3. Issue a Certificate
Create a sign CSR request
POST: /v1/certificate/sign
Description: Generates a valid x509 Certificate out of a csr-string. Replace the certificateSigningRequest
property with the result from CertificateSigningRequest.
The key CA.approver.securosys.com
signs the CSR.
Setting the certificateAuthority
to false
, should be set if it is a leaf-certificate.
{
"signCertificateRequest": {
"signKeyName": "CA.approver.securosys.com",
"keyPassword": null,
"signatureAlgorithm": "SHA256_WITH_RSA",
"commonName": "Approver-Intermediate-SUB",
"certificateAuthority": false,
"certificateSigningRequest": "replace-me_with_csr_value"
"keyUsage": [
"DIGITAL_SIGNATURE"
],
"extendedKeyUsage": [
"ANY_EXTENDED_KEY_USAGE"
]
}
}
Response
{
"signRequestId": "9dd448e1-6d34-4b98-a05b-3ec006d99fef"
}
Remeber the signRequestId
, to fetch the result once the approval is given.
Approve the Certificate Request
1. Open the approval app from securosys: https://approver.securosys.com
2. Approve the request: APPROVE
3. Fetch the result:
GET: /v1/request/9dd448e1-6d34-4b98-a05b-3ec006d99fef
Put the signRequestId
from before we have remembered: id=9dd448e1-6d34-4b98-a05b-3ec006d99fef
If the status of the Request other than EXECUTED
the approval did not work.
{
"id": "9dd448e1-6d34-4b98-a05b-3ec006d99fef",
"status": "EXECUTED",
"executionTime": "2024-01-23T11:43:43Z",
"approvedBy": [
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLwHSQM4sd93UtEJ+t6G22sopYmL6roZxQGL0GWn7WAaiogfQ5EOM+sYQyeJgtuLQkdfwDBnScJx7IgBiOKFpXdaM9i08hSljFlbTT7zP0XjojtGD4U27nLuLqGUhmloLtc+6yBK2FL/7QWB2c9tyCgHiIhmXZesBhZRRFdrpwP66XoGIsgxt1AxFjV1z5MG0g7DULfUSqWG7gGOxvwITFwmqDwuA6rh952X5iJ7zopSSmGhrTeFrV/1Io0E8SsJhRM9m7BOdcg/X6X+5iqK5Obp6Js18Y7eddf/Q5amQSzwlXx6mJAyj2//1DnGz0UbacKStqgZZiC0xAhLEwo7XQIDAQAB"
],
"notYetApprovedBy": [],
"rejectedBy": [],
"result": "-----BEGIN CERTIFICATE-----\nMIIC8jCCAdqgAwIBAgIBADANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZDQS1LZXkwHhcNMjQwMTIzMDAwMDAwWhcNMjQwNDIyMDAwMDAwWjAkMSIwIAYDVQQDExlBcHByb3Zlci1JbnRlcm1lZGlhdGUtU1VCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MNe31/9GJM/9FMBObuFN3Hb+OzqMq/KXufa8aACpOd/sJiBwwnGACEMzEGncNPE0a5fzHOYL7xBrSHbvfDGGTreVidfh5lDvVGPYkmBsw3eaRkEqT4Hq7dI7MGub23oropGytb2aRz7VVCFurdaA8omPSJ2rpPsMl3lzZ8edKCUIX12pSgbVaaNn5AdcONfq1pI40UM/i7rZYmat+DznY/hBjUM3j7O08l3OLWe3BMVTluYyy2H7EBDAfRGVJ+9jOe25oOWiYwvDZ35Sd8h0Zo6YsZ7HNEBZHxy9wcTSLNpsVM3jMzVLDCD6Z6a2ojYmU+khT1hVJg6wYnCu4nXsQIDAQABo0IwQDAfBgNVHSMEGDAWgBSIqh0XCn5r6loXgfWz004YMa3vSzAdBgNVHQ4EFgQUVUN9cQq1l32GbgQ86WTVRp+Eu8kwDQYJKoZIhvcNAQELBQADggEBAI5vB0sxjI2Y/LG2sQNajsXM1ZmVilVkx7XSL8x8SBTogD4FgykfWhRA68E1ehwYUPE8Nj49wASZ3e4rSFW8JodjWlUov8vojvNrURlgg/Qn8yBtqBIIQ32NlEMAzCqWBOyTNjGsMNQuj2JoT00oNO5kYj0dWGS8ZRvX6OdPnwdoyPFqtARjZJS4R+W2COljAW/pQ8YOKWudGPhrUUCwdQxYZP7XZ7rlCWBHwYif8+8rdgbgIb7xPeyUXNRovu9lExV9wIrHI7QVKXNSB1Svgt51NHutIypcpW2RZg+Pt/wE/E9Lsfk3/P6jbv6nnFl2P5X6WfQRZW9L8t85H8bgN2Q=\n-----END CERTIFICATE-----"
}
Import certificate
POST: /v1/certificate/import/plain
Description: Import a certificate
Importing a certificate has to be a valid base64 encoded String. Remove -----BEGIN CERTIFICATE-----\n
and \n-----END CERTIFICATE-----
{
"label": "SUB.approver.securosys.com",
"certificate": "MIIC8jCCAdqgAwIBAgIBADANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZDQS1LZXkwHhcNMjQwMTIzMDAwMDAwWhcNMjQwNDIyMDAwMDAwWjAkMSIwIAYDVQQDExlBcHByb3Zlci1JbnRlcm1lZGlhdGUtU1VCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MNe31/9GJM/9FMBObuFN3Hb+OzqMq/KXufa8aACpOd/sJiBwwnGACEMzEGncNPE0a5fzHOYL7xBrSHbvfDGGTreVidfh5lDvVGPYkmBsw3eaRkEqT4Hq7dI7MGub23oropGytb2aRz7VVCFurdaA8omPSJ2rpPsMl3lzZ8edKCUIX12pSgbVaaNn5AdcONfq1pI40UM/i7rZYmat+DznY/hBjUM3j7O08l3OLWe3BMVTluYyy2H7EBDAfRGVJ+9jOe25oOWiYwvDZ35Sd8h0Zo6YsZ7HNEBZHxy9wcTSLNpsVM3jMzVLDCD6Z6a2ojYmU+khT1hVJg6wYnCu4nXsQIDAQABo0IwQDAfBgNVHSMEGDAWgBSIqh0XCn5r6loXgfWz004YMa3vSzAdBgNVHQ4EFgQUVUN9cQq1l32GbgQ86WTVRp+Eu8kwDQYJKoZIhvcNAQELBQADggEBAI5vB0sxjI2Y/LG2sQNajsXM1ZmVilVkx7XSL8x8SBTogD4FgykfWhRA68E1ehwYUPE8Nj49wASZ3e4rSFW8JodjWlUov8vojvNrURlgg/Qn8yBtqBIIQ32NlEMAzCqWBOyTNjGsMNQuj2JoT00oNO5kYj0dWGS8ZRvX6OdPnwdoyPFqtARjZJS4R+W2COljAW/pQ8YOKWudGPhrUUCwdQxYZP7XZ7rlCWBHwYif8+8rdgbgIb7xPeyUXNRovu9lExV9wIrHI7QVKXNSB1Svgt51NHutIypcpW2RZg+Pt/wE/E9Lsfk3/P6jbv6nnFl2P5X6WfQRZW9L8t85H8bgN2Q="
}
Parse certificate with OpenSSL
Create a file
nano SUB-Securosys-001.crt
Copy content from /v1/certificate/synchronous/sign
response into file.
