API Method - createeSignCustomCertificateById

Note:

  1. This API is used only in specific cases where the External application needs to validate CSR data from their end for certificate generation to achieve maximum throughput.

  2. Manual authorization profiles are not applicable for this API.

  3. Be aware that all templates and keys required for the API to function are loaded statically to increase throughput.

  4. Understand that any changes made to the templates or CA keys will require a server restart to update the API and ensure that it functions properly with the new information.

Purpose

Use the “createeSignCustomCertificateById” method for creating the X509 certificate and p7B certificate based on the ID selection.

Type of Method

POST

Request URL

http://www.example.com/emCAServices/rest/createeSignCustomerCertificateById

Request Input Parameters

Parameter

Presence

Data Type

Description

signature

M

String

CSR file has to be generated and signed with PFX shared by us.

Pass Signed CSR data i.e., PKCS#7 data.

userName

M

String

You need to pass username that is registered with emCA for API process.

password

M

String

You need to pass the password that is registered with emCA for API process.

profileId

M

String

Pass Certificate profile Id to be used to create x509Certificate and CreateP7BCertById.

subscriberId

M

String

Pass the Subscriber ID.

Validity

O

String

Pass the validity in the form of (Days : Hours : Minutes : Seconds)

Days – 36135 (maximum days)

Hours - 23 (max hours)

Minutes - 59 (max minutes)

Seconds - 59 (max seconds)

to create certificate with the given validity.

validFrom

O

String

Pass the validityFrom in the form of (Days : Months : Years Hours : Minutes : Second)

sANValues

M

String

Pass sANValues to be used to create

subjectDNOids

M

String

Pass subjectDNOids to be used to create x509Certificate and CreateP7BCertById.

Example: “2.5.4.3|Test~2.5.4.6|India~2.5.4.8|Delhi~2.5.4.7|te st~2.5.4.5|77686868687~2.5.4.10|Personal~1.2.84

0.113549.1.9.1|test@gmail.com~2.5.4.12|test”

isP7BRequest

M

String

Pass “true” for p7b Certificate and “false” for .cer Certificate

applicationId

M

String

Pass application ID.

Sample JSON Object

requestData
{
"signature": "MIHbMIGBAgEAMA4xDDAKBgNVBAMTA0NTUjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAIKJFi11G9g
53gaUOPNTquh3qFgyfJr5rX4CvZ+P3OrI/GAdSSs81WmZvljrzdyuJjo4cd0zfroFcJnUnmlIb+gETAPB gkqhkiG9w0BCQ4xAjAAMAoGCCqGSM49BAMCA0kAMEYCIQCDSGcQ7SWenQ2DrYGZOeMQFN9ezd3kZWgZoW
YskerWGQIhAMu2UJeZe/Is21mmq3uGEHFyVJYG+ToAeMBHNWtjjZXu", "isP7BRequest": "true",
"profileID": "3",
"sANValues": 
"rfc822Name=test@gmail.com|dNSName=www.example.com|iPAddress=127.0.0.1|registered
 ID=2.10.100.2.4.5",
"subjectDNOids": "2.5.4.3|Test~2.5.4.6|India~2.5.4.8|Delhi~2.5.4.7|test~2.5.4.5|77686868687~2.5.4. 10|Personal~1.2.840.113549.1.9.1|test@gmail.com~2.5.4.12|test",
"subscriberId": "2132131",
"validFrom": "12:11:2020 12:23:45",
"validity": "365:12:45:45",
applicationId ": "23123123",
"userName": "SwaggerTest2",
"password": "eMudhra@1",
"isP7BRequest": "true",
}

Parameter

Presence

Data Type

Description

requestData

M

String

All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by the emCA team.

Pass Encrypted JSON Object.

userName

M

String

You need to pass username that is registered with emCA for API process.

Header Details

Key

Presence

Value

Description

Application / JSON

M

Content-Type

Type of request should be in JSON Format.

Authentication Key

M

emKey

emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).

