API Method - createCertificateById and createcertificateP7BById
Purpose
Use the “createCertificateById” and “createCertificateP7BById” method for creating the X509 certificate and p7B certificate based on the ID selection.
Type of Method
POST
Request URL
http://www.example.com/emCAServices/rest/createCertificateById
http://www.example.com/emCAServices/rest/createCertificateP7BById
Request Input Parameters
Parameter | Presence | Data Type | Description |
userName | M |
String | You need to pass username that is registered with emCA for API process. |
password | M |
String | You need to pass the password that is registered with emCA for API process. |
ProfileID | M |
String | Pass Certificate profile name to be used to create x509Certificate. |
signature | M |
String | Pass the signed data in section 5 i.e., PKCS#7 data
Note: For these two APIs i.e., createCertificateById & createCertificateP7BById generate the signature (Sign data) by passing CSR.
For createPKCS12ById API generate the signature (Sign data) by passing CSR Information in below format.
“CN=Test123~SERIALNUMBER=04f85bdd24773b66e0bf16b0f59194c78855c7ffcb7c3cf40dce71ba4ff1e91~E=test987@test.com~O=eMudhra~OU=ESS~S=KARNATAKA~C=IN~PostalCode=570004~STREET= Bengaluru~ HOUSEIDENTIFIER=3-88~UID=test877~PSEUDONYM=test098~ PHONE=0123456789~TITLE=Mr~2.5.4.4=kumar~rfc822Name=arjun.kb@emudhra.com~dNSName=www.emudhra.com~dNSName=*.emudhra.com~iPAddress=10.80.106.78~iPAddress=10.80.106.79~registeredID=2.10.100.2.4.5~KeyAlogirthmAndSize=RSA-2048~Password=eMudhra@1” |
subscriberId | M |
String | Pass the Subscriber ID. |
validity | O |
String | Pass the validity in the form of (Days : Hours : Minutes : Seconds)
Days – 36135 (maximum days) Hours - 23 (max hours) Minutes - 59 (max minutes) Seconds - 59 (max seconds)
to create certificate with the given validity. |
applicationId | M |
String |
Pass application Id. |
validFrom | O | String | Pass the valid from parameter in the form of (dd:MM:yyyy HH:mm:ss) to create the certificate.
This parameter applies if the user certificate profile has ‘Support Customized Validity’. |
Sample JSON Object
Parameter | Presence | Data Type | Description |
requestData | M |
String |
All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by the emCA team.
Pass Encrypted JSON Object. |
userName | M |
String |
You need to pass username that is registered with emCA for API process. |
Header Details
Key | Presence | Value | Description |
Application / JSON | M | Content-Type | Type of request should be in JSON Format. |
Authentication Key | M | emKey | emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt). |
Sample Request Data
Process
When request is received by the emCA service, we will decrypt the request JSON Object with same AES key that is shared with the client.
After successful decryption, request JSON object (Signed CSR data + Username + Password + Profile Id + Application ID + Subscriber ID + Validity + Valid From) is retrieved.
First emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.
If request is registered with the same user, then we check if the certificate is already created for the requested applicationId or not.
If certificate is already created for applicationId then return existing certificate.
If certificate is not created for applicationId then we create certificate using the next step.
If it is same then signed CSR data (signature) is validated by checking whether CSR is signed by same PFX file which is registered for the specific user.
If validation fails at any point in processing the request, the emCA service will throw error/failure message. (Refer error messages section)
Response Parameters
Parameter | Data Type | Description |
response |
String |
Returns JSON Object |
JSON Object Contains below parameters
Parameter | Data Type | Description |
status | Strin | Returns Status of the request as success if CSR is signed by selected certificate profile id and generates x509 certificate. Returns status of the request as failure when authentication fails or unregistered user tries to call the API |
result | String | Returns In case of success: base 64 encoded x509 certificate data In case of failure: Error message will be displayed |
subscriberId | String | Returns Subscriber Id |
requestId | String | This is used in another API where Is Manual Authorization Enabled is checked from emCA application. In this case one request ID will be generated that user has to provide to create certificate from another API OR This is used in another API where Is Manual Authorization Enabled is checked from emCA application. In this case one application ID will be passed by user while user request for certificate creation through another API. |
Response JSON Format
Sample for Base64 encoded x509 certificate data
Error Messages
Error Message | Description |
profile does not exist | If the given certificate profile Id is invalid |
Signature verification failed | If signature parameter (CSR) is not signed by the pfx shared by eMudhra |
Please enter valid data | If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile. |
Invalid validity | validity should be in proper format dd:hh:mm:ss e.g: 120:23:45:54 |
Invalid From Date | Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00 |
Last updated