API Method -rekey

PreviousAPI Method - suspend NextAPI Method-getCertificateByRequestID

Last updated 1 year ago

API Method -rekey

Purpose

Use the “rekey” method for creating certificate in case an existing certificate is lost.

Type of Method

POST

Request URL

Request Input Parameters

Parameter

Presence

Data Type

Description

userName

String

You need to pass username that is registered with emCA for API process.

password

String

You need to pass the password that is registered with emCA for API process.

signature

String

Pass the signed data in section 5 i.e., PKCS#7 data

Signed CSR Data

remarks

String

Pass your Reason to rekey the certificate

serialNo

String

Certificate Serial number

applicationId

String

Pass application ID

ValidFrom

String

Pass the valid from in the form of (dd:MM:yyyy HH:mm:ss)

to create certificate.

This parameter applies if the user certificate profile has ‘Support Customized Validity’.

Sample JSON Object

Header: 
			Content-Type : application/json

	Request Body:
	
		{
			"requestData" : "Q/5rvKIZvoMfuZQnysxcGawX4wC1xRttkCHEExreOwUCltgPG0FmsAbEmNHgHvdM2A7Vadyks2IDACydZDRG9rS/uq93IO3KMAyazof7IJXz31c3LiXorwiRksUFOrH2IqYbqI1q88Sf3rnxoTdq8oaOzYB2LoNPh8dZihJyDIR33BccF1Dg/sS/UAwxJ3fjbPzRJpFcqhi2FX1IS8TxyW2PZtPyLtSddyDFxliryGv8RMmVem6NdJYeNHcYo82qHtszdepvIWCi/DLCqs1alR9TcOsKQ8skBTUQY5xfiuONm68zytXBlF+MIAB40Wsw/12zywoCe2z14wqA/mvzF6Jd/Cw3059NfW8FtmBS502ty4l+kSDallVUCSFP9b9Drsh4q/giwT+zHa/SQ3LWCFkjDLaB/OMzMaZfAFwm27/mDB4mSWVMPzMo8CDBvNNNekeV6lSeKSJ7rEbR2JJYIeLzQFp++Dvnp0KZHZu5r+muXAPFCnsDj3MbLrpvbdl3VYKjtDCu0MXi/LX787pStPvr9coMmHTCwja5p7RwI7Ji/nbOnVpT8f2ylx/Rq7vTFRGAqnFmEK5HAkN6Owdf/dKaKUtifXzJqgjYft0NS7uoXbEJWbb4I86AqLhsPbqqN2zlOXZIaYLvkoleo//gAcevv6ZS3jk5rkhueR44ablyv5nhgQ25Fhg5cqu4hxUBOi1MRXk5RpA6RZkaz+DPGSsJJ4+yKzTEnxhUZvnqzeFEf1cvIU3Fx9PLmvrQ50cE28AdNu749WOUyjq/eZCFC1rmY6KyThU4ng49S+iqCrUiIIF+McgjbuVPRvy0M9eYi9HpVOduV7XEI2zrRLpID0ueVwo/j6XePsofLvk/5J/xT9S8Ge6wgVNQzkO47eLi2VEPf5OXRopBaSLFZ1SPIgBVumlSnPgLfdNVOirJjhqMyADZrXgoAw3c+YTqRhsRDAhtPKx90Qtw643eLEi/1ujz9ZxB6yzTvFYnh05eaM+N08QVlEJcS+z84vqnY6/+8746T6Ct/tDrLdFCNVvveSEPVCujbE6LI6pzAnNuHWZoFYoDjANRTDuS8m3LY3mcC24cTJnNTt7a/hF6IsUj0ygfVctkpATXvW9p1m4p6BpYmXFSP6w0nMvKnHd+Uy2R3qykk/1R6YoZbaG9dM3LrAqqAILkYNucL32xZCbSSKX6HIQtZ0WMAfTubYXLsDnAZCLeph1P+fjnkbgrpizkQg==",		
		}

Parameter

Presence

Data Type

Description

requestData

String

All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by emCA team.

Pass Encrypted JSON Object.

userName

String

You need to pass username that is registered with emCA for API process.

Header Details

Key

Presence

Value

Description

Application / JSON

Content-Type

Type of request should be in JSON Format.

Authentication Key

emKey

emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).