Sample Request Data

Header:
Content-Type : application/json
emKey	: 47b54594063957de22fce0aeddd51a6adf4a80aa
Request Body:
{
"requestData" : "yg3WSoOKkUHHfqMYb3aB+rF4+UjSvkp04Wx5i8TIxnFkwy13yGaeIqNz1FuqcXW684dSymXudK2SJK/ AuV6p/jNwtjtbVIRT+98y/8+GC3GvbFVF7oPGtbhF54nLdkBQyt1ntdSmpUies/y4RdG++kEPubkNGGG
db6gezlHU5JuNwvUljhmAtzXhYlP+2tJ3ZexxQju30IkQ6+c7XmcWbG3Whu8Ky26WF/IQ12maEsnoWI7 T0t3zzH0kyIgo96IYye8MXbcF1LiYoBDLkSurDQPm9pdHR8kF4stwK5OgM3+x6Jt0sX/UbrMZA1SzfAm FTDRr6L7OFVwn9b8UTQMJA3Chk8hG2XI2QG7dqPkdHK2vTGqjKve4Hxegr0kIizJAt60DhaH9dD2D7wL eGR59snGhpo8QzOJHWhvgA5HuHTR7HF3qQ7KphYBol3v8IIKKBiNXC8GNyGtqJIUy3FxlQFPBgtdAcOr 9y0Ors/tuatnhQCODYJ7ixQHlwWUcIFNqTp+TQvKlWRn3KXbYVrWsc0VzdNLdbf/BC9cKMfuaJcIMVdl N66FbLfNi2TtQXbyr4u+e86x0Vgy7NLYnK5nKreyUseiz9WBSZxM0S8m7rUNdYuh7dIs11Jab8AAYeCw MXWJnQliRp2wrESA24C6hia5qj34NmDEW5LLz9dxmbZ/ywie/c+gWDEer7MLAujFTZQJ8ouyiJ1Qr5mu HgE9G3EsCFYvrDjxKJxvxMPm0Qi0JJT5yw0c+hWhGb+MAwslCLc5YyflR6wmK6qNV9gedD7fawPl1qgq qJTz+M1J2Egz6qYSXVWdr8GCbqoMxkxUWQkceMFkBhpTSF5pn5eDPUJ+Ly1RSqCouGgpA7qOGRDRK5TL xqQlfD9TCbV5X+Q1TygvuhuWLF5GEwFrQD01Pj6OdJZ+XdWCpL/vpEMcTX+MKo3VrCAu7R1K13wbjiqN KYI60PXxqXA+Cv+rE5zZB4Tj6OLquws9TE160MFmq4u0ET3V0O1HIFk1TrhMbeWzr4JrxhkWDti4AAbb KgXcUkh90SqlypybH9uSftxjaw6/OnMeKuayAMrCFi9C+yeRoA5d+xp1GMXA4bXSXQ4SBIOon4gf3Kgj KGf3GHogbEPGkdtS9PMF8EYcfOtNs7eHztbz8RPbdnS7+4U8OsEj5YbWFXF97MqLZw9YyJP+CSs19cL4 j2HSxCo0404dY07ZUdU3Kjua60JtqGFeJoZVwAWSa4CIeEhumsskY8YK9+1nTev1ynPmNYL3owrNOOPr JlOvZu5X9A69xz603LaeI2mUIMT/EPK98ViuLxET/KigWxfZJu638GPeSah0RdbMJjB/B6oUoB1Fd0zf tytImyIIRmr7P/3XSTq2kS3rOJ9edHloFu8PmYGwfJu6wk/aQGQxvcS51wbnXexUSTWxo1EzgrUSwc10 gxMRbIt28QlqeLNePTKqmDXzA7NvJDyJ7OPRprdLaTGdAyKPlDBIgWMODCqvkDIqayRRpls1XfvF1CJJ yMHzL49ffYRa90B2TG3YVSCOkn+V77JYpND47xByXs8ybO1J6VGiDN/GvsEvI/HL90BkFXKtOfrygSrP ILJ9ve1R1FrvTTg1sEyT2neIePXUPFXT6VtFyoA63uQgzGgVZut5r8yerrMHcjY4pukYIvbtBN94gvVh R3zCM9959ADzlx6gNw6Gk5ULLG8zICvxxotD8yPEG2vZ920GUysyyLkhy7eVGfs28iRMLrBv15FiSIW9 VvB3IxUOCKn1CEQXU3abGge85bs0sAQl+I5lRNQCdaaATdltFdw9xQ4m+BNZsgGOB1kcBnD6Nxcsaeya t3f0200DyLLGAnzgmj77F+pLDJaZCnu2TjwumcNpEBOataNbaia/HVFBOyCDebgYsEqaTQpXlyUtFHPK
