API Method - createeSignCustomCertificateById
Purpose
Use the “createeSignCustomCertificateById” method for creating the X509 certificate and p7B certificate based on the ID selection.
Type of Method
POST
Request URL
http://www.example.com/emCAServices/rest/createeSignCustomerCertificateById
Request Input Parameters
Parameter
Presence
Data Type
Description
signature
M
String
CSR file has to be generated and signed with PFX shared by us.
Pass Signed CSR data i.e., PKCS#7 data.
userName
M
String
You need to pass username that is registered with emCA for API process.
password
M
String
You need to pass the password that is registered with emCA for API process.
profileId
M
String
Pass Certificate profile Id to be used to create x509Certificate and CreateP7BCertById.
subscriberId
M
String
Pass the Subscriber ID.
Validity
O
String
Pass the validity in the form of (Days : Hours : Minutes : Seconds)
Days – 36135 (maximum days)
Hours - 23 (max hours)
Minutes - 59 (max minutes)
Seconds - 59 (max seconds)
to create certificate with the given validity.
validFrom
O
String
Pass the validityFrom in the form of (Days : Months : Years Hours : Minutes : Second)
sANValues
M
String
Pass sANValues to be used to create
subjectDNOids
M
String
Pass subjectDNOids to be used to create x509Certificate and CreateP7BCertById.
Example: “2.5.4.3|Test~2.5.4.6|India~2.5.4.8|Delhi~2.5.4.7|te st~2.5.4.5|77686868687~2.5.4.10|Personal~1.2.84
0.113549.1.9.1|[email protected]~2.5.4.12|test”
isP7BRequest
M
String
Pass “true” for p7b Certificate and “false” for .cer Certificate
applicationId
M
String
Pass application ID.
Sample JSON Object
requestData
{
"signature": "MIHbMIGBAgEAMA4xDDAKBgNVBAMTA0NTUjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAIKJFi11G9g
53gaUOPNTquh3qFgyfJr5rX4CvZ+P3OrI/GAdSSs81WmZvljrzdyuJjo4cd0zfroFcJnUnmlIb+gETAPB gkqhkiG9w0BCQ4xAjAAMAoGCCqGSM49BAMCA0kAMEYCIQCDSGcQ7SWenQ2DrYGZOeMQFN9ezd3kZWgZoW
YskerWGQIhAMu2UJeZe/Is21mmq3uGEHFyVJYG+ToAeMBHNWtjjZXu", "isP7BRequest": "true",
"profileID": "3",
"sANValues":
"[email protected]|dNSName=www.example.com|iPAddress=127.0.0.1|registered
ID=2.10.100.2.4.5",
"subjectDNOids": "2.5.4.3|Test~2.5.4.6|India~2.5.4.8|Delhi~2.5.4.7|test~2.5.4.5|77686868687~2.5.4. 10|Personal~1.2.840.113549.1.9.1|[email protected]~2.5.4.12|test",
"subscriberId": "2132131",
"validFrom": "12:11:2020 12:23:45",
"validity": "365:12:45:45",
applicationId ": "23123123",
"userName": "SwaggerTest2",
"password": "eMudhra@1",
"isP7BRequest": "true",
}
Parameter
Presence
Data Type
Description
requestData
M
String
All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by the emCA team.
Pass Encrypted JSON Object.
userName
M
String
You need to pass username that is registered with emCA for API process.
Header Details
Key
Presence
Value
Description
Application / JSON
M
Content-Type
Type of request should be in JSON Format.
Authentication Key
M
emKey
emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).