Sample Request Data

requestData	
		{
			"signature" : "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwGggCSABAVwYXdhbgAAAAAAAKCAMIIDpjCCAo6gAwIBAgIDTEtBMA0GCSqGSIb3DQEBCwUAMHQxJTAjBgNVBAMMHENlcnRpZmljYXRlTWFuYWdlciBSb290IDIwMTYxGDAWBgNVBAoMD2VNdWRocmEgTGltaXRlZDEQMA4GA1UECwwHZW11ZGhyYTESMBAGA1UECAwJQmFuZ2Fsb3JlMQswCQYDVQQGEwJJTjAeFw0xODAxMDMxMjIzNDBaFw0yMDAxMDMxMjIzNDBaMCgxFzAVBgNVBA8MDkF1dGhlbnRpY2F0aW9uMQ0wCwYDVQQDDARyYWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7KCKiYzr+qMLctENHdC2fKaXyrQAlshfDBaojnByJdDVknlSfeqjNrYn47MJcG+/UpnA/WD1fg5gRvBIILcyhGKGCLuq4T5pMSbo3YlvcZIQWXp8pmhN4qmoNA35mMmP9ikFuDBIhWEj6NbEo0iUPVDSU0Lkx92+8nLROc+jI+h7Ymr0z2N8X3yWXSxSyH6RvF/Hc4uOb163mSJImd3AM50KfLuflShyU+sRPcuYZMNS9Aq48zLVySpAaHxY6xzi3eYyZWptP68i8P/UmPZEBYLlaaKG2r8RXh6E0pfclTI0rt5a9N3bwpaqig5nmFMUGvatzWjvYm/Mi2ETjXW9wIDAQABo4GMMIGJMAwGA1UdEwEB/wQCMAAwIgYDVR0jAQH/BBgwFoAUgrVRaCBCfAEiYlkr6rtaEbNDgsEwIAYDVR0OAQH/BBYEFCKdNzngYMsrwvlBavT8kukvbPrOMA4GA1UdDwEB/wQEAwIEsDAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAEA2pvI4g36e55Ym/GrBgWpBpZ4oLRWW79cQE6JQobREB0LNr0alC7p8R9Yibcx3ZWmOQKjNU4AE2SmoPtlDgF9xnkP5suO2aHq8xM5tx6AOZQEVR3Vp0vd2EcDW0rVKb9a9D1qQ2mJqc/PI5jVj2qKfQkW3veQ4f6raBiAUAD12w4Bn3PMHatiwLs/CM0sMkoHbpgvoGwVAHXZF2o1O7LXnAP+jjGy9TWtz9bDcTnNE9qSKZvNRtjLQRoj0Vvzi0iPbG91n8QoTepJtAjOGHoTgCvDjBcNfKW+qB0q/7VCeeKqtiVAMda74N5ETJ/I/vfvHHFb23UHL2nTVTltdWjMAADGCAhEwggINAgEBMHswdDElMCMGA1UEAwwcQ2VydGlmaWNhdGVNYW5hZ2VyIFJvb3QgMjAxNjEYMBYGA1UECgwPZU11ZGhyYSBMaW1pdGVkMRAwDgYDVQQLDAdlbXVkaHJhMRIwEAYDVQQIDAlCYW5nYWxvcmUxCzAJBgNVBAYTAklOAgNMS0EwDQYJYIZIAWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xODAxMTUwNTQwMDRaMC8GCSqGSIb3DQEJBDEiBCB2iiOOBmfEHJMS2IbdO/GN9IJcbXOw4JbjOsBmpyB8BTANBgkqhkiG9w0BAQEFAASCAQB6vnfd6uF1ePr4bj8JhuJlqzV9ENuNsmG/SxfeUKQpr7zRcQWEn5OAz/ZPOsWhacopfNXI7uA2T+dUwAHTwGR7Ns9oFtEMwk7vpR+cSmnRpQ17ayu7Adfn0t1Qk2/mi50ynwh17dUN1GayvB8WfjdNsk3pSQAa66JdQ+iv8ZhdOTNiuuxe6WOXzroUftrbi4bKzjp80vLMeCaD91u7ZpjAhzc91rMFMoa8vKbW3ALZ2q4lE7RpzlhoG8p8iEX2wuXXkNlEFq4sjXBlq3pSDnniomtx3Zz0ncTP/yl6yus8ygUY/Q1O21M2oqIFX0XJ4rIiQRxwT5j40amwI9EQbpSzAAAAAAAA",
" userName" : "username"
 " password" : "password "	
 "remarks": "string",
 "serialNum": "string",
"validFrom": "string"	,
“applicationId”:”string”
“isSignedData”  : “true/false”
}

Process

When request is received by the emCA service, we will decrypt the request JSON Object with the same AES key that is shared with the client.
After successful decryption, request JSON object (Signed data + Username + Password + serialNum + remarks+ Valid From+ Application ID) is retrieved.
First the emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.
If request is registered with the same user, then we check if the certificate is already created for requested applicationId or not.

if certificate is already created for applicationId then return existing certificate.
if certificate is not created for applicationId then we will create the certificate using next step.

