API Method - createCustomCertificateById

Purpose

Use the “createCustomCertificateById” method for creating the X509 certificate and p7B certificate based on the ID selection.

Type of Method

POST

Request URL

http://www.example.com/emCAServices/rest/createCustomerCertificateById

Request Input Parameters

Parameter

Presence

Data Type

Description

signature

String

CSR file has to be generated and signed with PFX shared by us.

Pass Signed CSR data i.e., PKCS#7 data.

userName

String

You need to pass username that is registered with emCA for API process.

password

String

You need to pass the password that is registered with emCA for API process.

profileID

String

Pass Certificate profile Id to be used to create x509Certificate and CreateP7BCertById.

subscriberId

String

Pass the Subscriber ID.

validity

String

Pass the validity in the form of (Days : Hours : Minutes : Seconds)

Days – 36135 (maximum days)

Hours - 23 (max hours)

Minutes - 59 (max minutes)

Seconds - 59 (max seconds)

to create certificate with the given validity.

validFrom

String

Pass the validityFrom in the form of (Days : Months : Years : Hours : Minutes : Second)

sANValues

String

Pass sANValues to be used to createx509Certificate and CreateP7BCertById. Example:

"rfc822Name=test@gmail.com|dNSName=www.e xample.com|iPAddress=127.0.0.1|registeredID=2. 10.100.2.4.5"

subjectDNOids

String

Pass subjectDNOids to be used to create x509Certificate and CreateP7BCertById.

0.113549.1.9.1|test@gmail.com~2.5.4.12|test”

isP7BRequest

String

Pass “true” for p7b Certificate and “false” for .cer Certificate.

applicationId

String

Pass application ID.

Sample JSON Object

requestData	
	{
  "csrData": "MIHbMIGBAgEAMA4xDDAKBgNVBAMTA0NTUjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAIKJFi11G9g53gaUOPNTquh3qFgyfJr5rX4CvZ+P3OrI/GAdSSs81WmZvljrzdyuJjo4cd0zfroFcJnUnmlIb+gETAPBgkqhkiG9w0BCQ4xAjAAMAoGCCqGSM49BAMCA0kAMEYCIQCDSGcQ7SWenQ2DrYGZOeMQFN9ezd3kZWgZoWYskerWGQIhAMu2UJeZe/Is21mmq3uGEHFyVJYG+ToAeMBHNWtjjZXu",
  "isP7BRequest": "true",
  "profileID": "3",
  "sANValues": "rfc822Name=arjun.kb@emudhra.com|dNSName=www.emudhra.com|iPAddress=10.80.106.78|registeredID=2.10.100.2.4.5",
  "subjectDNOids": "2.5.4.3|abhishek~2.5.4.4|kumar~2.5.4.5|DHYVK6543F~2.5.4.6|IN~2.5.4.8|KA,2.5.4.10|emudhra~2.5.4.11|ESS",
  "subscriberId": "2132131",
  "validFrom": "12:11:2020 12:23:45",
  "validity": "365:12:45:45"
" applicationId ": "23123123"
“isSignedData”  : “true/false”
}

Parameter

Presence

Data Type

Description

requestData

String

All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by the emCA team.

Pass Encrypted JSON Object.

userName

String

You need to pass username that is registered with emCA for API process.

Header Details

Key

Presence

Value

Description

Application / JSON

Content-Type

Type of request should be in JSON Format.

Authentication Key

emKey

emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).