replace '\n' with real newlines
-----BEGIN CERTIFICATE-----
MIIC8jCCAdqgAwIBAgIBADANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZDQS1LZXkwHhcNMjQwMTIzMDAwMDAwWhcNMjQwNDIyMDAwMDAwWjAkMSIwIAYDVQQDExlBcHByb3Zlci1JbnRlcm1lZGlhdGUtU1VCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MNe31/9GJM/9FMBObuFN3Hb+OzqMq/KXufa8aACpOd/sJiBwwnGACEMzEGncNPE0a5fzHOYL7xBrSHbvfDGGTreVidfh5lDvVGPYkmBsw3eaRkEqT4Hq7dI7MGub23oropGytb2aRz7VVCFurdaA8omPSJ2rpPsMl3lzZ8edKCUIX12pSgbVaaNn5AdcONfq1pI40UM/i7rZYmat+DznY/hBjUM3j7O08l3OLWe3BMVTluYyy2H7EBDAfRGVJ+9jOe25oOWiYwvDZ35Sd8h0Zo6YsZ7HNEBZHxy9wcTSLNpsVM3jMzVLDCD6Z6a2ojYmU+khT1hVJg6wYnCu4nXsQIDAQABo0IwQDAfBgNVHSMEGDAWgBSIqh0XCn5r6loXgfWz004YMa3vSzAdBgNVHQ4EFgQUVUN9cQq1l32GbgQ86WTVRp+Eu8kwDQYJKoZIhvcNAQELBQADggEBAI5vB0sxjI2Y/LG2sQNajsXM1ZmVilVkx7XSL8x8SBTogD4FgykfWhRA68E1ehwYUPE8Nj49wASZ3e4rSFW8JodjWlUov8vojvNrURlgg/Qn8yBtqBIIQ32NlEMAzCqWBOyTNjGsMNQuj2JoT00oNO5kYj0dWGS8ZRvX6OdPnwdoyPFqtARjZJS4R+W2COljAW/pQ8YOKWudGPhrUUCwdQxYZP7XZ7rlCWBHwYif8+8rdgbgIb7xPeyUXNRovu9lExV9wIrHI7QVKXNSB1Svgt51NHutIypcpW2RZg+Pt/wE/E9Lsfk3/P6jbv6nnFl2P5X6WfQRZW9L8t85H8bgN2Q=
-----END CERTIFICATE-----
Read Certificate with OpenSSL
openssl x509 -in SUB-Securosys-001.crt --text --noout
Response:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Approver-Intermediate-CA
Validity
Not Before: Jan 23 00:00:00 2024 GMT
Not After : Apr 22 00:00:00 2024 GMT
Subject: CN = Approver-Intermediate-SUB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d8:c3:5e:df:5f:fd:18:93:3f:f4:53:01:39:bb:
85:37:71:db:f8:ec:ea:32:af:ca:5e:e7:da:f1:a0:
02:a4:e7:7f:b0:98:81:c3:09:c6:00:21:0c:cc:41:
a7:70:d3:c4:d1:ae:5f:cc:73:98:2f:bc:41:ad:21:
db:bd:f0:c6:19:3a:de:56:27:5f:87:99:43:bd:51:
8f:62:49:81:b3:0d:de:69:19:04:a9:3e:07:ab:b7:
48:ec:c1:ae:6f:6d:e8:ae:8a:46:ca:d6:f6:69:1c:
fb:55:50:85:ba:b7:5a:03:ca:26:3d:22:76:ae:93:
ec:32:5d:e5:cd:9f:1e:74:a0:94:21:7d:76:a5:28:
1b:55:a6:8d:9f:90:1d:70:e3:5f:ab:5a:48:e3:45:
0c:fe:2e:eb:65:89:9a:b7:e0:f3:9d:8f:e1:06:35:
0c:de:3e:ce:d3:c9:77:38:b5:9e:dc:13:15:4e:5b:
98:cb:2d:87:ec:40:43:01:f4:46:54:9f:bd:8c:e7:
b6:e6:83:96:89:8c:2f:0d:9d:f9:49:df:21:d1:9a:
3a:62:c6:7b:1c:d1:01:64:7c:72:f7:07:13:48:b3:
69:b1:53:37:8c:cc:d5:2c:30:83:e9:9e:9a:da:88:
