API Method -createPKCS12
Last updated
Last updated
Purpose
Use the “createPKCS12” method for creating the PFX certificate based on the profile selection.
POST
Parameter
Presence
Data Type
Description
signature
M
String
Need to pass (Subject DN details, key algorithm & size, PFX password) should be signed by the PFX which is shared by us.
Subject DN details should consist of the below mentioned fields
· CN *- CommonName
· SERIALNUMBER - serial no
· E - email address
· O- Organization
· S - State
· C - Country
· PostalCode – pincode
· 2.5.4.51 - houseIdentifier
· OU- Organisation Unit
· 2.5.4.65 - pseudonym
· STREET - Street Address
· Phone - Telephone Number
· T – Title
· UID - Unique Identifier
KeyAlgorithmAndSize* - RSA-1024 or RSA-2048
Password*- generated pfx password
You need to create string combining the subject DN details, Key algorithm and size, password. Each separated by comma. Refer below example.
For example
CN=Test123~SERIALNUMBER=04f85bdd24773b66e0bf16b0f59194c78855c7ffcb7c3cf40dce71ba4ff1e91~E=test987@test.com~O=eMudhra~OU=ESS~S=KARNATAKA~C=IN~PostalCode=570004~STREET= Bengaluru~ HOUSEIDENTIFIER=3-88~UID=test877~PSEUDONYM=test098~ PHONE=0123456789~TITLE=Mr~2.5.4.4=kumar~rfc822Name=arjun.kb@emudhra.com~dNSName=www.emudhra.com~dNSName=*.emudhra.com~iPAddress=10.80.106.78~iPAddress=10.80.106.79~registeredID=2.10.100.2.4.5~KeyAlogirthmAndSize=RSA-2048~Password=eMudhra@1
userName
M
String
You need to pass username that is registered with emCA for API process.
password
M
String
You need to pass the password that is registered with emCA for API process.
profileName
M
String
Pass Certificate profile name to be used to create PFX file.
subscriberId
M
String
Pass the Subscriber ID.
applicationId
M
String
Pass application ID.
Parameter
Presence
Data Type
Description
requestData
M
String
All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by emCA team.
Pass Encrypted JSON Object.
userName
M
String
You need to pass username that is registered with emCA for API process.
Key
Presence
Value
Description
Application / JSON
M
Content-Type
Type of request should be in JSON Format.
Authentication Key
M
emKey
emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).
When request is received by emCA service, we will decrypt the request JSON Object with the same AES key that is shared with the client.
After successful decryption, request JSON object (Subject DN details, Key algorithm & Size, PFX password) + Username + Password + Profile Name + Subscriber ID + Application ID) is retrieved.
First the emCA service will validate username and password and check the IP Address used to make the request is registered with the same user
If request is registered with the same user, then we check if the certificate is already created for requested applicationId or not.
If certificate is already created for applicationId then return existing certificat
If certificate is not created for applicationId then we create certificate using the next step.
If it is same then (signature data) is validated by checking whether user info i.e. (Subject DN details, key algorithm & size, pfx password) is signed by same pfx which is registered for the specific user.
If validation fails at any point in processing the request, the emCA service will throw error/failure message.
Parameter
Data Type
Description
response
String
Returns JSON Object
JSON Object Contains below parameters
Parameter
Data Type
Description
status
String
Returns Status of the request as success if pfx(PKCS#12) is generated using selected certificate profile.
Returns status of the request as failure when authentication fails or unregistered user tries to call the API
result
String
Returns
In case of success: Base 64 encoded PFX data
In case of failure: error message will be displayed.
subscriberId
String
Returns Subscriber Id
requestId
String
Return request ID when user is manually authorized and request accepted successfully. Otherwise it will return null.
Response JSON Format
Error Message
Description
Invalid Certificate Profile
If the given certificate profile Name is invalid
Signature verification failed
If signature parameter (user info) contains invalid user details (Subject DN details, key algorithm & size, pfx password) signed by pfx which is shared by eMudhra.