Sample Request Data

Header: 
              Content-Type : application/json
Request Body:	
                        {
"requestData" : "yg3WSoOKkUHHfqMYb3aB+rF4+UjSvkp04Wx5i8TIxnFkwy13yGaeIqNz1FuqcXW684dSymXudK2SJK/AuV6p/jNwtjtbVIRT+98y/8+GC3GvbFVF7oPGtbhF54nLdkBQyt1ntdSmpUies/y4RdG++kEPubkNGGGdb6gezlHU5JuNwvUljhmAtzXhYlP+2tJ3ZexxQju30IkQ6+c7XmcWbG3Whu8Ky26WF/IQ12maEsnoWI7T0t3zzH0kyIgo96IYye8MXbcF1LiYoBDLkSurDQPm9pdHR8kF4stwK5OgM3+x6Jt0sX/UbrMZA1SzfAmFTDRr6L7OFVwn9b8UTQMJA3Chk8hG2XI2QG7dqPkdHK2vTGqjKve4Hxegr0kIizJAt60DhaH9dD2D7wLeGR59snGhpo8QzOJHWhvgA5HuHTR7HF3qQ7KphYBol3v8IIKKBiNXC8GNyGtqJIUy3FxlQFPBgtdAcOr9y0Ors/tuatnhQCODYJ7ixQHlwWUcIFNqTp+TQvKlWRn3KXbYVrWsc0VzdNLdbf/BC9cKMfuaJcIMVdlN66FbLfNi2TtQXbyr4u+e86x0Vgy7NLYnK5nKreyUseiz9WBSZxM0S8m7rUNdYuh7dIs11Jab8AAYeCwMXWJnQliRp2wrESA24C6hia5qj34NmDEW5LLz9dxmbZ/ywie/c+gWDEer7MLAujFTZQJ8ouyiJ1Qr5muHgE9G3EsCFYvrDjxKJxvxMPm0Qi0JJT5yw0c+hWhGb+MAwslCLc5YyflR6wmK6qNV9gedD7fawPl1qgqqJTz+M1J2Egz6qYSXVWdr8GCbqoMxkxUWQkceMFkBhpTSF5pn5eDPUJ+Ly1RSqCouGgpA7qOGRDRK5TLxqQlfD9TCbV5X+Q1TygvuhuWLF5GEwFrQD01Pj6OdJZ+XdWCpL/vpEMcTX+MKo3VrCAu7R1K13wbjiqNKYI60PXxqXA+Cv+rE5zZB4Tj6OLquws9TE160MFmq4u0ET3V0O1HIFk1TrhMbeWzr4JrxhkWDti4AAbbKgXcUkh90SqlypybH9uSftxjaw6/OnMeKuayAMrCFi9C+yeRoA5d+xp1GMXA4bXSXQ4SBIOon4gf3KgjKGf3GHogbEPGkdtS9PMF8EYcfOtNs7eHztbz8RPbdnS7+4U8OsEj5YbWFXF97MqLZw9YyJP+CSs19cL4j2HSxCo0404dY07ZUdU3Kjua60JtqGFeJoZVwAWSa4CIeEhumsskY8YK9+1nTev1ynPmNYL3owrNOOPrJlOvZu5X9A69xz603LaeI2mUIMT/EPK98ViuLxET/KigWxfZJu638GPeSah0RdbMJjB/B6oUoB1Fd0zftytImyIIRmr7P/3XSTq2kS3rOJ9edHloFu8PmYGwfJu6wk/aQGQxvcS51wbnXexUSTWxo1EzgrUSwc10gxMRbIt28QlqeLNePTKqmDXzA7NvJDyJ7OPRprdLaTGdAyKPlDBIgWMODCqvkDIqayRRpls1XfvF1CJJyMHzL49ffYRa90B2TG3YVSCOkn+V77JYpND47xByXs8ybO1J6VGiDN/GvsEvI/HL90BkFXKtOfrygSrPILJ9ve1R1FrvTTg1sEyT2neIePXUPFXT6VtFyoA63uQgzGgVZut5r8yerrMHcjY4pukYIvbtBN94gvVhR3zCM9959ADzlx6gNw6Gk5ULLG8zICvxxotD8yPEG2vZ920GUysyyLkhy7eVGfs28iRMLrBv15FiSIW9VvB3IxUOCKn1CEQXU3abGge85bs0sAQl+I5lRNQCdaaATdltFdw9xQ4m+BNZsgGOB1kcBnD6Nxcsaeyat3f0200DyLLGAnzgmj77F+pLDJaZCnu2TjwumcNpEBOataNbaia/HVFBOyCDebgYsEqaTQpXlyUtFHPK/NyaRdjgF08p8Sg1BoYI8bcuKiYdilh6C66xHkI/znXIj1NEiPgiWFcv6usjifiQpXjPZ7TPh9lxAgA2TDMNBjcuZN40oIbyX7Z22aqlM317jP3LeH3igBngUsESTiKeU6oC9uAoa1B1Vo5M6DobOW0Sku3S7oXzZPc89fbL1fRn9LDu05N/EWf/dp0TB99lBYKUFDTWT/JNuJgHYLSExDGB73QKybr8IA1uSVgW55NwD8s6DJ2rpCGu8UiGXLf6t2x+tdXzhG8kPFyNRjMbT+v8DnQMtcBCXZOfNqaYqW1TohA6K0/PBc+8y+0RlHuyMZXKqO58TUp2vZVrXl6UMdslcNHkGSUC7mn0cwcupxrPuLWtgdiDMaU78z75hSdI+bjDuELDrbYJ20pBi1rzTa8e56HfuQ+HEMyfhF7J3BCcgZ1MKKTb5JHssLqn3MDzuS96mX7flEqOhObLRFDk3GGahuF7fTyIhOuxEb/jX5x8BKvt6/fLqc6i3h0LsrMp3NdoAKGn8qQMuDqtVHkyOVJdFB7imQR+D52YbvWhWtsg1icQ8bGMdmtsLuB3xHpHZa0rfZ783DLoDtQRWo85m3PYXXP9y8p3sYBTyZGrcRdFLCm9q4wSFDpm6Glj7QphhvvxmOywUD1K4x4dnVTy+fshyZGAwrK58QRzHMXHVVvU62cawftL/XK7RsaQt6YyVVkzCBu2evBmQAUJQWhG1OetwLH/+jo9zpvZs4p8nrUJzAnv5XiT66XOOAvZuGEs6VGQ4xewGLDwxfsdCrCrD4XP8LBsWXkK+9m+oqKczanmL8X5weMpPbwLTPmJJHA5OmWkT3WA9XWr8q8S3l9OwgcdDpszLeVaDLTAFWJJahkiWfemIjTaYjTCMvKKiN7ZU6MBRL3QKCYYnrSArxQR81C5ACa451bLik8EvU5yrE3B8vZE/biswpDQKJzfRNXBUC73hRm2zq44etI0ZOvlzEux/I3wzLZ2A4xUeiSguY8osLJTbh5mMR5MZrFzlzVx/7XnmqABwQGS364sddgMWZ600cO722SF6575bFSneXHFfr04+fCsCgEdT3X0m4C8DbCf1aGqmB74cgFuLrLa95GdRaD6uXn+GcsUNsJY0elxvhmOXfurIhmUOxAwmUlTLk1Bav0UYVNHn+jZdXvdrHvbQ+zqkkD3NmxgUe0M8rCgTxHXhjfJgoRfitHxUh52mokl3plFRpik+RG1RNUZsfjAxwXSuwhyQ0Pn9pd76FBnQI7rxuKIJZL9+fYHv7WvQLUrC0aHytTK6TKQZbnLa0MkuirpP8GvGwsbC37ONs72q7rRFdzssVG+qiYMVXJfQeXYMJE6l3vtNZQd1/hQO5Hsb9Ew1P5md2+uNB1AQX9FPFZWfM8NVvaooWhCXnBRzeNrWYtAPobVpUwcoXKMwP/xKaFj55O7oJbZLkrzPnL+blh4ddOFrs7Fmf18pNmvxVkNKSaB62qDCiagYhBBY+bf2Mo0um/t45qc0G9nthQwwwSBrb4Lt52C/XD/WCavdxWI83RO5845mYaHe8PE/xJn8ij3xYCzY8MFg0zFbKb4RsXCmC0svqiUB1gkHqJSNHB02AzTl8xekfZGRAq9/5ULJu1PWO9d/R3zcItDUxWnhCwZAdJAaDOTZefQd92OIGkA6p/LjJOKUPkCGf2/1HjsBpqDJzXab+ym15bowVae41s/B5LG1ilpupvb9A04OOE/DdbrP6uc0AxcEZHxNqYkkjTdcrLw5LyB7/6NE8bKJqQ0AdXGNPZCBIqp3BUNtkMLBVTtGzPSYkzzz4FuhZ+DpDwk0NodWAqXgwD3v0qkj0x5UjrCPWSGhYrDAI94loyk4XpW/GZAM6f7SOVWJLwY+DYliq+d2uA/kOJuo9AUn10DLg/QwycN4SbtSgljAbCnddWAlY2YfJBH+y72e88Iy/dg3jGfUzT7B05LuS2V0gA2n50eu/bSdxaa+ZSUu2kVyZFF9mKjwt9I0IRS6yr66ZFqXAisiSgVFLvOjxEme1oCS7ki1X6oNjrHBrFM5B6ot+O2eb93VdBp+ivW/KHLHM7ZaFrk1kjvKyatn/VHtnEQU+WofD/OgwkiGH/+nLg7fa6mew46jGaJ9z5HeA5ZF4BhQuUmVgsh5KR32VLy/3K0rqV28qV1q8E8r7SyZl6KGJWK6xhFY8LO7CocrQA=="	
		}

