Request certificate

POST
https://one.digicert.com/iot/api/v1/certificate

Use this endpoint to submit a certificate request.

Authentication

In addition to header-based API key authentication, the Request certificate endpoint supports authentication using an enrollment passcode or a client certificate.

Client certificate authentication

With mutual TLS authentication, a client can access the endpoint by presenting a trusted certificate in the request. To use mutual TLS authentication:

  • Include a trusted certificate in your request.
    For the Request certificate endpoint, the certificate must be registered to the enrollment profile specified in the request payload.
  • In the base URL for the endpoint path, add the prefix clientauth.
    Example: https://clientauth.one.digicert.com
  • Omit the x-api-key header.

Enrollment passcode authentication

You can authenticate to the Request certificate endpoint by presenting an enrollment passcode registered to the enrollment profile specified in the request payload. To authenticate with an enrollment passcode:

  • Use the custom HTTP header x-passcode.
    The value of the x-passcode header is the passcode associated with the enrollment profile you specify in the body of the request.
  • Omit the x-api-key header.

Example requests and responses

cURL
curl --request POST 'https://one.digicert.com/iot/api/v1/certificate' \
--header 'x-api-key: {{api_key}}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "csr": "{{csr}}",
  "enrollment_profile_id": "IOT_502ac648-c826-4e71-991e-5629a23850c1",
  "certificate_profile_attributes": [
    {
    	"id": "subject.common_name",
    	"value": "custom org name"
    }
  ],
  "device_attributes": [
    {
      "id": "party-no",
      "value": "PN8363454893"
    },
    {
      "id": "comments",
      "value": "custom comments"
    }
  ]
}'
200 OK
{
  "certificate_request_id": "b1cef6d1-1449-4b7d-9577-a43839f7367c",
  "status": "AUTO_APPROVED",
  "result": "SUCCESS",
  "certificate_id": "da8046ef-c3ec-40f2-b366-d6dbfa408aa0",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIC8TCCAdmgAwIBAgIUSyxE6XLp8Stcnh3APZv5peoD7u4wDQYJKoZIhvcNAQELBQAwgYQxEDAOBgNV\nBAYTB1VrcmFpbmUxCzAJBgNVBAgTAk5BMQ0wCwYDVQQHEwRLeWl2MQ0wCwYDVQQJEwRLeWl2MQ4wDAYD\nVQQREwUwMzEyNzEUMBIGA1UEChMLSW9UIENvbXBhbnkxHzAdBgNVBAMTFklvVCBDb21wYW55IElzc3Vp\nbmcgQ0EwHhcNMjAwNTE4MDgyODM2WhcNMjQwNTMwMjEwMDAwWjA0MRgwFgYDVQQKEw9jdXN0b20gb3Jn\nIG5hbWUxGDAWBgNVBAMTD05ldyBDb21tb24gTmFtZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPJk\nO9S7qs9CJzecWtFY0eRpFzDJ2cpDn7x3y13/BEGoAqTRs/aiFuf8easLeaTt2Pl0oGnOVggGlcW8E+fb\n0EKjdTBzMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJShbUKjZhHpaUHDIhsZdP5LcqASMB8GA1UdIwQY\nMBaAFLcZq70zfTTHOdJWR6093AwDvN9PMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD\nAjANBgkqhkiG9w0BAQsFAAOCAQEAMDQhNZlF3sr+Qu5q7KhuMbUYpodBwZBoAeXBYbguBLueDwaPS74p\ncwXM5ipDQZfUF9NmNyEQ/6MOGQmczRD8h/QjVVvT5HTrEsSUNb8zjcLU+qh36G7A9WFqN9YT0+7vf2oq\n5GSYXyxWqhBWAhPsBVoCrSjtTEpAezNNLerI3ii7hzgw60/WIx7aQV+HJvpyVnswtFTovGBGNsYJnM8S\nOmpOgC8DfAyCTeF5qolwDmVPiJGJkzDKZYmlZ8ud/MtXzGGEzeBm8Yx4nYfR8TKFLQuY8JwAUkA50QjB\n4RvLF4EXuBPJTAgfTWSwvbCjguVude79SrwOtIYUpMH6HdgUpw==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIID1DCCArygAwIBAgIUKlINzekDRdxbQVRP5KaksaiqSXYwDQYJKoZIhvcNAQELBQAwgYExEDAOBgNV\nBAYTB1VrcmFpbmUxCzAJBgNVBAgTAk5BMQ0wCwYDVQQHEwRLeWl2MQ0wCwYDVQQJEwRLeWl2MQ4wDAYD\nVQQREwUwMzEyNzEUMBIGA1UEChMLSW9UIENvbXBhbnkxHDAaBgNVBAMTE0lvVCBDb21wYW55IFJvb3Qg\nQ0EwHhcNMjAwNTE0MDkyMDUyWhcNMjQwNTMwMjEwMDAwWjCBgTEQMA4GA1UEBhMHVWtyYWluZTELMAkG\nA1UECBMCTkExDTALBgNVBAcTBEt5aXYxDTALBgNVBAkTBEt5aXYxDjAMBgNVBBETBTAzMTI3MRQwEgYD\nVQQKEwtJb1QgQ29tcGFueTEcMBoGA1UEAxMTSW9UIENvbXBhbnkgUm9vdCBDQTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBALPy9NXQKucPXpJqRJbYwOP94jmDZcnJl8vn93ei8bnajGKny3Y0y1cE\nJm0YcVxgD2tOCcDlX4It7lY5gmw/WL5R7oW5vdiOCCcQYLqKvOFXL+p7kDD/7y3IfaFdwbvfgHyvtwX1\nSZUQvk61BFJ6kzvkLA27P1EjhAxeRX9ktB4896uTF7NIFE5HmajOU1p1EiQK9sBDoPMXTIfW+sS4BaBD\nxTc84R18OwC+LPxcIMSGwcWPvoRYGBkvD/XVu7IEe8pyV9+c1vt/4XD+VctqYA2bktOqXh9Xc6PlXfIA\nVhMJRdojDQG35YM5AUKbGFFXGsNt6Iko2Jzo3s5RWP+Vx0UCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB\n/zAdBgNVHQ4EFgQUXgrl0LDaYAs/E/nzaYgZiy7tewYwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB\nCwUAA4IBAQBmV/Gq0G+gO4wKhVYfd6Kg+VhkEqi7GWQVVUfbrSNXtpyEP8SPxyjPHMBIDKwKodxHrE99\n4WN+yhQto01OKk0s3X4uMIVFcKsO3XtdZYyh1dWh+3cCtF5SaqIxbREBBjkE4ImDvTSJPwzQtfmHBWxA\nIZN4tyiBeKZIqqZJgvSMyBR8wMI4FaGYLch9tZmdAHSwYu7ITKR0nOpDxHT1zg/hT7q2judxTy/G7wLT\nm2FkEhikpM2CqEuH6EAp5McyVi/n1BPNU3Kt3ViRQ4tdoR7fcJAwklCdhIvsP4F/RyQE+X+2VU+KfZqc\nMUzHKvsbQig1L8yUXQevdUQWYJT2nlg/\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIID+DCCAuCgAwIBAgIUIJfeCwm5SEKRwB/2UqvwuVfVAlMwDQYJKoZIhvcNAQELBQAwgYExEDAOBgNV\nBAYTB1VrcmFpbmUxCzAJBgNVBAgTAk5BMQ0wCwYDVQQHEwRLeWl2MQ0wCwYDVQQJEwRLeWl2MQ4wDAYD\nVQQREwUwMzEyNzEUMBIGA1UEChMLSW9UIENvbXBhbnkxHDAaBgNVBAMTE0lvVCBDb21wYW55IFJvb3Qg\nQ0EwHhcNMjAwNTE0MDkyMTE3WhcNMjQwNTMwMjEwMDAwWjCBhDEQMA4GA1UEBhMHVWtyYWluZTELMAkG\nA1UECBMCTkExDTALBgNVBAcTBEt5aXYxDTALBgNVBAkTBEt5aXYxDjAMBgNVBBETBTAzMTI3MRQwEgYD\nVQQKEwtJb1QgQ29tcGFueTEfMB0GA1UEAxMWSW9UIENvbXBhbnkgSXNzdWluZyBDQTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAK2f0+1yTE/1X8L010GXlTah/j1lyypTzZ9YN72CohKhllFORTn7\nHhddEfxD2utUirtS2xKoxIP+EV6LmbJYJmp5xW/1tosrq3Js5MfWCuNd/5kSpVfDxvVw2sJldTQ0CIgc\nLwA7NQAH994TyUQVzkhmcVmkaVLylFutVyXybXI19drl53bv5kyAEX3Met5WObdcy6wVE5DFfnj/BDSl\nvYOMLjA8khAlUclTe96+0WojWxun8GY6SM6C1N+9T768orq7GHIt0Bi2kNA6P6LTT63qCTlPmkgEcUgk\ngoHBxIzGAedisJ7bbdcbLE1jq+AG+Uj9vXCL68aU3rfcO+csGsUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\nAwEB/zAdBgNVHQ4EFgQUtxmrvTN9NMc50lZHrT3cDAO8308wHwYDVR0jBBgwFoAUXgrl0LDaYAs/E/nz\naYgZiy7tewYwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQB0l/ASL+JNjb7QNALcY9GR\n9tQFUKSSTmVyyML0ajGS5/dEXcxWH/Wb+lmihxkXXd55bZfWBs+Te9ksVA7X284MZFffSYXwd+CTy4Qb\nOatMkFGHwYpt4nWbi5W5phtBS1AEesdMd0PSBDaRWkJttWJz6Tk6aiz6pAuDwAXyau/crdlwx29soOdg\nWwD95kkRrF9hYNATa3kPR+Zin31d9osRtc3x1DWBV+wR/Z1DsI8b05TziqmT+py/PkB0Y/XDRVS2zfIV\nWaSomi3oxaD91FhfcDCAK3ASSnNfizXDs2Q7PdHDQT4pJWnqLMvyZ9DwJpujeEN7GOKqXBiX6SXtXmcS\n-----END CERTIFICATE-----\n"
}
400 Bad Request
{
  "errors": [
    {
      "code": "invalid_input",
      "message": "Enrollment profile with id IOT_502ac648-c826-4e71-991e-5629a23850c1we does not exist"
    }
  ]
}