/NyaRdjgF08p8Sg1BoYI8bcuKiYdilh6C66xHkI/znXIj1NEiPgiWFcv6usjifiQpXjPZ7TPh9lxAgA2 TDMNBjcuZN40oIbyX7Z22aqlM317jP3LeH3igBngUsESTiKeU6oC9uAoa1B1Vo5M6DobOW0Sku3S7oXz ZPc89fbL1fRn9LDu05N/EWf/dp0TB99lBYKUFDTWT/JNuJgHYLSExDGB73QKybr8IA1uSVgW55NwD8s6
DJ2rpCGu8UiGXLf6t2x+tdXzhG8kPFyNRjMbT+v8DnQMtcBCXZOfNqaYqW1TohA6K0/PBc+8y+0RlHuy MZXKqO58TUp2vZVrXl6UMdslcNHkGSUC7mn0cwcupxrPuLWtgdiDMaU78z75hSdI+bjDuELDrbYJ20pB i1rzTa8e56HfuQ+HEMyfhF7J3BCcgZ1MKKTb5JHssLqn3MDzuS96mX7flEqOhObLRFDk3GGahuF7fTyI hOuxEb/jX5x8BKvt6/fLqc6i3h0LsrMp3NdoAKGn8qQMuDqtVHkyOVJdFB7imQR+D52YbvWhWtsg1icQ 8bGMdmtsLuB3xHpHZa0rfZ783DLoDtQRWo85m3PYXXP9y8p3sYBTyZGrcRdFLCm9q4wSFDpm6Glj7Qph hvvxmOywUD1K4x4dnVTy+fshyZGAwrK58QRzHMXHVVvU62cawftL/XK7RsaQt6YyVVkzCBu2evBmQAUJ QWhG1OetwLH/+jo9zpvZs4p8nrUJzAnv5XiT66XOOAvZuGEs6VGQ4xewGLDwxfsdCrCrD4XP8LBsWXkK
+9m+oqKczanmL8X5weMpPbwLTPmJJHA5OmWkT3WA9XWr8q8S3l9OwgcdDpszLeVaDLTAFWJJahkiWfem IjTaYjTCMvKKiN7ZU6MBRL3QKCYYnrSArxQR81C5ACa451bLik8EvU5yrE3B8vZE/biswpDQKJzfRNXB UC73hRm2zq44etI0ZOvlzEux/I3wzLZ2A4xUeiSguY8osLJTbh5mMR5MZrFzlzVx/7XnmqABwQGS364s ddgMWZ600cO722SF6575bFSneXHFfr04+fCsCgEdT3X0m4C8DbCf1aGqmB74cgFuLrLa95GdRaD6uXn+ GcsUNsJY0elxvhmOXfurIhmUOxAwmUlTLk1Bav0UYVNHn+jZdXvdrHvbQ+zqkkD3NmxgUe0M8rCgTxHX hjfJgoRfitHxUh52mokl3plFRpik+RG1RNUZsfjAxwXSuwhyQ0Pn9pd76FBnQI7rxuKIJZL9+fYHv7Wv QLUrC0aHytTK6TKQZbnLa0MkuirpP8GvGwsbC37ONs72q7rRFdzssVG+qiYMVXJfQeXYMJE6l3vtNZQd 1/hQO5Hsb9Ew1P5md2+uNB1AQX9FPFZWfM8NVvaooWhCXnBRzeNrWYtAPobVpUwcoXKMwP/xKaFj55O7 oJbZLkrzPnL+blh4ddOFrs7Fmf18pNmvxVkNKSaB62qDCiagYhBBY+bf2Mo0um/t45qc0G9nthQwwwSB rb4Lt52C/XD/WCavdxWI83RO5845mYaHe8PE/xJn8ij3xYCzY8MFg0zFbKb4RsXCmC0svqiUB1gkHqJS NHB02AzTl8xekfZGRAq9/5ULJu1PWO9d/R3zcItDUxWnhCwZAdJAaDOTZefQd92OIGkA6p/LjJOKUPkC Gf2/1HjsBpqDJzXab+ym15bowVae41s/B5LG1ilpupvb9A04OOE/DdbrP6uc0AxcEZHxNqYkkjTdcrLw 5LyB7/6NE8bKJqQ0AdXGNPZCBIqp3BUNtkMLBVTtGzPSYkzzz4FuhZ+DpDwk0NodWAqXgwD3v0qkj0x5 UjrCPWSGhYrDAI94loyk4XpW/GZAM6f7SOVWJLwY+DYliq+d2uA/kOJuo9AUn10DLg/QwycN4SbtSglj AbCnddWAlY2YfJBH+y72e88Iy/dg3jGfUzT7B05LuS2V0gA2n50eu/bSdxaa+ZSUu2kVyZFF9mKjwt9I 0IRS6yr66ZFqXAisiSgVFLvOjxEme1oCS7ki1X6oNjrHBrFM5B6ot+O2eb93VdBp+ivW/KHLHM7ZaFrk 1kjvKyatn/VHtnEQU+WofD/OgwkiGH/+nLg7fa6mew46jGaJ9z5HeA5ZF4BhQuUmVgsh5KR32VLy/3K0 rqV28qV1q8E8r7SyZl6KGJWK6xhFY8LO7CocrQA=="
"userName":"username"
}

