| Version 5 (modified by pjkersha, 5 years ago) (diff) |
|---|
Online Certificate Authority Web Service
Get Certificate
The get certificate operation is used to make a request for a new user credential.
Inputs
Request type: HTTP POST over HTTPS
| Attribute | Format | Description |
|---|---|---|
| certificate_request | PEM in HTTP message body | Certificate signing request for user certificate being requested |
| username | HTTP Basic Auth header | User identity to associate with certificate to be issued. The username will be set as the CN field of the certificate subject name |
| password | HTTP Basic Auth header | associated password. |
| realm | HTTP Basic Auth header |
Outputs
| HTTP Response code | Description |
|---|---|
| 200 | Success – PEM encoded X.509 certificate returned in response |
| 401 | client not authorised - client certificate not present, or client certificate not verified, or certificate subject name in accepted retrievers |
| 405 | Error with format of client request e.g. error parsing certificate signing request |
| 500 | Server side error |
Get Trust Roots
This is a call to bootstrap trust in the online CA service. Calling it retrieves the trust roots needed for the client to trust this service over SSL (HTTPS). Trust roots include CA certificates and OpenSSL signing policy files. The trust roots are returned as the serialised content of a trust root directory. This should be restored on the client side to enable correct verification of the peer (the online CA service) for subsequent calls.
Inputs
Request type: HTTP GET over HTTPS
| Attribute | Format | Description |
|---|---|---|
| None | - | - |
No SSL client authentication is required on the part of the server.
Outputs
| HTTP Response code | Description |
|---|---|
| 200 | Success – a list of trust roots is returned in the response. It has the following format: |
| • | Each item is delimited by a newline character (‘\n’) |
| • | Items are key/value pairs |
| • | Each value is base 64 encoded |
| • | The first key, TRUSTED_CERTS is set to a value containing a list of comma-separated filenames of the trust roots files. The files include CA certificates and OpenSSL signing policy files. |
| • | Subsequent keys are prefixed with the prefix FILEDATA_. The suffix is the file name that should be written out. |
| • | The value is set to the file content |
| 500 | Server side error |
