Changes between Initial Version and Version 1 of OnlineCA


Ignore:
Timestamp:
10/01/13 13:27:34 (7 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • OnlineCA

    v1 v1  
     1= Online Certificate Authority Web Service = 
     2== Get Certificate == 
     3The get certificate operation is used to make a request for a new user credential. 
     4 
     5=== Inputs === 
     6 
     7|| Request type || HTTP POST over HTTPS || 
     8|| Attribute    ||Format        || Description || 
     9|| certificate_request  || PEM  in HTTP message body || Certificate signing request for user certificate being requested || 
     10|| username     ||HTTP Basic Auth header        || User identity to associate with certificate to be issued.  The username will be set as the CN field of the certificate subject name || 
     11|| password     ||HTTP Basic Auth header        || associated password.  || 
     12|| 
     13|| realm        || HTTP Basic Auth header       || 
     14 
     15=== Outputs === 
     16 
     17|| HTTP Response code ||        Description || 
     18||200 ||        Success – PEM encoded X.509 certificate returned in response || 
     19||401 ||        client not authorised  - client certificate not present, or client certificate not verified, or certificate subject name in accepted retrievers || 
     20||405 ||        Error with format of client request e.g. error parsing certificate signing request || 
     21||500 ||        Server side error || 
     22 
     23 
     24== Get Trust Roots == 
     25This is a call to bootstrap trust in the online CA service.  Calling it retrieves the trust roots needed for the client to trust this service over SSL (HTTPS).  Trust roots include CA certificates and OpenSSL signing policy files.  The trust roots are returned as the serialised content of a trust root directory.  This should be restored on the client side to enable correct verification of the peer (the online CA service) for subsequent calls. 
     26 
     27=== Inputs === 
     28 
     29|| Request type || HTTP GET over HTTPS || 
     30||Attribute     ||Format        || Description || 
     31||None  -       ||- || 
     32 
     33No SSL client authentication is required on the part of the server. 
     34 
     35=== Outputs === 
     36 
     37||HTTP Response code || Description || 
     38||200   ||Success – a list of trust roots is returned in the response.  It has the following format: || 
     39||•     ||Each item is delimited by a newline character (‘\n’) || 
     40||•     ||Items are key/value pairs || 
     41||•     ||Each value is base 64 encoded || 
     42||•     ||The first key, TRUSTED_CERTS is set to a value containing a list of comma-separated filenames of the trust roots files.  The files include CA certificates and OpenSSL signing policy files. || 
     43||•     ||Subsequent keys are prefixed with the prefix FILEDATA_.  The suffix is the file name that should be written out. || 
     44||•     ||The value is set to the file content || 
     45||500   ||Server side error || 
     46 
     47