LogoLogo
  • emCA Certificate Manager
  • Introduction
    • Summary
    • Key Features
    • Key Components
    • Architecture
    • Use Cases
    • Security
    • Role based Access
    • Licensing
    • How emCA Works ?
  • Release Versions
    • V4.2.6
    • V4.2.5
    • V4.2.4
      • User Manual
        • CA Administrator
          • CA Admin Login
          • Dashboard Page
          • View CA Hierachy
          • Manage User Certificates
            • Search
          • Manage CA Certiifcates
            • Search
          • Manage User & Roles
            • Manage User
            • Create New User
            • View Groups
          • Reports
            • Application Logs
            • CRL Report
            • Certificate Statistics
            • All Certificates
            • Active / Revoked / Suspended / Expired Certificates
          • Application Settings
            • Manage License
            • Manage Authentication Matrix
            • Certificate Features
        • Administrator
          • View Hierachy
          • Manage Profiles
            • Manage Certificate Profiles
              • X509 certificate profile
              • Create CVC CA certificate profile
              • Create EMV Certificate Profile
            • Manage Key Profiles
            • Manage CRL Profiles
          • Manage User Certificates
          • Manage CA Certificates
          • Manage Keystores
          • Manage Users & Roles
          • Reports
          • Application Settings
          • Setup & Registeration
          • External Applications
          • Mail Settings
          • Manage Certificate Features
        • Officer
          • CA Hierarchy
          • Manage User Certificates
          • Manage CA Certificates
          • Manage CRLs
          • Manage EMV Certificate
          • Manage EMV CRLs
          • Manage Keystores
          • Manage OCSP Certificates
          • Recover User keypair
          • Reports
        • Auditor
          • CA Hierarchy
          • Reports
      • emCA_Deployment_Document
    • V4.2.3
      • User Manual
        • CA Administrator
          • CA Admin Login
          • Dashboard Page
          • View CA Hierachy
          • Manage User Certificates
            • Search
          • Manage CA Certiifcates
            • Search
          • Manage User & Roles
            • Manage User
            • Create New User
            • View Groups
          • Reports
            • Application Logs
            • CRL Report
            • Certificate Statistics
            • All Certificates
            • Active / Revoked / Suspended / Expired Certificates
          • Application Settings
            • Manage License
            • Manage Authentication Matrix
            • Certificate Features
        • Administrator
          • View Hierachy
          • Manage Profiles
            • Manage Certificate Profiles
              • X509 certificate profile
              • Create CVC CA certificate profile
              • Create EMV Certificate Profile
            • Manage Key Profiles
            • Manage CRL Profiles
          • Manage User Certificates
          • Manage CA Certificates
          • Manage Keystores
          • Manage Users & Roles
          • Reports
        • Officer
          • CA Hierarchy
          • Manage User Certificates
          • Manage CA Certificates
          • Manage CRLs
          • Manage EMV Certificate
          • Manage EMV CRLs
          • Manage Keystores
          • Manage OCSP Certificates
          • Recover User keypair
          • Reports
        • Auditor
          • CA Hierarchy
          • Reports
        • Operator
          • CA Hierarchy
          • Backup
    • V4.2.2
      • User Manual
        • CA Administrator
          • CA Admin Login
          • Dashboard Page
          • View CA Hierachy
          • Manage User Certificates
            • Search
          • Manage CA Certiifcates
            • Search
          • Manage User & Roles
            • Manage User
            • Create New User
            • View Groups
          • Reports
            • Application Logs
            • CRL Report
            • Certificate Statistics
            • All Certificates
            • Active / Revoked / Suspended / Expired Certificates
          • Application Settings
            • Manage License
            • Manage Authentication Matrix
            • Certificate Features
        • Administrator
          • View Hierachy
          • Manage Profiles
