API Method - createCustomCertificateById
Last updated
Last updated
Use the “createCustomCertificateById” method for creating the X509 certificate and p7B certificate based on the ID selection.
POST
Parameter
Presence
Data Type
Description
signature
M
String
CSR file has to be generated and signed with PFX shared by us.
Pass Signed CSR data i.e., PKCS#7 data.
userName
M
String
You need to pass username that is registered with emCA for API process.
password
M
String
You need to pass the password that is registered with emCA for API process.
profileID
M
String
Pass Certificate profile Id to be used to create x509Certificate and CreateP7BCertById.
subscriberId
M
String
Pass the Subscriber ID.
validity
O
String
Pass the validity in the form of (Days : Hours : Minutes : Seconds)
Days – 36135 (maximum days)
Hours - 23 (max hours)
Minutes - 59 (max minutes)
Seconds - 59 (max seconds)
to create certificate with the given validity.
validFrom
O
String
Pass the validityFrom in the form of (Days : Months : Years : Hours : Minutes : Second)
sANValues
M
String
Pass sANValues to be used to createx509Certificate and CreateP7BCertById. Example:
subjectDNOids
M
String
Pass subjectDNOids to be used to create x509Certificate and CreateP7BCertById.
Example: “2.5.4.3|Test~2.5.4.6|India~2.5.4.8|Delhi~2.5.4.7|te st~2.5.4.5|77686868687~2.5.4.10|Personal~1.2.84
0.113549.1.9.1|test@gmail.com~2.5.4.12|test”
isP7BRequest
M
String
Pass “true” for p7b Certificate and “false” for .cer Certificate.
applicationId
M
String
Pass application ID.
Parameter
Presence
Data Type
Description
requestData
M
String
All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by the emCA team.
Pass Encrypted JSON Object.
userName
M
String
You need to pass username that is registered with emCA for API process.
Key
Presence
Value
Description
Application / JSON
M
Content-Type
Type of request should be in JSON Format.
Authentication Key
M
emKey
emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).
When request is received by emCA service we will decrypt the request JSON Object with same AES key that is shared to the client.
After successful decryption, request JSON object (Signed CSR data+Username+Password+ Profile Id + Application ID + Subscriber ID + Validity + Valid From + isP7BRequest+ SubjectDNiods+ SAN Values) is retrieved.
First emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.
If request is registered with same user, then we check if the certificate is already created for requested applicationId or not.
if certificate is already created for applicationId then return existing certificate.
if certificate is not created for applicationId then we create certificate using next step.
If it is same then signed CSR data (signature) is validated by checking whether CSR is signed by the same PFX file which is registered for the specific user.
If validation fails at any point in processing the request, the emCA service will throw error/failure message. (Refer error messages section)
Parameter
Data Type
Description
response
String
Returns JSON Object
JSON Object Contains below parameters
Parameter
Data Type
Description
status
String
Returns Status of the request as success if CSR is signed by selected certificate profile id and generates x509 certificate.
Returns status of the request as failure if authentication fails or unregistered user tries to call the API
result
String
Returns
In case of success: base 64 encoded x509 certificate data
In case of failure: Error message will be displayed.
subscriberId
String
Returns Subscriber Id
requestId
String
This is used in another API where Is Manual Authorization Enabled is checked from emCA application. In this case one request ID will be generated that user has to provide to create certificate from another API
OR
This is used in another API where Is Manual Authorization Enabled is checked from emCA application. In this case one application ID will be passed by user while user requests for certificate creation through another API.
Error Message
Description
<profileId> profile does not exist
If the given certificate profile Id is invalid
Please enter valid data
If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile.
Signature verification failed
If signature parameter (CSR) is not signed by the pfx shared by eMudhra
Invalid validity
validity should be in proper format dd:hh:mm:ss e.g: 120:23:45:54
Invalid From Date
Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00
isP7BRequest
enter true for p7bCertificate and false for .cer certificate
8NSName=www.e xample.com|iPAddress=127.0.0.1|registeredID=2. 10.100.2.4.5"