d8:99:4f:a4:85:3d:61:54:98:3a:c1:89:c2:bb:89:
d7:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
88:AA:1D:17:0A:7E:6B:EA:5A:17:81:F5:B3:D3:4E:18:31:AD:EF:4B
X509v3 Subject Key Identifier:
55:43:7D:71:0A:B5:97:7D:86:6E:04:3C:E9:64:D5:46:9F:84:BB:C9
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
8e:6f:07:4b:31:8c:8d:98:fc:b1:b6:b1:03:5a:8e:c5:cc:d5:
99:95:8a:55:64:c7:b5:d2:2f:cc:7c:48:14:e8:80:3e:05:83:
29:1f:5a:14:40:eb:c1:35:7a:1c:18:50:f1:3c:36:3e:3d:c0:
04:99:dd:ee:2b:48:55:bc:26:87:63:5a:55:28:bf:cb:e8:8e:
f3:6b:51:19:60:83:f4:27:f3:20:6d:a8:12:08:43:7d:8d:94:
43:00:cc:2a:96:04:ec:93:36:31:ac:30:d4:2e:8f:62:68:4f:
4d:28:34:ee:64:62:3d:1d:58:64:bc:65:1b:d7:e8:e7:4f:9f:
07:68:c8:f1:6a:b4:04:63:64:94:b8:47:e5:b6:08:e9:63:01:
6f:e9:43:c6:0e:29:6b:9d:18:f8:6b:51:40:b0:75:0c:58:64:
fe:d7:67:ba:e5:09:60:47:c1:88:9f:f3:ef:2b:76:06:e0:21:
be:f1:3d:ec:94:5c:d4:68:be:ef:65:13:15:7d:c0:8a:c7:23:
b4:15:29:73:52:07:54:af:82:de:75:34:7b:ad:23:2a:5c:a5:
6d:91:66:0f:8f:b7:fc:04:fc:4f:4b:b1:f9:37:fc:fe:a3:6e:
fe:a7:9c:59:76:3f:95:fa:59:f4:11:65:6f:4b:f2:df:39:1f:
c6:e0:37:64
-----BEGIN CERTIFICATE-----
MIIC8jCCAdqgAwIBAgIBADANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZDQS1L
ZXkwHhcNMjQwMTIzMDAwMDAwWhcNMjQwNDIyMDAwMDAwWjAkMSIwIAYDVQQDExlB
cHByb3Zlci1JbnRlcm1lZGlhdGUtU1VCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA2MNe31/9GJM/9FMBObuFN3Hb+OzqMq/KXufa8aACpOd/sJiBwwnG
ACEMzEGncNPE0a5fzHOYL7xBrSHbvfDGGTreVidfh5lDvVGPYkmBsw3eaRkEqT4H
q7dI7MGub23oropGytb2aRz7VVCFurdaA8omPSJ2rpPsMl3lzZ8edKCUIX12pSgb
VaaNn5AdcONfq1pI40UM/i7rZYmat+DznY/hBjUM3j7O08l3OLWe3BMVTluYyy2H
7EBDAfRGVJ+9jOe25oOWiYwvDZ35Sd8h0Zo6YsZ7HNEBZHxy9wcTSLNpsVM3jMzV
LDCD6Z6a2ojYmU+khT1hVJg6wYnCu4nXsQIDAQABo0IwQDAfBgNVHSMEGDAWgBSI
qh0XCn5r6loXgfWz004YMa3vSzAdBgNVHQ4EFgQUVUN9cQq1l32GbgQ86WTVRp+E
u8kwDQYJKoZIhvcNAQELBQADggEBAI5vB0sxjI2Y/LG2sQNajsXM1ZmVilVkx7XS
L8x8SBTogD4FgykfWhRA68E1ehwYUPE8Nj49wASZ3e4rSFW8JodjWlUov8vojvNr
URlgg/Qn8yBtqBIIQ32NlEMAzCqWBOyTNjGsMNQuj2JoT00oNO5kYj0dWGS8ZRvX
6OdPnwdoyPFqtARjZJS4R+W2COljAW/pQ8YOKWudGPhrUUCwdQxYZP7XZ7rlCWBH
wYif8+8rdgbgIb7xPeyUXNRovu9lExV9wIrHI7QVKXNSB1Svgt51NHutIypcpW2R
Zg+Pt/wE/E9Lsfk3/P6jbv6nnFl2P5X6WfQRZW9L8t85H8bgN2Q=
-----END CERTIFICATE-----