LogoLogo
  • emCA Certificate Manager
  • Introduction
    • Summary
    • Key Features
    • Key Components
    • Architecture
    • Use Cases
    • Security
    • Role based Access
    • Licensing
    • How emCA Works ?
  • Release Versions
    • V4.2.6
    • V4.2.5
    • V4.2.4
      • User Manual
        • CA Administrator
          • CA Admin Login
          • Dashboard Page
          • View CA Hierachy
          • Manage User Certificates
            • Search
          • Manage CA Certiifcates
            • Search
          • Manage User & Roles
            • Manage User
            • Create New User
            • View Groups
          • Reports
            • Application Logs
            • CRL Report
            • Certificate Statistics
            • All Certificates
            • Active / Revoked / Suspended / Expired Certificates
          • Application Settings
            • Manage License
            • Manage Authentication Matrix
            • Certificate Features
        • Administrator
          • View Hierachy
          • Manage Profiles
            • Manage Certificate Profiles
              • X509 certificate profile
              • Create CVC CA certificate profile
              • Create EMV Certificate Profile
            • Manage Key Profiles
            • Manage CRL Profiles
          • Manage User Certificates
          • Manage CA Certificates
          • Manage Keystores
          • Manage Users & Roles
          • Reports
          • Application Settings
          • Setup & Registeration
          • External Applications
          • Mail Settings
          • Manage Certificate Features
        • Officer
          • CA Hierarchy
          • Manage User Certificates
          • Manage CA Certificates
          • Manage CRLs
          • Manage EMV Certificate
          • Manage EMV CRLs
          • Manage Keystores
          • Manage OCSP Certificates
          • Recover User keypair
          • Reports
        • Auditor
          • CA Hierarchy
          • Reports
      • emCA_Deployment_Document
    • V4.2.3
      • User Manual
        • CA Administrator
          • CA Admin Login
          • Dashboard Page
          • View CA Hierachy
          • Manage User Certificates
            • Search
          • Manage CA Certiifcates
            • Search
          • Manage User & Roles
            • Manage User
            • Create New User
            • View Groups
          • Reports
            • Application Logs
            • CRL Report
            • Certificate Statistics
            • All Certificates
            • Active / Revoked / Suspended / Expired Certificates
          • Application Settings
            • Manage License
            • Manage Authentication Matrix
            • Certificate Features
        • Administrator
          • View Hierachy
          • Manage Profiles
            • Manage Certificate Profiles
              • X509 certificate profile
              • Create CVC CA certificate profile
              • Create EMV Certificate Profile
            • Manage Key Profiles
            • Manage CRL Profiles
          • Manage User Certificates
          • Manage CA Certificates
          • Manage Keystores
          • Manage Users & Roles
          • Reports
        • Officer
          • CA Hierarchy
          • Manage User Certificates
          • Manage CA Certificates
          • Manage CRLs
          • Manage EMV Certificate
          • Manage EMV CRLs
          • Manage Keystores
          • Manage OCSP Certificates
          • Recover User keypair
          • Reports
        • Auditor
          • CA Hierarchy
          • Reports
        • Operator
          • CA Hierarchy
          • Backup
    • V4.2.2
      • User Manual
        • CA Administrator
          • CA Admin Login
          • Dashboard Page
          • View CA Hierachy
          • Manage User Certificates
            • Search
          • Manage CA Certiifcates
            • Search
          • Manage User & Roles
            • Manage User
            • Create New User
            • View Groups
          • Reports
            • Application Logs
            • CRL Report
            • Certificate Statistics
            • All Certificates
            • Active / Revoked / Suspended / Expired Certificates
          • Application Settings
            • Manage License
            • Manage Authentication Matrix
            • Certificate Features
        • Administrator
          • View Hierachy
          • Manage Profiles
            • Manage Certificate Profiles
              • X509 certificate profile
              • Create CVC CA certificate profile
              • Create EMV Certificate Profile
            • Manage Key Profiles
            • Manage CRL Profiles
          • Manage User Certificates
          • Manage CA Certificates
          • Manage Keystores
          • Manage Users & Roles
          • Reports
        • Officer
          • CA Hierarchy
          • Manage User Certificates
          • Manage CA Certificates
          • Manage CRLs
          • Manage EMV Certificate
          • Manage EMV CRLs
          • Manage Keystores
          • Manage OCSP Certificates
          • Recover User keypair
          • Reports
        • Auditor
          • CA Hierarchy
          • Reports
        • Operator
          • CA Hierarchy
          • Backup
    • V4.2.1
    • V4 .0.17
      • Open API Specifications
        • Prerequisites
        • Process for calling emCA API
        • How to Generate an Authentication Key
        • How to Generate Signed Data (PKCS#7)
        • How to create JSON Object before Encryption
        • How to encrypt JSON object
        • How to generate a request JSON Object
        • API Methods
          • API Method -createCertificate and createCertificateP7B
          • API Method -createPKCS12
          • API Method -getCertificate
          • API Method - revoke
          • API Method - verifySignature
          • API Method - createCertificateById and createcertificateP7BById
          • API Method - createPKCS12ById
          • API Method - reinstate
          • API Method - suspend
          • API Method -rekey
          • API Method-getCertificateByRequestID
          • API Method - createCustomCertificateById
          • API Method - getExpirySoonCertificate
          • API Method - getProfileinfoByProfilename
          • API Method -getCertificateProfileList
          • API Method- createCertificatesByIdWithMultipleCsrData
          • API Method - getPKCS12
          • API Method - createeSignCustomCertificateById
        • ePassport Certificate API Methods
        • emClient.jar
        • SOAP Information
        • ACME Protocol
        • CMP Protocol