If it is same then signed data (signature) is validated by trust verification, CRL verification and expiry.
If validation fails at any point in processing the request, emCA service will throw error/failure message.

Response Parameters

Parameter

Data Type

Description

Parameter

Data Type

Description

response

String

Returns JSON Object

JSON Object Contains below parameters

Parameter

Data Type

Description

status

String

Returns Status of the request as success if CSR is signed by the selected certificate profile id and generates x509 certificate.

Returns status of the request as failure if authentication fails or unregistered user tries to call the API.

result

String

Returns

In case of success: base 64 encoded x509 certificate data

In case of failure: Error message will be displayed.

subscriberId

String

Return Subscriber ID.

requestId

String

Return Request ID null.

Response JSON Format

Sample:
Success:
      Response Body()
     {
     "status":"success",
     "result":"base 64 encoded x509 certificate  data",
      “subscriberId”:”XXX”
      "requestId": null,
      “aliasname”:null
      }
      Failure:
     {
    "status":"failure",
    "result":"<Error message>"
    “subscriberId”:null
    "requestId": null,
     “aliasname”:null
      }

Error Messages

Error Message

Description

Invalid serial number

If the given serial number is invalid

Please enter valid data

If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile.

Signature verification failed

If signature parameter (CSR) is not signed by the pfx shared by eMudhra

Invalid From Date

Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00

PreviousAPI Method - suspend NextAPI Method-getCertificateByRequestID

Last updated 1 year ago

Purpose

Use the “rekey” method for creating certificate in case an existing certificate is lost.

Type of Method

POST

Request URL

Request Input Parameters

Parameter

Presence

Data Type

Description

userName

String

You need to pass username that is registered with emCA for API process.

password

String

You need to pass the password that is registered with emCA for API process.

signature

String

Pass the signed data in section 5 i.e., PKCS#7 data

Signed CSR Data

remarks

String

Pass your Reason to rekey the certificate

serialNo

String

Certificate Serial number

applicationId

String

Pass application ID

ValidFrom

String

Pass the valid from in the form of (dd:MM:yyyy HH:mm:ss)

to create certificate.

This parameter applies if the user certificate profile has ‘Support Customized Validity’.

Sample JSON Object

Header: 
			Content-Type : application/json

	Request Body:
	