Sample Request Data
Header:
Content-Type : application/json
emKey : 47b54594063957de22fce0aeddd51a6adf4a80aa
Request Body:
{
"requestData" : "yg3WSoOKkUHHfqMYb3aB+rF4+UjSvkp04Wx5i8TIxnFkwy13yGaeIqNz1FuqcXW684dSymXudK2SJK/ AuV6p/jNwtjtbVIRT+98y/8+GC3GvbFVF7oPGtbhF54nLdkBQyt1ntdSmpUies/y4RdG++kEPubkNGGG
db6gezlHU5JuNwvUljhmAtzXhYlP+2tJ3ZexxQju30IkQ6+c7XmcWbG3Whu8Ky26WF/IQ12maEsnoWI7 T0t3zzH0kyIgo96IYye8MXbcF1LiYoBDLkSurDQPm9pdHR8kF4stwK5OgM3+x6Jt0sX/UbrMZA1SzfAm FTDRr6L7OFVwn9b8UTQMJA3Chk8hG2XI2QG7dqPkdHK2vTGqjKve4Hxegr0kIizJAt60DhaH9dD2D7wL eGR59snGhpo8QzOJHWhvgA5HuHTR7HF3qQ7KphYBol3v8IIKKBiNXC8GNyGtqJIUy3FxlQFPBgtdAcOr 9y0Ors/tuatnhQCODYJ7ixQHlwWUcIFNqTp+TQvKlWRn3KXbYVrWsc0VzdNLdbf/BC9cKMfuaJcIMVdl N66FbLfNi2TtQXbyr4u+e86x0Vgy7NLYnK5nKreyUseiz9WBSZxM0S8m7rUNdYuh7dIs11Jab8AAYeCw MXWJnQliRp2wrESA24C6hia5qj34NmDEW5LLz9dxmbZ/ywie/c+gWDEer7MLAujFTZQJ8ouyiJ1Qr5mu HgE9G3EsCFYvrDjxKJxvxMPm0Qi0JJT5yw0c+hWhGb+MAwslCLc5YyflR6wmK6qNV9gedD7fawPl1qgq qJTz+M1J2Egz6qYSXVWdr8GCbqoMxkxUWQkceMFkBhpTSF5pn5eDPUJ+Ly1RSqCouGgpA7qOGRDRK5TL xqQlfD9TCbV5X+Q1TygvuhuWLF5GEwFrQD01Pj6OdJZ+XdWCpL/vpEMcTX+MKo3VrCAu7R1K13wbjiqN KYI60PXxqXA+Cv+rE5zZB4Tj6OLquws9TE160MFmq4u0ET3V0O1HIFk1TrhMbeWzr4JrxhkWDti4AAbb KgXcUkh90SqlypybH9uSftxjaw6/OnMeKuayAMrCFi9C+yeRoA5d+xp1GMXA4bXSXQ4SBIOon4gf3Kgj KGf3GHogbEPGkdtS9PMF8EYcfOtNs7eHztbz8RPbdnS7+4U8OsEj5YbWFXF97MqLZw9YyJP+CSs19cL4 j2HSxCo0404dY07ZUdU3Kjua60JtqGFeJoZVwAWSa4CIeEhumsskY8YK9+1nTev1ynPmNYL3owrNOOPr JlOvZu5X9A69xz603LaeI2mUIMT/EPK98ViuLxET/KigWxfZJu638GPeSah0RdbMJjB/B6oUoB1Fd0zf tytImyIIRmr7P/3XSTq2kS3rOJ9edHloFu8PmYGwfJu6wk/aQGQxvcS51wbnXexUSTWxo1EzgrUSwc10 gxMRbIt28QlqeLNePTKqmDXzA7NvJDyJ7OPRprdLaTGdAyKPlDBIgWMODCqvkDIqayRRpls1XfvF1CJJ yMHzL49ffYRa90B2TG3YVSCOkn+V77JYpND47xByXs8ybO1J6VGiDN/GvsEvI/HL90BkFXKtOfrygSrP ILJ9ve1R1FrvTTg1sEyT2neIePXUPFXT6VtFyoA63uQgzGgVZut5r8yerrMHcjY4pukYIvbtBN94gvVh R3zCM9959ADzlx6gNw6Gk5ULLG8zICvxxotD8yPEG2vZ920GUysyyLkhy7eVGfs28iRMLrBv15FiSIW9 VvB3IxUOCKn1CEQXU3abGge85bs0sAQl+I5lRNQCdaaATdltFdw9xQ4m+BNZsgGOB1kcBnD6Nxcsaeya t3f0200DyLLGAnzgmj77F+pLDJaZCnu2TjwumcNpEBOataNbaia/HVFBOyCDebgYsEqaTQpXlyUtFHPK
/NyaRdjgF08p8Sg1BoYI8bcuKiYdilh6C66xHkI/znXIj1NEiPgiWFcv6usjifiQpXjPZ7TPh9lxAgA2 TDMNBjcuZN40oIbyX7Z22aqlM317jP3LeH3igBngUsESTiKeU6oC9uAoa1B1Vo5M6DobOW0Sku3S7oXz ZPc89fbL1fRn9LDu05N/EWf/dp0TB99lBYKUFDTWT/JNuJgHYLSExDGB73QKybr8IA1uSVgW55NwD8s6
