API Method - createPKCS12ById
Last updated
Last updated
Use the “createPKCS12ById” method for creating the PFX certificate based on the profile Id selection.
POST
Parameter
Presence
Data Type
Description
signature
M
String
Need to pass (Subject DN details, key algorithm & size, PFX password) should be signed by the PFX which is shared by us.
Subject DN details should consist of the below mentioned fields
·CN *- CommonName
· SERIALNUMBER - serial no
· E - email address
· O- Organization
· S - State
· C - Country
· PostalCode – pincode
· 2.5.4.51 - houseIdentifier
· OU- Organisation Unit
· 2.5.4.65 - pseudonym
· STREET - Street Address
· Phone - Telephone Number
· T – Title
· UID - Unique Identifier
KeyAlogirthmAndSize* - RSA-1024 or RSA-2048
Password*- generated pfx password
You need to create string combining the subject DN details, Key algorithm and size, password. Each separated by comma. Refer below example.
For example
CN=Test123~SERIALNUMBER=04f85bdd24773b66e0bf16b0f59194c78855c7ffcb7c3cf40dce71ba4ff1e91~E=test987@test.com~O=eMudhra~OU=ESS~S=KARNATAKA~C=IN~PostalCode=570004~STREET= Bengaluru~ HOUSEIDENTIFIER=3-88~UID=test877~PSEUDONYM=test098~ PHONE=0123456789~TITLE=Mr~2.5.4.4=kumar~rfc822Name=arjun.kb@emudhra.com~dNSName=www.emudhra.com~dNSName=*.emudhra.com~iPAddress=10.80.106.78~iPAddress=10.80.106.79~registeredID=2.10.100.2.4.5~KeyAlogirthmAndSize=RSA-2048~Password=eMudhra@1
userName
M
String
You need to pass username that is registered with emCA for API process.
password
M
String
You need to pass the password that is registered with emCA for API process.
profileID
M
String
Pass Certificate profile name to be used to create PFX file.
subscriberId
M
String
Pass the Subscriber ID.
validity
O
String
Pass the validity in the form of (Days : Hours : Minutes : Seconds)
Days – 36135 (maximum days)
Hours - 23 (max hours)
Minutes - 59 (max minutes)
Seconds - 59 (max seconds)
to create certificate with the given validity.
validFrom
O
String
Pass the valid from, in the form of (Days : Hours : Minutes : Seconds).
applicationId
M
String
Pass application ID.
Sample JSON Object
Parameter
Presence
Data Type
Description
requestData
M
String
All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by emCA team.
Pass Encrypted JSON Object.
userName
M
String
You need to pass username that is registered with emCA for API process.
Key
Presence
Value
Description
Application / JSON
M
Content-Type
Type of request should be in JSON Format.
Authentication Key
M
emKey
emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).
When request is received by the emCA service, we will decrypt the request JSON Object with the same AES key that is shared to the client.
After successful decryption, request JSON object (Subject DN details, Key algorithm & Size, PFX password) + Username + Password+ Profile ID+ Application ID + Valid From + Validity + Subscriber ID) is retrieved.
First emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.
If request is registered with the same user, then we check if the certificate is already created for requested applicationId or not.
If certificate is already created for applicationId then return existing certificate.
If certificate is not created for applicationId then we create certificate using next step.
If it is same then (signature data) is validated by checking whether user info i.e. (Subject DN details, key algorithm & size, pfx password) is signed by the same pfx which is registered for the specific user.
If validation fails at any point in processing the request, the emCA service will throw error/failure message.
Parameter
Data Type
Description
response
String
Returns JSON Object
JSON Object Contains below parameters
Parameter
Data Type
Description
status
String
Returns Status of the request as success if pfx(PKCS#12) is generated using selected certificate profile.
Returns status of the request as failure when authentication fails or unregistered user tries to call the API
result
String
Returns
In case of success: Base 64 encoded PFX data
In case of failure: error message will be displayed.
subscriberId
String
Returns Subscriber Id
requestid
String
Return request ID when user is manually authorized and request accepted successfully, otherwise it will return null.
Response JSON Format
Error Message
Description
Profile does not exist
If the given certificate profile Id is invalid
Signature verification failed
If signature parameter (user info) contains invalid user details (Subject DN details, key algorithm & size, pfx password) signed by pfx which is shared by eMudhra.
Invalid validity
validity should be in proper format dd:hh:mm:ss e.g: 120:23:45:54
Invalid From Date
Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00