            • Manage Certificate Profiles
              • X509 certificate profile
              • Create CVC CA certificate profile
              • Create EMV Certificate Profile
            • Manage Key Profiles
            • Manage CRL Profiles
          • Manage User Certificates
          • Manage CA Certificates
          • Manage Keystores
          • Manage Users & Roles
          • Reports
        • Officer
          • CA Hierarchy
          • Manage User Certificates
          • Manage CA Certificates
          • Manage CRLs
          • Manage EMV Certificate
          • Manage EMV CRLs
          • Manage Keystores
          • Manage OCSP Certificates
          • Recover User keypair
          • Reports
        • Auditor
          • CA Hierarchy
          • Reports
        • Operator
          • CA Hierarchy
          • Backup
    • V4.2.1
    • V4 .0.17
      • Open API Specifications
        • Prerequisites
        • Process for calling emCA API
        • How to Generate an Authentication Key
        • How to Generate Signed Data (PKCS#7)
        • How to create JSON Object before Encryption
        • How to encrypt JSON object
        • How to generate a request JSON Object
        • API Methods
          • API Method -createCertificate and createCertificateP7B
          • API Method -createPKCS12
          • API Method -getCertificate
          • API Method - revoke
          • API Method - verifySignature
          • API Method - createCertificateById and createcertificateP7BById
          • API Method - createPKCS12ById
          • API Method - reinstate
          • API Method - suspend
          • API Method -rekey
          • API Method-getCertificateByRequestID
          • API Method - createCustomCertificateById
          • API Method - getExpirySoonCertificate
          • API Method - getProfileinfoByProfilename
          • API Method -getCertificateProfileList
          • API Method- createCertificatesByIdWithMultipleCsrData
          • API Method - getPKCS12
          • API Method - createeSignCustomCertificateById
        • ePassport Certificate API Methods
        • emClient.jar
        • SOAP Information
        • ACME Protocol
        • CMP Protocol
        • EST Protocol
        • SCEP Protocal
      • User Manual
        • View CA Hierarchy
          • Delete Certificate and Keypair
          • Search Certificate
          • View Certificate
          • Export Certificate
        • Manage Profiles
          • Key Profiles
            • Edit
            • Key Profile Creation
              • Create HSM Key Profile
              • Create PKCS12 Key Profile
          • Certificate Profiles
            • Certificate Profile Creation
              • Create CA Self Signed Certificate
              • Create User Certificate Profile
              • Create OSCP Certificate Profile
          • CRL Profiles
            • New CRL Profile
        • Manage User Certificate
          • Enroll
            • Generation of Soft Token Certificate
            • Generation of Hard Token Certificate
          • Revoke/Suspend
          • Reinstate
          • Search
          • Sign CSR
          • Manual Authorize Certificates
          • SCT Request
        • Manage CA Certificate
          • Enroll
            • Create Self-Signed CA Certificate
            • Create Sub CA Certificate
            • Create OSCP Certificate
            • Generate Signing CSR
          • Manage CA Certificates
            • Search Certificate
            • Import Certificate
          • Revoke CA Certificate
          • Search
          • Sign CSR
          • Import PKCS12
        • Manage CRLS
          • Create CRL
          • Update CRL
          • Download CRL
          • Scheduler Configuration
        • Manage OSCP Certificates
          • Configure OSCP Certificate
          • OSCP Configuration
        • Recover User Keypair
          • Recover
            • Key Recovery with new Password
            • Key Recovery with old Password
        • Manage Users and Roles
          • Manage User
            • Create New User
            • View all users created
            • View individual user
            • Deactivate user
            • Activate user
            • Renew
            • Delete User
          • View Groups
        • Reports
          • Types of Reports
          • CRL Reports
          • Certificate Stastics
          • All Certificates Reports
          • Active Certificates Report
          • Revoked Certificates Report