DJ2rpCGu8UiGXLf6t2x+tdXzhG8kPFyNRjMbT+v8DnQMtcBCXZOfNqaYqW1TohA6K0/PBc+8y+0RlHuy MZXKqO58TUp2vZVrXl6UMdslcNHkGSUC7mn0cwcupxrPuLWtgdiDMaU78z75hSdI+bjDuELDrbYJ20pB i1rzTa8e56HfuQ+HEMyfhF7J3BCcgZ1MKKTb5JHssLqn3MDzuS96mX7flEqOhObLRFDk3GGahuF7fTyI hOuxEb/jX5x8BKvt6/fLqc6i3h0LsrMp3NdoAKGn8qQMuDqtVHkyOVJdFB7imQR+D52YbvWhWtsg1icQ 8bGMdmtsLuB3xHpHZa0rfZ783DLoDtQRWo85m3PYXXP9y8p3sYBTyZGrcRdFLCm9q4wSFDpm6Glj7Qph hvvxmOywUD1K4x4dnVTy+fshyZGAwrK58QRzHMXHVVvU62cawftL/XK7RsaQt6YyVVkzCBu2evBmQAUJ QWhG1OetwLH/+jo9zpvZs4p8nrUJzAnv5XiT66XOOAvZuGEs6VGQ4xewGLDwxfsdCrCrD4XP8LBsWXkK
+9m+oqKczanmL8X5weMpPbwLTPmJJHA5OmWkT3WA9XWr8q8S3l9OwgcdDpszLeVaDLTAFWJJahkiWfem IjTaYjTCMvKKiN7ZU6MBRL3QKCYYnrSArxQR81C5ACa451bLik8EvU5yrE3B8vZE/biswpDQKJzfRNXB UC73hRm2zq44etI0ZOvlzEux/I3wzLZ2A4xUeiSguY8osLJTbh5mMR5MZrFzlzVx/7XnmqABwQGS364s ddgMWZ600cO722SF6575bFSneXHFfr04+fCsCgEdT3X0m4C8DbCf1aGqmB74cgFuLrLa95GdRaD6uXn+ GcsUNsJY0elxvhmOXfurIhmUOxAwmUlTLk1Bav0UYVNHn+jZdXvdrHvbQ+zqkkD3NmxgUe0M8rCgTxHX hjfJgoRfitHxUh52mokl3plFRpik+RG1RNUZsfjAxwXSuwhyQ0Pn9pd76FBnQI7rxuKIJZL9+fYHv7Wv QLUrC0aHytTK6TKQZbnLa0MkuirpP8GvGwsbC37ONs72q7rRFdzssVG+qiYMVXJfQeXYMJE6l3vtNZQd 1/hQO5Hsb9Ew1P5md2+uNB1AQX9FPFZWfM8NVvaooWhCXnBRzeNrWYtAPobVpUwcoXKMwP/xKaFj55O7 oJbZLkrzPnL+blh4ddOFrs7Fmf18pNmvxVkNKSaB62qDCiagYhBBY+bf2Mo0um/t45qc0G9nthQwwwSB rb4Lt52C/XD/WCavdxWI83RO5845mYaHe8PE/xJn8ij3xYCzY8MFg0zFbKb4RsXCmC0svqiUB1gkHqJS NHB02AzTl8xekfZGRAq9/5ULJu1PWO9d/R3zcItDUxWnhCwZAdJAaDOTZefQd92OIGkA6p/LjJOKUPkC Gf2/1HjsBpqDJzXab+ym15bowVae41s/B5LG1ilpupvb9A04OOE/DdbrP6uc0AxcEZHxNqYkkjTdcrLw 5LyB7/6NE8bKJqQ0AdXGNPZCBIqp3BUNtkMLBVTtGzPSYkzzz4FuhZ+DpDwk0NodWAqXgwD3v0qkj0x5 UjrCPWSGhYrDAI94loyk4XpW/GZAM6f7SOVWJLwY+DYliq+d2uA/kOJuo9AUn10DLg/QwycN4SbtSglj AbCnddWAlY2YfJBH+y72e88Iy/dg3jGfUzT7B05LuS2V0gA2n50eu/bSdxaa+ZSUu2kVyZFF9mKjwt9I 0IRS6yr66ZFqXAisiSgVFLvOjxEme1oCS7ki1X6oNjrHBrFM5B6ot+O2eb93VdBp+ivW/KHLHM7ZaFrk 1kjvKyatn/VHtnEQU+WofD/OgwkiGH/+nLg7fa6mew46jGaJ9z5HeA5ZF4BhQuUmVgsh5KR32VLy/3K0 rqV28qV1q8E8r7SyZl6KGJWK6xhFY8LO7CocrQA=="
"userName":"username"
}
Process
When request is received by the emCA service, we will decrypt the request JSON Object with the same AES key that is shared with the client.