Process

When request is received by emCA service we will decrypt the request JSON Object with same AES key that is shared to the client.
After successful decryption, request JSON object (Signed CSR data+Username+Password+ Profile Id + Application ID + Subscriber ID + Validity + Valid From + isP7BRequest+ SubjectDNiods+ SAN Values) is retrieved.
First emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.
If request is registered with same user, then we check if the certificate is already created for requested applicationId or not.

if certificate is already created for applicationId then return existing certificate.
if certificate is not created for applicationId then we create certificate using next step.

If it is same then signed CSR data (signature) is validated by checking whether CSR is signed by the same PFX file which is registered for the specific user.
If validation fails at any point in processing the request, the emCA service will throw error/failure message. (Refer error messages section)

Response Parameters

Parameter

Data Type

Description

response

String

Returns JSON Object

JSON Object Contains below parameters

Parameter

Data Type

Description

status

String

Returns Status of the request as success if CSR is signed by selected certificate profile id and generates x509 certificate.

Returns status of the request as failure if authentication fails or unregistered user tries to call the API

result

String

Returns

In case of success: base 64 encoded x509 certificate data

In case of failure: Error message will be displayed.

subscriberId

String

Returns Subscriber Id

requestId

String

This is used in another API where Is Manual Authorization Enabled is checked from emCA application. In this case one request ID will be generated that user has to provide to create certificate from another API

This is used in another API where Is Manual Authorization Enabled is checked from emCA application. In this case one application ID will be passed by user while user requests for certificate creation through another API.

Response JSON Format

      Sample:
Success:
      Response Body(Is Manual Authorization Enabled is “not“ checked from emCA)
     {
      "status":"success",
      "result":"base 64 encoded x509 certificate  data",
      “subscriberId”:”XXX”
      "requestId": null,
      “aliasname”:null
     }	


Response Body (Is Manual Authorization Enabled is checked from emCA )
{
  "status": "Success",
  "result": " request accepted successfully ",
  "subscriberId": "XXXX",
  "requestId": “XXXX”,
   “aliasname”:null
}	
      Failure: 
    {
    "status":"failure",
    "result":"<Error message>"
    “subscriberId”:null
    "requestId": null,
   “aliasname”:null
     }