          • Suspended Certificates Report
          • Expired Certificates Report
        • Application Logs
        • Backup
          • Manual Backup on Local Server
          • Manual Backup on Remote Server
          • Automatic Backup on Local Server
          • Automatic Backup on Remote Server
        • Backup Restoration
        • Dashboard Features
          • View all Active CA and User Certificates
          • View Revoked CA and User Certificates
          • View all expiring soon CA and User Certificates
          • View all CRL-based Certificates
        • Application Settings
          • Manage License
          • Setup and Registration
          • External Applications Onboarding
        • Manage Key stores
    • V4.0.13
      • User Manual
        • View CA Hierarchy
          • Delete Certificates & Key Pair
          • Search Certificate
          • View Certificate
          • Export Certificate
        • Manage Profiles
          • Key Profile
            • Edit
            • Key Profile Creation
              • Create HSM Key Profile
              • Create PKCS 12 Keyprofile
        • Certificate Profiles
          • Certificate Profile Creation
            • Create CA Self Signed Certificate Profile
            • Create SubCA Certificate Profile
            • Create User CA Certificate
            • Create OCSP Certificate
        • Manage User Certificate
          • Enroll
            • Generation Of Softtoken Certificate
            • Generation Of Hardtoken Certificate
          • Revoke/Suspend
          • Reinstate
          • Search
          • Sign CSR
          • Manual Authorize Certificates
          • SCT Request
        • Manage CA Certificate
          • Enroll
            • Create Selfsigned CA Certificate
            • Create Sub CA Certificate
            • Create OCSP Certificate
            • Generate Signing CSR
          • Manage CA Certificates
            • Search
            • Import Certificate
        • Revoke CA Certificate
        • Search
        • Sign CSR
        • Import PKCS 12
        • Manage CRLs
          • Create CRL
          • Update CRL
          • Download CRL
          • Scheduler Configuration
        • Manage OCSP Certificate
          • Configure OCSP Certificates
          • OCSP Configuration
        • Key Recovery
          • Recover
            • Key Recovery With New Password
            • Key Recovery With Old Password
        • Manage Users & Roles
          • Manage Users
            • Create New User
            • View All Users Created
            • View Individual Users
            • Deactive Users
            • Activate Users
            • Renew
            • Delete
            • Export All users
          • View Groups
        • Reports
          • Features
          • Types Of Reports
            • CRL Reports
            • Certificate Statistics
            • All Certificate Reports
            • Active Certificate Reports
            • Revoked Certificate Reports
            • Suspended Certificate Reports
            • Expired Certificates Reports
        • Application Logs
        • Backup & Restore
          • Backup
            • Manual Backup on Local Server
            • Manual Backup On Remote Server
            • Automatic Backup on Local Server
            • Automatic Backup On Remote Server
          • Backup Restoration
        • Dashboard Features
          • View All Active CA and User Certificates
          • View Revoked CA & User Certificates
          • View All Expiring Soon & User Certificates
          • View All CRL Based Certificates
        • Application Settings
          • Manage emCA Authentication Matrix
          • External Application On-Boarding
        • Manage Keystore
  • Deployment Models
    • Single Instance
    • High Availability Deployment
    • Hybrid Deployment
    • Cloud Deployment
    • List of Prerequisites
      • Installations
        • Token Drivers
        • emCA Websocket
    • emCA Deployment Guide
      • Prerequisites
        • Other Prerequisites
      • emCA
      • emCA API
      • OCSP Core
      • OCSP Responder Web
      • TSA Core
      • TSA Web
      • Scheduler
      • DB Password Encryptor
      • emCA Initial Setup
      • Copy of emCA Initial Setup
Powered by GitBook
On this page
  • Request Certificate
  • RequestForeignCertificate
  • GetCACertificates
  • Send Certificate
  • Distribution of Document Signer Lists
  1. Release Versions
  2. V4 .0.17
  3. Open API Specifications

