Comodo Certificate Manager

Similar documents
Comodo Certificate Manager

Comodo Certificate Manager Version 5.7

Comodo Certificate Manager

Comodo Certificate Manager Version 5.5

Comodo Certificate Manager

Comodo Certificate Manager

Comodo Certificate Manager

Comodo Certificate Manager Version 5.7

Comodo Certificate Manager

SSL Web Service API. InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104

Comodo Certificate Manager Version 5.5

Comodo Certificate Manager Version 5.7

AusCERT Certificate Services Manager. AusCERT Certificate Services Manager SSL Web Service API 1

Comodo Certificate Manager Version 5.6

Reports Web Services API. InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104

Comodo Certificate Manager

Comodo Certificate Manager

Comodo Certificate Manager

Comodo Certificate Manager Version 5.7

Comodo Certificate Manager

Comodo Certificate Manager

AusCERT Certificate Services Manager. AusCERT Certificate Services Manager Reports Web Services API 1

Comodo Certificate Manager Version 5.7

Comodo Certificate Manager

Comodo Certificate Manager

Comodo Certificate Manager

Comodo Certificate Manager Version 5.4

Comodo Certificate Manager

Comodo Certificate Manager

Comodo Certificate Manager

Importing and exporting your or Personal Authentication certificate using Internet Explorer

Importing and exporting your or Personal Authentication certificate with Opera

Comodo Certificate Manager Software Version 5.7

Comodo Certificate Manager

Comodo Certificate Manager Software Version 5.0

Importing and exporting your or Personal Authentication certificate using Google Chrome

Importing and exporting your or Personal Authentication certificate using Mozilla Firefox

Importing and Using your or Personal Authentication certificate with Mac OS X Mail / Apple Mail

Importing and Using your or Personal Authentication certificate with The Bat!

Importing and Using your or Personal Authentication certificate with Windows Live Mail

Domain Control Validation in Comodo Certificate Manager

Comodo One Software Version 3.3

Comodo Certificate Manager

Comodo Server Security Server

Comodo Certificate Manager Version 6.0

Comodo Certificate Manager Version 6.0

Importing and Using your or Personal Authentication certificate with Mozilla SeaMonkey Client (PC)

Importing your or Personal Authentication certificate to Android Devices

Comodo One Software Version 3.16

RESTful API TLS/SSL. InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104

Comodo Certificate Manager

Importing and Using your or Personal Authentication Certificate with Outlook 2010 / 2013

Comodo ONE Software Version 1.8

Domain Control Validation in Comodo Certificate Manager

Domain Control Validation in Comodo Certificate Manager

Comodo Certificate Manager Version 5.7

Comodo IT and Security Manager Software Version 6.9

Comodo cwatch Web Security Software Version 1.0

COMODO CA SSL CERTIFICATES

Comodo cwatch Web Security Software Version 1.1

Overview and Tutorial

Comodo Certificate Manager

COMODO CA SSL CERTIFICATES

Domain Control Validation in Comodo Certificate Manager

Comodo One Software Version 3.3

Comodo Certificate Manager Software Version 5.6

Comodo One Software Version 3.5

Comodo Accounts Management Software Version 15.0

Comodo ONE Software Version 3.3

Comodo ONE Software Version 3.2

Configuring SSL. SSL Overview CHAPTER

Comodo Certificate Manager Software Version 5.0

rat Comodo Valkyrie Software Version 1.1 Administrator Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Comodo One Home Edition - FAQ

Comodo APT Assessment Tool

1 Comodo One Home Edition - FAQ

Integration of Identity Provider for Single Sign-On

Configuring SSL CHAPTER

Configuring SSL. SSL Overview CHAPTER

Comodo Offline Updater Utility Software Version

Creating Trust Online TM. Extended Validation (EV) High Assurance SSL Certificate Reseller Program

Comodo Device Manager Software Version 4.0

Software Version 5.0. Administrator Guide Release Date: 7th April, InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