        • EST Protocol
        • SCEP Protocal
      • User Manual
        • View CA Hierarchy
          • Delete Certificate and Keypair
          • Search Certificate
          • View Certificate
          • Export Certificate
        • Manage Profiles
          • Key Profiles
            • Edit
            • Key Profile Creation
              • Create HSM Key Profile
              • Create PKCS12 Key Profile
          • Certificate Profiles
            • Certificate Profile Creation
              • Create CA Self Signed Certificate
              • Create User Certificate Profile
              • Create OSCP Certificate Profile
          • CRL Profiles
            • New CRL Profile
        • Manage User Certificate
          • Enroll
            • Generation of Soft Token Certificate
            • Generation of Hard Token Certificate
          • Revoke/Suspend
          • Reinstate
          • Search
          • Sign CSR
          • Manual Authorize Certificates
          • SCT Request
        • Manage CA Certificate
          • Enroll
            • Create Self-Signed CA Certificate
            • Create Sub CA Certificate
            • Create OSCP Certificate
            • Generate Signing CSR
          • Manage CA Certificates
            • Search Certificate
            • Import Certificate
          • Revoke CA Certificate
          • Search
          • Sign CSR
          • Import PKCS12
        • Manage CRLS
          • Create CRL
          • Update CRL
          • Download CRL
          • Scheduler Configuration
        • Manage OSCP Certificates
          • Configure OSCP Certificate
          • OSCP Configuration
        • Recover User Keypair
          • Recover
            • Key Recovery with new Password
            • Key Recovery with old Password
        • Manage Users and Roles
          • Manage User
            • Create New User
            • View all users created
            • View individual user
            • Deactivate user
            • Activate user
            • Renew
            • Delete User
          • View Groups
        • Reports
          • Types of Reports
          • CRL Reports
          • Certificate Stastics
          • All Certificates Reports
          • Active Certificates Report
          • Revoked Certificates Report
          • Suspended Certificates Report
          • Expired Certificates Report
        • Application Logs
        • Backup
          • Manual Backup on Local Server
          • Manual Backup on Remote Server
          • Automatic Backup on Local Server
          • Automatic Backup on Remote Server
        • Backup Restoration
        • Dashboard Features
          • View all Active CA and User Certificates
          • View Revoked CA and User Certificates
          • View all expiring soon CA and User Certificates
          • View all CRL-based Certificates
        • Application Settings
          • Manage License
          • Setup and Registration
          • External Applications Onboarding
        • Manage Key stores
    • V4.0.13
      • User Manual
        • View CA Hierarchy
          • Delete Certificates & Key Pair
          • Search Certificate
          • View Certificate
          • Export Certificate
        • Manage Profiles
          • Key Profile
            • Edit
            • Key Profile Creation
              • Create HSM Key Profile
              • Create PKCS 12 Keyprofile
        • Certificate Profiles
          • Certificate Profile Creation
            • Create CA Self Signed Certificate Profile
            • Create SubCA Certificate Profile
            • Create User CA Certificate
            • Create OCSP Certificate
        • Manage User Certificate
          • Enroll
            • Generation Of Softtoken Certificate
            • Generation Of Hardtoken Certificate
          • Revoke/Suspend
          • Reinstate
          • Search
          • Sign CSR
          • Manual Authorize Certificates
          • SCT Request
        • Manage CA Certificate
          • Enroll
            • Create Selfsigned CA Certificate
            • Create Sub CA Certificate
            • Create OCSP Certificate
            • Generate Signing CSR
          • Manage CA Certificates
            • Search
            • Import Certificate
        • Revoke CA Certificate
        • Search
        • Sign CSR
        • Import PKCS 12
        • Manage CRLs
          • Create CRL
          • Update CRL
          • Download CRL
          • Scheduler Configuration
        • Manage OCSP Certificate
          • Configure OCSP Certificates
          • OCSP Configuration
        • Key Recovery
          • Recover
            • Key Recovery With New Password
            • Key Recovery With Old Password
        • Manage Users & Roles
          • Manage Users
            • Create New User
            • View All Users Created
            • View Individual Users
            • Deactive Users
            • Activate Users
            • Renew
            • Delete
            • Export All users
          • View Groups
        • Reports
          • Features
          • Types Of Reports
            • CRL Reports
            • Certificate Statistics
            • All Certificate Reports
            • Active Certificate Reports
            • Revoked Certificate Reports
            • Suspended Certificate Reports
            • Expired Certificates Reports
        • Application Logs
        • Backup & Restore
          • Backup
            • Manual Backup on Local Server
            • Manual Backup On Remote Server
            • Automatic Backup on Local Server
            • Automatic Backup On Remote Server
          • Backup Restoration
        • Dashboard Features
          • View All Active CA and User Certificates
          • View Revoked CA & User Certificates
          • View All Expiring Soon & User Certificates
          • View All CRL Based Certificates
        • Application Settings
          • Manage emCA Authentication Matrix
          • External Application On-Boarding
        • Manage Keystore
  • Deployment Models
    • Single Instance
    • High Availability Deployment
    • Hybrid Deployment
    • Cloud Deployment
    • List of Prerequisites
      • Installations
        • Token Drivers
        • emCA Websocket
    • emCA Deployment Guide
      • Prerequisites
        • Other Prerequisites
      • emCA
      • emCA API
      • OCSP Core
      • OCSP Responder Web
      • TSA Core
      • TSA Web
      • Scheduler
      • DB Password Encryptor
      • emCA Initial Setup
      • Protocols Configuration Overview
        • ACME Protocol
        • EST Protocol
Powered by GitBook
On this page
  1. Release Versions
  2. V4.2.3
  3. User Manual
  4. Officer