ePassport Certificate API Methods

Distribution of CV Certificates

The following messages are used for the management of CV certificates at a national level.

Request Certificate

This message is used by a DV or by a terminal for requesting the generation of a new certificate for one of its keys from the national CVCA or the DV, respectively.

Input parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

Description

callbackIndicator *

String

With this parameter the originator of the message informs the receiver if it can handle callbacks as response to this message.

messageID [C]

String

This parameter contains the identification of the message. It MUST identify the message uniquely within all messages of the originator. If a response message will be send to the originator as a result of this message, the response message SHALL contain the same messageID.

responseURL [C]

String

This parameter contains the URL, at which the originator expects the response message to be sent, if the message will be processed asynchronously.

certReq*

String

This parameter contains the certificate request.

certReq: It is necessary to use the Certificate Request Structure and follow the encoding specifications for Machine Readable Travel Documents.

Output parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

Description

certificateSeq [C]

String

This parameter contains one or more certificates, if the message has been processed successfully. It is REQUIRED if certificates have to be sent with the response. It MUST be missing if no certificates will be sent with the message.

Return Codes

Return codes

Description

ok_cert_available

The message has been processed successfully. The parameter certificateSeq contains one or

more certificates.

ok_syntax

The reception of the message is acknowledged. The syntax of the message has been verified successfully. The further processing of the message will be done asynchronously.

ok_reception_ack

The reception of the message is acknowledged. No further verification of the message has been done yet. The processing of the message will be done asynchronously.

failure_inner_signature

The verification of the inner signature of the actual certificate request failed

failure_outer_signature

The verification of the outer signature of the actual certificate request failed.

failure_expired

The certificate used to verify the outer signature is expired.

failure_domain_parameters

The domain parameters contained in the request do not match the domain parameters of the corresponding CVCA certificate.

failure_request_not_accepted

The message has been processed correctly but the request has not been accepted. In this case further procedures must be determined by organizational measures.

failure_syntax

The received message is syntactically not correct.

failure_synchronous_processing_not_possible

The sender has indicated that he does not accept callback messages, hence the message must be processed synchronously by the receiver. But the receiver cannot process this message synchronously. In this case further procedures must be determined by organizational measures.

failure_internal_error

Any other error.

RequestForeignCertificate

This message is used by a DV to initiate the request for a new certificate for one of its keys from a CVCA in another country. This message is not sent to the foreign CVCA which is intended to generate the certificate, instead, it is sent to the national SPOC of the country of the DV. This national SPOC verifies the request of the DV according to national regulations. If the request meets the national regulations it is forwarded to the SPOC of the other country.

Input parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

Description

callbackIndicator *

String

With this parameter the originator of the message informs the receiver if it can handle callbacks as response to this message.

messageID [C]

String

This parameter contains the identification of the message. It MUST identify the message uniquely within all messages of the originator. If a response message will be send to the originator as a result of this message, the response message SHALL contain the same messageID.

responseURL [C]

String

This parameter contains the URL, at which the originator expects the response message to be sent, if the message will be processed asynchronously.

foreignCAR*

String

This parameter contains the reference to the (expected) signature key of the foreign certification authority which also should be contained in the body of the certificate request contained in the parameter certReq.

certReq*

String

This parameter contains the certificate request.

certReq: It MUST be constructed according to the Certificate Request Structure. The coding must follow the specifications in Encoding of Values. (Reference: Machine Readable Travel Documents)

Output parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

Description

certificateSeq [C]

String

This parameter contains one or more certificates, if the message has been processed successfully. It is REQUIRED if certificates have to be sent with the response. It MUST be missing if no certificates will be sent with the message.

Return Codes

Return codes

Description

ok_cert_available

The message has been processed successfully. The parameter certificateSeq contains one or

more certificates.

ok_request_forwarded

The message has been processed successfully and synchronously by the SPOC. It has been forwarded to the intended foreign SPOC. The foreign SPOC has acknowledged the reception of the message.

ok_syntax

The reception of the message is acknowledged. The syntax of the message has been verified successfully. The further processing of the message will be done asynchronously.

ok_reception_ack

The reception of the message is acknowledged. No further verification of the message has been done yet. The processing of the message will be done asynchronously.

failure_inner_signature

The verification of the inner signature of the actual certificate request failed

failure_outer_signature

The verification of the outer signature of the actual certificate request failed.

failure_expired

The certificate used to verify the outer signature is expired.

failure_domain_parameters

The domain parameters contained in the request do not match the domain parameters of the corresponding CVCA certificate.

failure_request_not_accepted

The message has been processed correctly but the request has not been accepted. In this case further procedures must be determined by organizational measures.

failure_syntax

The received message is syntactically not correct.

failure_synchronous_processing_not_possible

The sender has indicated that he does not accept callback messages, hence the message must be processed synchronously by the receiver. But the receiver cannot process this message synchronously. In this case further procedures must be determined by organizational measures.

failure_internal_error

Any other error.

GetCACertificates

This message is sent by a DV or by a terminal to a CVCA or to a DV, respectively, in order to get all relevant CA certificates of the national CVCA or foreign CVCAs. In this sense, a CA certificate is regarded as relevant if it is still valid and if it is needed for the verification of a (valid) certificate of the DV (generated by the CVCA).

Input parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

Description

callbackIndicator *

String

With this parameter the originator of the message informs the receiver if it can handle callbacks as response to this message.

messageID [C]

String

This parameter contains the identification of the message. It MUST identify the message uniquely within all messages of the originator. If a response message will be send to the originator as a result of this message, the response message SHALL contain the same messageID.

responseURL [C]

String

This parameter contains the URL, at which the originator expects the response message to be sent, if the message will be processed asynchronously.

Output parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

Description

certificateSeq [C]

String

This parameter contains one or more certificates, if the message has been processed successfully. It is REQUIRED if certificates have to be sent with the response. It MUST be missing if no certificates will be sent with the message.

