaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHwYDVR 0jBBgwFoAUnLzcLQkzbcxUG+xkOleUAaDzbc8wHQYDVR0OBBYEFC+hnr5YkQaRLDCRYbwKLjVhLTtuMA0G CSqGSIb3DQEBCwUAA4IBAQAgeWLCXtCTcw76HhgkYoBb57Ec+qSIuj9HzQzHxhm1WegvdRGXGuOWU7BBBJ v15Kp02bCqesns6Wd6C1ye//ctUiOGByvpLb5PVEKVLw/yUEOVYrYxTF5ZrVKNYaRv+BBIcJG5GgsSMzHS d+kZ0Q6uQ9BE8AuJhJ90k/QrnJIXC2DNe71K1X5JIUc6HnZE54djSI/LDg/e7KXiY4oGhNQpn91DSGwGmx VWM0DTwpepHrgCHXic8E1leyz6yEH9+wLKy+bWRX5/38smBDVBCSCfvxgoXGtIDzfNzezp6aqWQCUsGrTZ lCaLuiTviA9gPRcPHB7JoLPII5o+Mpv94ndkMIICmzCCAgSgAwIBAgIRAN4bMCUOfRJDHbNXnOWob6EwDQ YJKoZIhvcNAQELBQAwGzEZMBcGA1UEAxMQUm9vdCBDZXJ0aWZpY2F0ZTAeFw0xOTEwMTcwODM0MThaFw0y MDA4MTIwODM0MThaMBkxFzAVBgNVBAMTDkNBIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ
8AMIIBCgKCAQEAtjo2hy1C4v1ij49tYY5QF/OK1YdFAQ4lTZzdqMNsLX2zEoqSvsiYogn7elC/vWlfp13q 6cpIWWpMLx26UD+aClaSfl3D9X5fpGL/BjWriszYWhI9yW5PsLAY//W0X4CSkUfoKEX24Ntk+BF/8zpUvV KEBYCznPEZG2NcLEakB7zCfZQuwLmcYQ16oEhC1WasDcGMMAdSyiy8Fd0SjoSV+/cI5jDM81yJMpp+Gdhw LQsGfcfJLHg7boGR/L9r/YMP0D2LR1FdF7PGbtGhvP7xabxbRaJsrlwieqi/FqVAWagMEJTzowBMpj0YIk A4x+z7qBc2M/S4n04t1L7xc3RQxQIDAQABo10wWzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBhjAfBgNV
HSMEGDAWgBQl5oIKM70kfhb1S2Ax9PllaXA6nDAdBgNVHQ4EFgQUnLzcLQkzbcxUG+xkOleUAaDzbc8wDQ YJKoZIhvcNAQELBQADgYEAm/v5DdSGGLaALG5S7sQj0ycxIZ1UyKMzdk+UEofD3b9A4FXFKi4u/8VkEwo+ qSvSKt6FPWWnH7QzcTdXJUiTP5vMcyPnGjpGh58gBI9PMvPn3+A+mn27s6b8lLXJlR0P+qWHvcWXw7oRYk pTtsBLPWWe1fLHa6KIf85CoD/Ikb8xAA== "

Error Messages

Error Message

Description

profile does not exist

If the given certificate profile Id is invalid

Signature verification failed

If signature parameter (CSR) is not signed by the pfx shared by eMudhra

Please enter valid data

If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile.

Invalid validity

validity should be in proper format dd:hh:mm:ss e.g: 120:23:45:54

Invalid From Date

Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00

PreviousAPI Method - verifySignatureNextAPI Method - createPKCS12ById

Last updated