Manage EMV Certificate

PreviousManage CRLsNextManage EMV CRLs

Last updated 1 year ago

An officer has the capability to manage EMV certificates within their designated group and generate EMV key pairs through the following user interface. To create an EMV Scheme certificate, the user must follow these two steps:

  1. Generate EMV Key Pair

  2. Generate a certificate using the generated key pair.

Manage EMV Keypair

Generate EMV Key Pair

On the "Manage EMV Key Pairs" page, when you click on the "Generate EMV Key Pair" button, the following steps will be presented to you:

1. Enter the number of keys needed. 2. Public Key Exponent will be a prefixed component. 3. Select the key profile from the dropdown menu. 4. Choose the Signature Algorithm from the dropdown list.

  1. Select the Key Algorithm & Size for the respective signature algorithm from the dropdown list.

  1. Select the purpose, based on the requirement (live or test), from the dropdown.

  2. After providing all the details, click on "Proceed."

  1. You will need to authenticate the certificate generation using your Officer token, then press Authenticate to proceed.

  2. Click on "Generate Key Pair" to complete the key pair generation.

  3. Upon completion, the following UI will be shown:

  1. Select "View All" to see the created key pair grid or click on "+New" to create a new key pair.

Generate EMV scheme /Root Certificate:

Note: To initiate the creation of a Certificate request or Scheme Certificate, the user need to generate Key pair.