Qualys Cloud Platform (VM, PC) v8.x Release Notes

Create Decryption Policies to Control HTTPS Traffic

Comodo Certificate Authority Proxy Server Installation guide

Comodo Certificate Manager

H O W T O I N S T A L L A N S S L C E R T I F I C A T E V I A C P A N E L

August 2007 Intel Pro SSL Addendum to the Comodo Certification Practice Statement v.3.0

CSM. RAO Administrator Quick Start Guide (QSG) Version 1.05

Comodo IT and Security Manager Software Version 5.4

Comodo One Mobile Software Version 1.16

Comodo IT and Security Manager Software Version 6.4

How to Enable Client Certificate Authentication on Avi

SSL Certificates Enrollment, Collection, Installation and Renewal

Configuring the VPN Client 3.x to Get a Digital Certificate

Comodo IT and Security Manager Software Version 6.6

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

DigiCert User Guide. Version 6.4

Transcription:

Comodo Certificate Manager Device Certificate Enroll API Comodo CA Limited 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Greater Manchester M5 3EQ, United Kingdom

Table of Contents 1.Introduction... 3 2.Authentication... 3 2.1.Authentication via Username and Password... 3 2.2.Authentication via Username and a Client Certificate...4 3.Remote Functions... 4 3.1.Function for Device Certificate Revocation... 4 3.1.1.Arguments... 4 3.1.2.Return value - Status code... 5 3.2.Function for Device Certificate Revocation by Serial Number...5 3.2.1.Arguments... 5 3.2.2.Return Value - Status Code... 6 3.3.Function for Collecting Enrolled Device Certificate...6 3.3.1.Return Value - DeviceCertCollectResponse...7 3.4.Function for Device Certificate Enrollment... 7 3.4.1.Arguments... 7 3.4.1.1.AuthData type... 8 3.4.1.2.Return Value Status Code... 8 3.5.Function for Retrieving All Ids of KU/EKU for Device Cert Enroll Process...9 3.5.1.Arguments... 9 3.5.2.Return value - DeviceCertTypeIdsResponse...10 3.6.Function for Retrieving Certificate Type Information by its ID...11 3.6.1.Return value - DeviceCertTypeResponse...11 3.7.Function for Retrieving Custom Fields for Customer...12 3.7.1.Return value - DeviceCertCustomFieldResponse...12 3.8.Utility Function for Getting Short Information about Web Service (name, version, etc.)...13 About Comodo CA... 14 Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 2

1.Introduction Name : EPKIManagerDeviceCert Service EPR : http://cert-manager.com/ws/epkimanagerdevice OR http://hard.certmanager.com/ws/epkimanagerdevice * http://cert-manager.com/private/ws/epkimanagerdevice OR http://hard.certmanager.com/private/ws/epkimanagerdevice * View WSDL Service Description : http://cert-manager.com/ws/epkimanagerdevice?wsdl OR http://hard.certmanager.com/ws/epkimanagerdevice?wsdl * http://cert-manager.com/private/ws/epkimanagerdevice?wsdl OR http://hard.certmanager.com/private/ws/epkimanagerdevice?wsdl * : The Service allows the Administrator to request, collect and revoke Device certificates. * Please use the sub-domain appropriate to your use case. 2.Authentication To access CCM APIs, you first need to authenticate yourself to the CCM service. You can authenticate via username/password or via username + client certificate. The Device Cert Enroll API service uses SOAP protocol. Authentication via Username and Password Authentication via Username and a Client Certificate 2.1.Authentication via Username and Password Prerequisite Users should have CCM login credentials and the correct customer login URI For the Web Service API, access must be enabled for the customer by Comodo and for each org/dept by admins on the client side. The URL for the username/password authentication is: https://<ccm Server>:<port>/ws/EPKIManagerDevice Parameter <CCM Server> Description The address of the CCM server you use. For example, 'cert-manager.com' or hard.certmanager.com. <port> The default port number is 443. Example: https://cert-manager.com:443/ws/ EPKIManagerDevice Authentication is performed by sending the AuthData parameter to the web service API. This includes the username, password and Customer URI. After successful authentication, the admin can proceed to the CCM management interface. If authentication is not successful (login and/or password are incorrect, password has expired), the admin will see an error and will be denied access to the Device Cert Enroll API. The same admin could, however, still authenticate themselves via a client certificate (refer to the next section). Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 3