		{
			"requestData" : "Q/5rvKIZvoMfuZQnysxcGawX4wC1xRttkCHEExreOwUCltgPG0FmsAbEmNHgHvdM2A7Vadyks2IDACydZDRG9rS/uq93IO3KMAyazof7IJXz31c3LiXorwiRksUFOrH2IqYbqI1q88Sf3rnxoTdq8oaOzYB2LoNPh8dZihJyDIR33BccF1Dg/sS/UAwxJ3fjbPzRJpFcqhi2FX1IS8TxyW2PZtPyLtSddyDFxliryGv8RMmVem6NdJYeNHcYo82qHtszdepvIWCi/DLCqs1alR9TcOsKQ8skBTUQY5xfiuONm68zytXBlF+MIAB40Wsw/12zywoCe2z14wqA/mvzF6Jd/Cw3059NfW8FtmBS502ty4l+kSDallVUCSFP9b9Drsh4q/giwT+zHa/SQ3LWCFkjDLaB/OMzMaZfAFwm27/mDB4mSWVMPzMo8CDBvNNNekeV6lSeKSJ7rEbR2JJYIeLzQFp++Dvnp0KZHZu5r+muXAPFCnsDj3MbLrpvbdl3VYKjtDCu0MXi/LX787pStPvr9coMmHTCwja5p7RwI7Ji/nbOnVpT8f2ylx/Rq7vTFRGAqnFmEK5HAkN6Owdf/dKaKUtifXzJqgjYft0NS7uoXbEJWbb4I86AqLhsPbqqN2zlOXZIaYLvkoleo//gAcevv6ZS3jk5rkhueR44ablyv5nhgQ25Fhg5cqu4hxUBOi1MRXk5RpA6RZkaz+DPGSsJJ4+yKzTEnxhUZvnqzeFEf1cvIU3Fx9PLmvrQ50cE28AdNu749WOUyjq/eZCFC1rmY6KyThU4ng49S+iqCrUiIIF+McgjbuVPRvy0M9eYi9HpVOduV7XEI2zrRLpID0ueVwo/j6XePsofLvk/5J/xT9S8Ge6wgVNQzkO47eLi2VEPf5OXRopBaSLFZ1SPIgBVumlSnPgLfdNVOirJjhqMyADZrXgoAw3c+YTqRhsRDAhtPKx90Qtw643eLEi/1ujz9ZxB6yzTvFYnh05eaM+N08QVlEJcS+z84vqnY6/+8746T6Ct/tDrLdFCNVvveSEPVCujbE6LI6pzAnNuHWZoFYoDjANRTDuS8m3LY3mcC24cTJnNTt7a/hF6IsUj0ygfVctkpATXvW9p1m4p6BpYmXFSP6w0nMvKnHd+Uy2R3qykk/1R6YoZbaG9dM3LrAqqAILkYNucL32xZCbSSKX6HIQtZ0WMAfTubYXLsDnAZCLeph1P+fjnkbgrpizkQg==",		
		}

Parameter

Presence

Data Type

Description

requestData

String

All the request input parameters mentioned above should be converted to JSON object and encrypted with AES 256 key shared with you by emCA team.

Pass Encrypted JSON Object.

userName

String

You need to pass username that is registered with emCA for API process.

Header Details

Key

Presence

Value

Description

Application / JSON

Content-Type

Type of request should be in JSON Format.

Authentication Key

emKey

emKey is an encoded key (Refer section 4 for generating Authentication Key using command prompt).

Sample Request Data

requestData	
		{
			"signature" : "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwGggCSABAVwYXdhbgAAAAAAAKCAMIIDpjCCAo6gAwIBAgIDTEtBMA0GCSqGSIb3DQEBCwUAMHQxJTAjBgNVBAMMHENlcnRpZmljYXRlTWFuYWdlciBSb290IDIwMTYxGDAWBgNVBAoMD2VNdWRocmEgTGltaXRlZDEQMA4GA1UECwwHZW11ZGhyYTESMBAGA1UECAwJQmFuZ2Fsb3JlMQswCQYDVQQGEwJJTjAeFw0xODAxMDMxMjIzNDBaFw0yMDAxMDMxMjIzNDBaMCgxFzAVBgNVBA8MDkF1dGhlbnRpY2F0aW9uMQ0wCwYDVQQDDARyYWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7KCKiYzr+qMLctENHdC2fKaXyrQAlshfDBaojnByJdDVknlSfeqjNrYn47MJcG+/UpnA/WD1fg5gRvBIILcyhGKGCLuq4T5pMSbo3YlvcZIQWXp8pmhN4qmoNA35mMmP9ikFuDBIhWEj6NbEo0iUPVDSU0Lkx92+8nLROc+jI+h7Ymr0z2N8X3yWXSxSyH6RvF/Hc4uOb163mSJImd3AM50KfLuflShyU+sRPcuYZMNS9Aq48zLVySpAaHxY6xzi3eYyZWptP68i8P/UmPZEBYLlaaKG2r8RXh6E0pfclTI0rt5a9N3bwpaqig5nmFMUGvatzWjvYm/Mi2ETjXW9wIDAQABo4GMMIGJMAwGA1UdEwEB/wQCMAAwIgYDVR0jAQH/BBgwFoAUgrVRaCBCfAEiYlkr6rtaEbNDgsEwIAYDVR0OAQH/BBYEFCKdNzngYMsrwvlBavT8kukvbPrOMA4GA1UdDwEB/wQEAwIEsDAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAEA2pvI4g36e55Ym/GrBgWpBpZ4oLRWW79cQE6JQobREB0LNr0alC7p8R9Yibcx3ZWmOQKjNU4AE2SmoPtlDgF9xnkP5suO2aHq8xM5tx6AOZQEVR3Vp0vd2EcDW0rVKb9a9D1qQ2mJqc/PI5jVj2qKfQkW3veQ4f6raBiAUAD12w4Bn3PMHatiwLs/CM0sMkoHbpgvoGwVAHXZF2o1O7LXnAP+jjGy9TWtz9bDcTnNE9qSKZvNRtjLQRoj0Vvzi0iPbG91n8QoTepJtAjOGHoTgCvDjBcNfKW+qB0q/7VCeeKqtiVAMda74N5ETJ/I/vfvHHFb23UHL2nTVTltdWjMAADGCAhEwggINAgEBMHswdDElMCMGA1UEAwwcQ2VydGlmaWNhdGVNYW5hZ2VyIFJvb3QgMjAxNjEYMBYGA1UECgwPZU11ZGhyYSBMaW1pdGVkMRAwDgYDVQQLDAdlbXVkaHJhMRIwEAYDVQQIDAlCYW5nYWxvcmUxCzAJBgNVBAYTAklOAgNMS0EwDQYJYIZIAWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xODAxMTUwNTQwMDRaMC8GCSqGSIb3DQEJBDEiBCB2iiOOBmfEHJMS2IbdO/GN9IJcbXOw4JbjOsBmpyB8BTANBgkqhkiG9w0BAQEFAASCAQB6vnfd6uF1ePr4bj8JhuJlqzV9ENuNsmG/SxfeUKQpr7zRcQWEn5OAz/ZPOsWhacopfNXI7uA2T+dUwAHTwGR7Ns9oFtEMwk7vpR+cSmnRpQ17ayu7Adfn0t1Qk2/mi50ynwh17dUN1GayvB8WfjdNsk3pSQAa66JdQ+iv8ZhdOTNiuuxe6WOXzroUftrbi4bKzjp80vLMeCaD91u7ZpjAhzc91rMFMoa8vKbW3ALZ2q4lE7RpzlhoG8p8iEX2wuXXkNlEFq4sjXBlq3pSDnniomtx3Zz0ncTP/yl6yus8ygUY/Q1O21M2oqIFX0XJ4rIiQRxwT5j40amwI9EQbpSzAAAAAAAA",
" userName" : "username"
 " password" : "password "	
 "remarks": "string",
 "serialNum": "string",
"validFrom": "string"	,
“applicationId”:”string”
“isSignedData”  : “true/false”
}