Process

  • When request is received by the emCA service, we will decrypt the request JSON Object with the same AES key that is shared with the client.

  • After successful decryption, request JSON object (Signed CSR data + Username+ Password + Profile Id + SubjectDNiods + Validity + SAN Values + Valid From + Subscriber ID + Application ID + isP7BRequest) is retrieved.

  • First emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.

  • If request is registered with same user, then we check if the certificate is already created for the requested applicationId or not.

  1. if certificate is already created for applicationId then return existing certificate.

  2. if certificate is not created for applicationId then we create certificate using next step.

  • If it is same then signed CSR data (signature) is validated by checking whether CSR is signed by the same PFX file which is registered for the specific user.

  • If validation fails at any point in processing the request, the emCA service will throw error/failure message. (Refer error messages section)

Response Parameters

Parameter

Data Type

Description

response

String

Returns JSON Object

JSON Object Contains below parameters

Parameter

Data Type

Description

status

String

Returns Status of the request as success if CSR is signed by selected certificate profile id and generates x509 certificate.

Returns status of the request as failure when authentication fails or unregistered user tries to call the API

result

String

Returns

In case of success: base 64 encoded x509 certificate data

In case of failure: Error message will be displayed.

subscriberId

String

Returns Subscriber Id

Response JSON Format

Sample
Success:
Response Body
{
"status":"success",
"result":"base 64 encoded x509 certificate	data",
“subscriberId”:”XXX” "requestId": null 
}

"result": " request accepted successfully ", "subscriberId": "XXXX",
"requestId": “XXXX” 
}
Failure:
{
"status":"failure", "result":"<Error message>" “subscriberId”:null "requestId": null
}