2.2.Authentication via Username and a Client Certificate Prerequisite Admins should have the Customer URI For the Web Service API, access must be enabled for the customer by Comodo and for each org/dept by admins on the client side. Admins should have 'Certificate Auth' enabled. The authentication certificate must requested and issued via CCM and active at the moment of authentication. The URLs for the username/client certificate authentication is: https://<ccm Server>:<port>/private/ws/EPKIManagerDevice Parameter <CCM Server> Description The address of the CCM server you use. For example, 'cert-manager.com' or hard.certmanager.com. <port> The default port number is 443. Example: https://cert-manager.com:443/private/ws/ EPKIManagerDevice The certificate must be provided by the admin's client at the time of login. After receiving the authdata parameter (customer URI and username), CCM will verify that the certificate matches the one specified in the 'Certificate Auth' area of the admin's profile. After successful authentication, the admin can proceed to the CCM management interface. If authentication is not successful (username is incorrect, certificate is not correct/revoked), the admin will see an error and will be denied access to the Device Cert Enroll API. The same admin could, however, still authenticate themselves using the username and password method (see previous section). 3.Remote Functions 3.1.Function for Device Certificate Revocation Integer revoke (AuthData authdata, Integer ordernumber, String reason) 3.1.1. Arguments Variable Name Type Max. Length Description authdata AuthData 128 Authentication data. See description in the section 3.4.1.1.AuthData type. ordernumber Integer This is the order number previously returned by function enroll. reason String 256 Revocation reason for audit logging. Empty String is also allowed. Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 4

3.1.2. Return value - Status code Status code Type Possible value(s) Status Code Integer 0 = SUCCESSFUL; -1 = The 'Order number' argument is invalid; -2 = Order number not found; -3 = The 'Serial number' argument is invalid; -4 = Serial number not found; -14 = An unknown error occurred; -16 = Permission denied; -20 = The certificate request has been rejected; -21 = The certificate has been revoked; -22 = Still awaiting payment; -24 = Auth data argument is invalid; -25 = DCV not performed; -26 = Organization has incorrect OV status; -31 = The email is not a valid email; -100 = Invalid auth data; -101 = Invalid organization auth data; -105 = Person not found; -106 = EULA is not accepted; -110 = Domain is not allowed for customer; -111 = Domain is not allowed for organization; -112 = KU/EKU template is not allowed for customer; -113 = KU/EKU template is not allowed any more; -114 = Client Cert Type is not available for organization; -115 = Domain is not DCV validated (while 'Enforce DCV for S/MIME' is ON); -120 = Customer configuration is not allowed the desired action 3.2.Function for Device Certificate Revocation by Serial Number Integer revokebyserialnumber (AuthData authdata, String serialnumber, String reason) 3.2.1. Arguments Variable Name Type Max. Length (chars) Description authdata AuthData Authentication data. See description in the section 3.4.1.1.AuthData type. Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 5

serialnumber String 64 Certificate serial number. reason String 256 Revocation reason for audit logging. Empty String allowed. 3.2.2. Return Value - Status Code Status code If ' status code' < 0 Possible Value(s) 0 = SUCCESSFUL; -1 = The 'Order number' argument is invalid; -2 = Order number not found; -3 = The 'Serial number' argument is invalid; -4 = Serial number not found; -14 = An unknown error occurred; -16 = Permission denied; -20 = The certificate request has been rejected; -21 = The certificate has been revoked; -22 = Still awaiting payment; -24 = Auth data argument is invalid; -25 = DCV not performed; -26 = Organization has incorrect OV status; -31 = The email is not a valid email; -100 = Invalid auth data; -101 = Invalid organization auth data; -105 = Person not found; -106 = EULA is not accepted; -110 = Domain is not allowed for customer; -111 = Domain is not allowed for organization; -112 = KU/EKU template is not allowed for customer; -113 = KU/EKU template is not allowed any more; -114 = Client Cert Type is not available for organization; -115 = Domain is not DCV validated (while 'Enforce DCV for S/MIME' is ON); -120 = Customer configuration is not allowed the desired action 3.3.Function for Collecting Enrolled Device Certificate DeviceCertCollectResponse collect(authdata authdata, Integer ordernumber, Integer format) Variable Name Type Description authdata AuthData Authentication data. See description in the section 3.4.1.1.AuthData Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 6