Return Codes

Return codes

Description

ok_cert_available

The message has been processed successfully. The parameter certificateSeq contains one or

more certificates.

ok_syntax

The reception of the message is acknowledged. The syntax of the message has been verified successfully. The further processing of the message will be done asynchronously.

ok_reception_ack

The reception of the message is acknowledged. No further verification of the message has been done yet. The processing of the message will be done asynchronously.

failure_syntax

The received message is syntactically not correct.

failure_synchronous_processing_not_possible

The sender has indicated that he does not accept callback messages, hence the message must be processed synchronously by the receiver. But the receiver cannot process this message synchronously. In this case further procedures must be determined by organizational measures.

failure_internal_error

Any other error.

Remarks:

If the message is processed successfully and accepted the CVCA MUST send all relevant CA certificates (see above) within the response, either in the output parameter certificateSeq(synchronous processing) or in the corresponding response message SendCertificates(asynchronous processing).

Send Certificate

  • If a certification authority or a SPOC processes one of the messages RequestCertificate, RequestForeignCertificate or GetCACertificates asynchronously, it uses a response message SendCertificates to communicate the result of its processing. It sends the response message always to that URL which is contained in the parameter responseURL of the received message.

  • This message can also be used to notify registered entities about the availability of new certificates. In this case the messageID must be omitted.

  • This message itself must always be processed synchronously by its receiver.

Input parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

Description

messageID [C]

String

This parameter contains the identification of the message. It MUST identify the message uniquely within all messages of the originator. If a response message will be send to the originator as a result of this message, the response message SHALL contain the same messageID.

statusInfo [C]

String

This parameter contains the URL, at which the originator expects the response message to be sent, if the message will be processed asynchronously.

Output parameters

None.

Return Codes

Return codes

Description

ok_received_correctly

The message has been received and processed synchronously. No output is generated.

failure_syntax

The received message is syntactically not correct.

failure_messageID_unknown

The contained messageID cannot be matched with a message formerly sent.

failure_internal_error

Any other error.

Distribution of Document Signer Lists

The following messages are used for the distribution of Document Signer Lists.

GetDocumentSignerList

  • This message is sent by a terminal to its DV in order to get one or more signed lists of document signers.

  • Input, Output and Return Codes parameters for message GetDocumentSignerList

Input parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

Description

messageID [C]

String

This parameter contains the identification of the message. It MUST identify the message uniquely within all messages of the originator. If a response message will be send to the originator as a result of this message, the response message SHALL contain the same messageID.

callbackIndicator *

String

With this parameter the originator of the message informs the receiver if it can handle callbacks as response to this message. If the originator can handle callbacks, this parameter MUST be set to callback_possible. In this case, the receiver can decide if it processes this message synchronously or asynchronously. If the receiver processes this message asynchronously, it will send the response using the appropriate callback message. If the originator cannot handle callbacks, this parameter MUST be set to callback_not_possible.

responseURL [C]

String

This parameter contains the URL, at which the originator expects the response message to be sent, if the message will be processed asynchronously. This parameter is REQUIRED if the originator of the message indicates that it can handle a callback as response to this message (i.e., parameter callbackIndicator = callback_possible). It MUST be missing, if the originator of the message indicates, that it cannot handle callbacks as response to this message (i.e., parameter callbackIndicator = callback_not_possible).

Output parameters

* - Mandatory parameter, C - Conditional

Parameter

Data Type

documentSignerList [C]

String

Return Codes

Return codes

Description

ok_list_available

The request has been processed successfully. The input or output parameter contains the requested list.

ok_syntax

The reception of the message is acknowledged. The syntax of the message has been verified successfully. The further processing of the message will be done asynchronously. The result of the processing will be sent to the URL contained in the parameter responseURL using the corresponding response message.

ok_reception_ack

The reception of the message is acknowledged. No further verification of the message has been done yet. The processing of the message will be done asynchronously. The result of the processing will be sent to the URL contained in the parameter responseURL using the corresponding response message.

failure_list_not_available

The corresponding message has been processed correctly but the requested list is not available.

failure_syntax

The received message is syntactically not correct.

failure_synchronous_processing_not_possible

The sender has indicated that he does not accept callback messages, hence the message must be processed synchronously by the receiver. But the receiver cannot process this message synchronously. In this case further procedures must be determined by organizational measures.

failure_internal_error

Any other error

PreviousAPI Method - createeSignCustomCertificateByIdNextemClient.jar

Last updated 1 year ago