Sample for base 64 encoded x509 certificate data

"
MIIHCwYJKoZIhvcNAQcCoIIG/DCCBvgCAQExADALBgkqhkiG9w0BBwGgggbgMIIB+DCCAWGgAwIBAgIRAM XqvbqIkM14Ii3WJq25AFswDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UEAxMQUm9vdCBDZXJ0aWZpY2F0ZTAe
Fw0xOTEwMTcwODMxMzdaFw0yMDEwMTYwODMxMzdaMBsxGTAXBgNVBAMTEFJvb3QgQ2VydGlmaWNhdGUwgZ 8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAEsaioS62rcpQdrH8BkUq/bsolxNXGvWWubGk/DbR1WxAT WA0z59klKbmFYIF96jfEQBAPIo/yzWcE+aFDIRvA7Myv3luHUygID7XglxhKSGXJh+aKdqT1dIVxQbVUKB a8wHPhWCOT0peyfvHBmJhOMRya72fLQpGzBBpvata7AgMBAAGjPDA6MAwGA1UdEwQFMAMBAf8wCwYDVR0P BAQDAgGGMB0GA1UdDgQWBBQl5oIKM70kfhb1S2Ax9PllaXA6nDANBgkqhkiG9w0BAQsFAAOBgQCb7Eww4x bwejNc1jWkQLLjqv7d0l20UbSRgx7zmBS6RSCBEOjjDpfEABxoqZFGEtNKcGPD5Mb2TUvxvPHZ43f9YDHr 2p2mFPLTujksnfxiYUz3/Ri5oimiRuq/ZofBk2OOjWZBSJA4xtkQetkcebCAZQMHTyDx3KiZTk8V6SgyCz CCAkEwggEpoAMCAQICEQDwZoddkxrT3xRaOVr0nyA7MA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNVBAMTDkNB IENlcnRpZmljYXRlMB4XDTE5MTAxNzE0MjUzMVoXDTIwMTAxNzE1MjYzMVowDjEMMAoGA1UEAxMDQ1NSMF
kwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAgokWLXUb2DneBpQ481Oq6HeoWDJ8mvmtfgK9n4/c6sj8YB1 JKzzVaZm+WOvN3K4mOjhx3TN+ugVwmdSeaUhv6NaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHwYDVR 0jBBgwFoAUnLzcLQkzbcxUG+xkOleUAaDzbc8wHQYDVR0OBBYEFC+hnr5YkQaRLDCRYbwKLjVhLTtuMA0G CSqGSIb3DQEBCwUAA4IBAQAgeWLCXtCTcw76HhgkYoBb57Ec+qSIuj9HzQzHxhm1WegvdRGXGuOWU7BBBJ v15Kp02bCqesns6Wd6C1ye//ctUiOGByvpLb5PVEKVLw/yUEOVYrYxTF5ZrVKNYaRv+BBIcJG5GgsSMzHS d+kZ0Q6uQ9BE8AuJhJ90k/QrnJIXC2DNe71K1X5JIUc6HnZE54djSI/LDg/e7KXiY4oGhNQpn91DSGwGmx VWM0DTwpepHrgCHXic8E1leyz6yEH9+wLKy+bWRX5/38smBDVBCSCfvxgoXGtIDzfNzezp6aqWQCUsGrTZ lCaLuiTviA9gPRcPHB7JoLPII5o+Mpv94ndkMIICmzCCAgSgAwIBAgIRAN4bMCUOfRJDHbNXnOWob6EwDQ YJKoZIhvcNAQELBQAwGzEZMBcGA1UEAxMQUm9vdCBDZXJ0aWZpY2F0ZTAeFw0xOTEwMTcwODM0MThaFw0y MDA4MTIwODM0MThaMBkxFzAVBgNVBAMTDkNBIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ
8AMIIBCgKCAQEAtjo2hy1C4v1ij49tYY5QF/OK1YdFAQ4lTZzdqMNsLX2zEoqSvsiYogn7elC/vWlfp13q 6cpIWWpMLx26UD+aClaSfl3D9X5fpGL/BjWriszYWhI9yW5PsLAY//W0X4CSkUfoKEX24Ntk+BF/8zpUvV KEBYCznPEZG2NcLEakB7zCfZQuwLmcYQ16oEhC1WasDcGMMAdSyiy8Fd0SjoSV+/cI5jDM81yJMpp+Gdhw LQsGfcfJLHg7boGR/L9r/YMP0D2LR1FdF7PGbtGhvP7xabxbRaJsrlwieqi/FqVAWagMEJTzowBMpj0YIk A4x+z7qBc2M/S4n04t1L7xc3RQxQIDAQABo10wWzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBhjAfBgNV
HSMEGDAWgBQl5oIKM70kfhb1S2Ax9PllaXA6nDAdBgNVHQ4EFgQUnLzcLQkzbcxUG+xkOleUAaDzbc8wDQ YJKoZIhvcNAQELBQADgYEAm/v5DdSGGLaALG5S7sQj0ycxIZ1UyKMzdk+UEofD3b9A4FXFKi4u/8VkEwo+ qSvSKt6FPWWnH7QzcTdXJUiTP5vMcyPnGjpGh58gBI9PMvPn3+A+mn27s6b8lLXJlR0P+qWHvcWXw7oRYk pTtsBLPWWe1fLHa6KIf85CoD/Ikb8xAA== "

Error Messages

Error Message

Description

<profileId> profile does not exist

If the given certificate profile Id is invalid

Please enter valid data

If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile.

Signature verification failed

If signature parameter (CSR) is not signed by the pfx shared by eMudhra

Invalid validity

validity should be in proper format dd:hh:mm:ss e.g: 120:23:45:54

Invalid From Date

Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00

isP7BRequest

enter true for p7bCertificate and false for .cer certificate

Last updated