After successful decryption, request JSON object (Signed CSR data + Username+ Password + Profile Id + SubjectDNiods + Validity + SAN Values + Valid From + Subscriber ID + Application ID + isP7BRequest) is retrieved.
First emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.
If request is registered with same user, then we check if the certificate is already created for the requested applicationId or not.
if certificate is already created for applicationId then return existing certificate.
if certificate is not created for applicationId then we create certificate using next step.
If it is same then signed CSR data (signature) is validated by checking whether CSR is signed by the same PFX file which is registered for the specific user.
If validation fails at any point in processing the request, the emCA service will throw error/failure message. (Refer error messages section)
Response Parameters
Parameter
Data Type
Description
response
String
Returns JSON Object
JSON Object Contains below parameters
Parameter
Data Type
Description
status
String
Returns Status of the request as success if CSR is signed by selected certificate profile id and generates x509 certificate.
Returns status of the request as failure when authentication fails or unregistered user tries to call the API
result
String
Returns
In case of success: base 64 encoded x509 certificate data
In case of failure: Error message will be displayed.
subscriberId
String
Returns Subscriber Id
Response JSON Format
Sample
Success:
Response Body
{
"status":"success",
"result":"base 64 encoded x509 certificate data",
“subscriberId”:”XXX” "requestId": null
}
"result": " request accepted successfully ", "subscriberId": "XXXX",
"requestId": “XXXX”
}
Failure:
{
"status":"failure", "result":"<Error message>" “subscriberId”:null "requestId": null
}
Sample for base 64 encoded x509 certificate data
"
MIIHCwYJKoZIhvcNAQcCoIIG/DCCBvgCAQExADALBgkqhkiG9w0BBwGgggbgMIIB+DCCAWGgAwIBAgIRAM XqvbqIkM14Ii3WJq25AFswDQYJKoZIhvcNAQELBQAwGzEZMBcGA1UEAxMQUm9vdCBDZXJ0aWZpY2F0ZTAe
Fw0xOTEwMTcwODMxMzdaFw0yMDEwMTYwODMxMzdaMBsxGTAXBgNVBAMTEFJvb3QgQ2VydGlmaWNhdGUwgZ 8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAEsaioS62rcpQdrH8BkUq/bsolxNXGvWWubGk/DbR1WxAT WA0z59klKbmFYIF96jfEQBAPIo/yzWcE+aFDIRvA7Myv3luHUygID7XglxhKSGXJh+aKdqT1dIVxQbVUKB a8wHPhWCOT0peyfvHBmJhOMRya72fLQpGzBBpvata7AgMBAAGjPDA6MAwGA1UdEwQFMAMBAf8wCwYDVR0P BAQDAgGGMB0GA1UdDgQWBBQl5oIKM70kfhb1S2Ax9PllaXA6nDANBgkqhkiG9w0BAQsFAAOBgQCb7Eww4x bwejNc1jWkQLLjqv7d0l20UbSRgx7zmBS6RSCBEOjjDpfEABxoqZFGEtNKcGPD5Mb2TUvxvPHZ43f9YDHr 2p2mFPLTujksnfxiYUz3/Ri5oimiRuq/ZofBk2OOjWZBSJA4xtkQetkcebCAZQMHTyDx3KiZTk8V6SgyCz CCAkEwggEpoAMCAQICEQDwZoddkxrT3xRaOVr0nyA7MA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNVBAMTDkNB IENlcnRpZmljYXRlMB4XDTE5MTAxNzE0MjUzMVoXDTIwMTAxNzE1MjYzMVowDjEMMAoGA1UEAxMDQ1NSMF
kwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAgokWLXUb2DneBpQ481Oq6HeoWDJ8mvmtfgK9n4/c6sj8YB1 JKzzVaZm+WOvN3K4mOjhx3TN+ugVwmdSeaUhv6NaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHwYDVR 0jBBgwFoAUnLzcLQkzbcxUG+xkOleUAaDzbc8wHQYDVR0OBBYEFC+hnr5YkQaRLDCRYbwKLjVhLTtuMA0G CSqGSIb3DQEBCwUAA4IBAQAgeWLCXtCTcw76HhgkYoBb57Ec+qSIuj9HzQzHxhm1WegvdRGXGuOWU7BBBJ v15Kp02bCqesns6Wd6C1ye//ctUiOGByvpLb5PVEKVLw/yUEOVYrYxTF5ZrVKNYaRv+BBIcJG5GgsSMzHS d+kZ0Q6uQ9BE8AuJhJ90k/QrnJIXC2DNe71K1X5JIUc6HnZE54djSI/LDg/e7KXiY4oGhNQpn91DSGwGmx VWM0DTwpepHrgCHXic8E1leyz6yEH9+wLKy+bWRX5/38smBDVBCSCfvxgoXGtIDzfNzezp6aqWQCUsGrTZ lCaLuiTviA9gPRcPHB7JoLPII5o+Mpv94ndkMIICmzCCAgSgAwIBAgIRAN4bMCUOfRJDHbNXnOWob6EwDQ YJKoZIhvcNAQELBQAwGzEZMBcGA1UEAxMQUm9vdCBDZXJ0aWZpY2F0ZTAeFw0xOTEwMTcwODM0MThaFw0y MDA4MTIwODM0MThaMBkxFzAVBgNVBAMTDkNBIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ
8AMIIBCgKCAQEAtjo2hy1C4v1ij49tYY5QF/OK1YdFAQ4lTZzdqMNsLX2zEoqSvsiYogn7elC/vWlfp13q 6cpIWWpMLx26UD+aClaSfl3D9X5fpGL/BjWriszYWhI9yW5PsLAY//W0X4CSkUfoKEX24Ntk+BF/8zpUvV KEBYCznPEZG2NcLEakB7zCfZQuwLmcYQ16oEhC1WasDcGMMAdSyiy8Fd0SjoSV+/cI5jDM81yJMpp+Gdhw LQsGfcfJLHg7boGR/L9r/YMP0D2LR1FdF7PGbtGhvP7xabxbRaJsrlwieqi/FqVAWagMEJTzowBMpj0YIk A4x+z7qBc2M/S4n04t1L7xc3RQxQIDAQABo10wWzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBhjAfBgNV
HSMEGDAWgBQl5oIKM70kfhb1S2Ax9PllaXA6nDAdBgNVHQ4EFgQUnLzcLQkzbcxUG+xkOleUAaDzbc8wDQ YJKoZIhvcNAQELBQADgYEAm/v5DdSGGLaALG5S7sQj0ycxIZ1UyKMzdk+UEofD3b9A4FXFKi4u/8VkEwo+ qSvSKt6FPWWnH7QzcTdXJUiTP5vMcyPnGjpGh58gBI9PMvPn3+A+mn27s6b8lLXJlR0P+qWHvcWXw7oRYk pTtsBLPWWe1fLHa6KIf85CoD/Ikb8xAA== "
Error Messages
Error Message
Description
<profileId> profile does not exist
If the given certificate profile Id is invalid
Please enter valid data
If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile.
Signature verification failed
If signature parameter (CSR) is not signed by the pfx shared by eMudhra
Invalid validity
validity should be in proper format dd:hh:mm:ss e.g: 120:23:45:54
Invalid From Date
Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00
isP7BRequest
enter true for p7bCertificate and false for .cer certificate
Last updated