Select the "Certificate" radio button to generate a Root or Scheme certificate. Choose the certificate profile from the dropdown.

When you select a certificate profile , you will be prompted to enter its details. You need to enter the RID value, CA Public Key Index, and expiration date in the MMYY format. From the dropdown menu, select "MasterCard" as the type of certificate. Lastly, provide a description for the purpose of the certificate. Once you have provided all the details, click on the "Proceed" button.

You will need to authenticate the certificate generation using your Officer token, then press "Authenticate" to proceed.

Click on "Create" to complete the Certificate Generation Process.

Upon successful completion, you will receive a success message on the screen for the creation of the EMV Certificate. The certificates are created in SEP and HEP files. Users can download the files, and the downloaded SEP file and HEP file are displayed with the name "MSI" followed by the index number.

Click "View all" to see the created scheme certificates. Click "+New" to create another certificate.

Generate Certificate Request

Note: To initiate the creation of a Certificate request or Scheme Certificate, user need to generate EMV Key pair.

To generate a Certificate Request, click on the "CA Public Key Certificate/Issuer Public Key Certificate Request" icon in the Action column.

After clicking on the Flag icon, the screen shown below will appear:

To generate a certificate request, select the "Certificate Request" option. Enter the BIN (Bank Identification Number) provided by your bank, followed by the Issuer Public Key Index. Provide the Expiry Date in MMYY format. Once you have entered all the required information, click on the "Proceed" button to proceed with the request.

After selecting "Proceed," you will need to authenticate the certificate generation using your officer token and press the "Authenticate" button.

After successfully authenticating, click "Create" to generate the certificate request. Once complete, the following UI will be displayed:

After successfully creating a "Certificate Request", users will receive a success message on their screen. The certificates will be generated in SIP and HIP file formats. Users can download these files, and they will be displayed with the prefix of the BIN NO followed by the suffix of the Issuer Public Key Index. For clarity, this will be shown as follows: [BIN NO]_[Issuer Public Key Index]. The downloaded SIP and HIP files can then be used as needed.

Click "View" to see created certificate requests. Click "+New" to create another request.

Note: To obtain the Issuer Public Key certificate, you must upload the generated SIP and HIP files for them to be signed with the Scheme certificate.

Manage EMV Public keys

In this section, you can find the "EMV Public Keys" for certificates that are linked to each RID in a JSON file. By selecting an RID from the dropdown menu, the user can view a list of CA Public Keys that correspond to the selected RID.

Please provide the name and a description.

Click on "Proceed." you will then be prompted to authenticate the certificate generation:

Press "Authenticate" after authenticating with your Officer token to proceed.

Upon successful authentication, click on the "Create" button.

Upon clicking the "Create" button, EMV Public keys will be created in a JSON object as shown.

Generate Issuer Public Key Certificate

When a user chooses the "Generate Issuer Public Key Certificate" option within the "Manage EMV Certificate" section, the following user interface (UI) will be presented. This UI will display a grid listing all previously created EMV certifications, including both Issuer public key certificates and CA public key certificates, as shown below.

To generate an Issuer Public key certificate, the user needs to sign a "certificate request" by selecting the "+Sign EMV Certificate" option.

Upon selecting "+Sign EMV Certificate," the screen displayed will direct the user to perform the following actions shown in the below screen

Upload the SIP and HIP files and choose the Issuer Certificate from the dropdown menu.

To continue, kindly click on the "Proceed" button.

After selecting the "Proceed" button, you will be directed to the "Verify and Confirm" section. This section will display the SIP details for your review, as shown below. Here, you can confirm that the information is correct before proceeding by clicking the "Proceed" button again.

After clicking "Proceed," the authentication process will be initiated. The user will be required to provide their password for authentication purposes.

Additionally, the user has the option to edit SIP details, including the serial number, if necessary.

Clicking the "Sign" button after successful authentication will trigger a message confirming the successful signing of the EMV request.

The user can download the certificate in .C21 format by clicking "Download." The format number corresponds with the issuer index.

To generate an EMV certificate, click the "CA Public Key Certificate/Issuer Public Key Certificate Request" icon in the Action column.