Request parameters

Name Req/Opt Type Description
csr required string Certificate signing request (CSR)
enrollment_profile_id required string Enrollment profile ID.
Note: The enrollment profile must support API enrollment method.
certificate_profile_attributes defined in certificate profile array Only attributes flagged as “user_provided“ are accepted.
.. id - string Certificate attribute ID. See Certificate attributes table below.
.. value - string Label for certificate attribute.
device_attributes defined in enrollment profile array Only attributes from enrollment profile “Source fields“ are accepted.
.. id - string ID of custom attribute (corresponds to source field name in enrollment profile)
.. value - string Label for custom attribute.

Certificate attributes

Certificate attribute ID Description
signature_algorithm Signature algorithm
subject.common_name Common name
subject.organization_name Organization name
subject.organization_unit Organization unit
subject.country Country
subject.state State
subject.locality Locality
subject.street_address Street address
subject.postal_code Postal code
subject.email Email
validity.duration_unit Validity period units
validity.duration_value Validity period value
extensions.subject_directory Information to store in the certificate's subject directory attributes (SDA) extension.

The data structure and information to store in the SDA extension is formatted as a JSON string. For a description and examples of the SDA JSON object, see Subject directory attributes (SDA).

Response parameters

Name Type Description
certificate_request_id string Certificate request ID
status string Request status
Possible values: PENDING_APPROVAL, APPROVED, AUTO_APPROVED, REJECTED, CANCELED
result string Certificate enrollment status.
Possible values: SUCCESS, FAILED
certificate_id string Certificate ID (only available for SUCCESS status)
pem string Certificate and available intermediate certificates.