Process

When request is received by the emCA service, we will decrypt the request JSON Object with the same AES key that is shared with the client.
After successful decryption, request JSON object (Signed data + Username + Password + serialNum + remarks+ Valid From+ Application ID) is retrieved.
First the emCA service will validate username and password and check if the IP Address used for request and registered with the user are same.
If request is registered with the same user, then we check if the certificate is already created for requested applicationId or not.

if certificate is already created for applicationId then return existing certificate.
if certificate is not created for applicationId then we will create the certificate using next step.

If it is same then signed data (signature) is validated by trust verification, CRL verification and expiry.
If validation fails at any point in processing the request, emCA service will throw error/failure message.

Response Parameters

Parameter

Data Type

Description

Parameter

Data Type

Description

response

String

Returns JSON Object

JSON Object Contains below parameters

Parameter

Data Type

Description

status

String

Returns Status of the request as success if CSR is signed by the selected certificate profile id and generates x509 certificate.

Returns status of the request as failure if authentication fails or unregistered user tries to call the API.

result

String

Returns

In case of success: base 64 encoded x509 certificate data

In case of failure: Error message will be displayed.

subscriberId

String

Return Subscriber ID.

requestId

String

Return Request ID null.

Response JSON Format

Sample:
Success:
      Response Body()
     {
     "status":"success",
     "result":"base 64 encoded x509 certificate  data",
      “subscriberId”:”XXX”
      "requestId": null,
      “aliasname”:null
      }
      Failure:
     {
    "status":"failure",
    "result":"<Error message>"
    “subscriberId”:null
    "requestId": null,
     “aliasname”:null
      }

Error Messages

Error Message

Description

Invalid serial number

If the given serial number is invalid

Please enter valid data

If the signature parameter (CSR) contains an invalid CSR or if the CSR does not contain the required details of the selected certificate profile.

Signature verification failed

If signature parameter (CSR) is not signed by the pfx shared by eMudhra

Invalid From Date

Invalid Input: From Date should be in proper format dd:MM:YYYY hh:mm:ss e.g: 12:12:2019 00:00:00