Sample for base 64 encoded x509 certificate data

" MIIHCwYJKoZIhvcNAQcCoIIG/DCCBvgCAQExADALBgkqhkiG9w0BBwGgggbgMIIB+DCCAWGgAwIBAgIRAMXqvbqIkM14Ii3WJq25AFswDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UEAxMQUm9vdCBDZXJ0aWZpY2F0ZTAeFw0xOTEwMTcwODMxMzdaFw0yMDEwMTYwODMxMzdaMBsxGTAXBgNVBAMTEFJvb3QgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAEsaioS62rcpQdrH8BkUq/bsolxNXGvWWubGk/DbR1WxATWA0z59klKbmFYIF96jfEQBAPIo/yzWcE+aFDIRvA7Myv3luHUygID7XglxhKSGXJh+aKdqT1dIVxQbVUKBa8wHPhWCOT0peyfvHBmJhOMRya72fLQpGzBBpvata7AgMBAAGjPDA6MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgGGMB0GA1UdDgQWBBQl5oIKM70kfhb1S2Ax9PllaXA6nDANBgkqhkiG9w0BAQsFAAOBgQCb7Eww4xbwejNc1jWkQLLjqv7d0l20UbSRgx7zmBS6RSCBEOjjDpfEABxoqZFGEtNKcGPD5Mb2TUvxvPHZ43f9YDHr2p2mFPLTujksnfxiYUz3/Ri5oimiRuq/ZofBk2OOjWZBSJA4xtkQetkcebCAZQMHTyDx3KiZTk8V6SgyCzCCAkEwggEpoAMCAQICEQDwZoddkxrT3xRaOVr0nyA7MA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNVBAMTDkNBIENlcnRpZmljYXRlMB4XDTE5MTAxNzE0MjUzMVoXDTIwMTAxNzE1MjYzMVowDjEMMAoGA1UEAxMDQ1NSMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAgokWLXUb2DneBpQ481Oq6HeoWDJ8mvmtfgK9n4/c6sj8YB1JKzzVaZm+WOvN3K4mOjhx3TN+ugVwmdSeaUhv6NaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHwYDVR0jBBgwFoAUnLzcLQkzbcxUG+xkOleUAaDzbc8wHQYDVR0OBBYEFC+hnr5YkQaRLDCRYbwKLjVhLTtuMA0GCSqGSIb3DQEBCwUAA4IBAQAgeWLCXtCTcw76HhgkYoBb57Ec+qSIuj9HzQzHxhm1WegvdRGXGuOWU7BBBJv15Kp02bCqesns6Wd6C1ye//ctUiOGByvpLb5PVEKVLw/yUEOVYrYxTF5ZrVKNYaRv+BBIcJG5GgsSMzHSd+kZ0Q6uQ9BE8AuJhJ90k/QrnJIXC2DNe71K1X5JIUc6HnZE54djSI/LDg/e7KXiY4oGhNQpn91DSGwGmxVWM0DTwpepHrgCHXic8E1leyz6yEH9+wLKy+bWRX5/38smBDVBCSCfvxgoXGtIDzfNzezp6aqWQCUsGrTZlCaLuiTviA9gPRcPHB7JoLPII5o+Mpv94ndkMIICmzCCAgSgAwIBAgIRAN4bMCUOfRJDHbNXnOWob6EwDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UEAxMQUm9vdCBDZXJ0aWZpY2F0ZTAeFw0xOTEwMTcwODM0MThaFw0yMDA4MTIwODM0MThaMBkxFzAVBgNVBAMTDkNBIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjo2hy1C4v1ij49tYY5QF/OK1YdFAQ4lTZzdqMNsLX2zEoqSvsiYogn7elC/vWlfp13q6cpIWWpMLx26UD+aClaSfl3D9X5fpGL/BjWriszYWhI9yW5PsLAY//W0X4CSkUfoKEX24Ntk+BF/8zpUvVKEBYCznPEZG2NcLEakB7zCfZQuwLmcYQ16oEhC1WasDcGMMAdSyiy8Fd0SjoSV+/cI5jDM81yJMpp+GdhwLQsGfcfJLHg7boGR/L9r/YMP0D2LR1FdF7PGbtGhvP7xabxbRaJsrlwieqi/FqVAWagMEJTzowBMpj0YIkA4x+z7qBc2M/S4n04t1L7xc3RQxQIDAQABo10wWzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBhjAfBgNVHSMEGDAWgBQl5oIKM70kfhb1S2Ax9PllaXA6nDAdBgNVHQ4EFgQUnLzcLQkzbcxUG+xkOleUAaDzbc8wDQYJKoZIhvcNAQELBQADgYEAm/v5DdSGGLaALG5S7sQj0ycxIZ1UyKMzdk+UEofD3b9A4FXFKi4u/8VkEwo+qSvSKt6FPWWnH7QzcTdXJUiTP5vMcyPnGjpGh58gBI9PMvPn3+A+mn27s6b8lLXJlR0P+qWHvcWXw7oRYkpTtsBLPWWe1fLHa6KIf85CoD/Ikb8xAA== "

Error Messages

Error Message

Description

<profileId> profile does not exist

If the given certificate profile Id is invalid

Please enter valid data

If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile.

Signature verification failed

If signature parameter (CSR) is not signed by the pfx shared by eMudhra

Invalid validity

validity should be in proper format dd:hh:mm:ss e.g: 120:23:45:54

Invalid From Date

Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00

isP7BRequest

enter true for p7bCertificate and false for .cer certificate

PreviousAPI Method-getCertificateByRequestID NextAPI Method - getExpirySoonCertificate

Last updated 1 year ago