type. ordernumber Integer Certificate order number. format Integer Allowed formats for downloading of Device Certificate. Allowed Values: 0 = X509 PEM Bundle; 1 = X509 PEM Certificate only; 2 = X509 PEM Intermediate certificate only; 3 = PKCS#7 PEM Bundle; 4 = PKCS#7 DER Bundle. 3.3.1. Return Value - DeviceCertCollectResponse int statuscode Method Name String certificate Description 1 = Certificates attached 0 = Being processed by Comodo -1 = The 'Order number' argument is invalid. -2 = Order number not found. -14 = An unknown error occurred! -16 = Permission denied! -20 = CSR rejected -21 = The certificate has been revoked! -22 = Still awaiting payment! -100 = Invalid auth data! -101 = Invalid Organization auth data! -120 = Customer configuration is not allowed the desired action If status code = 1, then - certificate in Base-64 if succeed, null otherwise. 3.4.Function for Device Certificate Enrollment Integer enroll (AuthData authdata, String commonname, Integer orgid, Integer term, String csr, Integer certtypeid, DeviceCertEnrollOptionalFieldsDto optionalfields) 3.4.1. Arguments Variable Name Type Max. Length (chars) Allowed Values Description authdata AuthData Authentication data. See description in the section 3.4.1.1.AuthData type. commonname String 64 Name to enroll certificate for. This value will be set for the subject 'CN'. Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 7

orgid Integer 128 Organization identifier. Can be obtained from Admin UI > Organization properties > 'General' tab. term Integer Term of the Device certificate in years. csr String 32767 Subject: The fields may be in any order (although multiple street addresses, if present, should be in the correct order). Algorithm OID = rsaencryption (PKCS#1). Size = 512 to 8192 bits. Attributes: Any attributes MAY be present, but will be ignored if the subject_ fields are used. Signature Algorithm: md5withrsaencryption (PKCS#1) Certificate Signing Request (Base-64 encoded with or without the -----BEGIN xxxxx----- and -----END xxxxx----- header and footer) certtypeid Integer Identifier for Device certificate type. When not specified, default type is used. optionalfields DeviceCertEnr olloptionalfiel dsdto Optional fields for the Device certificate. Optional parameter 3.4.1.1. AuthData type Name setlogin(string value) setpassword(string value) seturi(string value) Description Set login name for account within CCM. This is login of the Admin with role 'Device Cert' within CCM account. Set password for account within CCM. This is password of the Admin with role 'Device Cert' within CCM account. URI for logging into account within CCM. 3.4.1.2. Return Value Status Code Status code If ' status code' < 0 Possible Value(s) 0 = SUCCESSFUL; -3 = The 'User name' argument is invalid; -7 = Country is not a valid ISO-3166 country; Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 8

-9 = The CSR is not valid Base-64 data; -10 = The CSR cannot be decoded; -11 = The CSR uses an unsupported algorithm; -12 = The CSR has an invalid signature; -13 = The CSR uses an unsupported key size; -14 = An unknown error occurred; -16 = Permission denied; -24 = Auth data argument is invalid; -25 = DCV not performed; -26 = Organization has incorrect OV status; -31 = The email is not a valid email; -32 = The passphrase is empty; -33 = The certificate type is invalid; -34 = The secret key is invalid; -35 = The Server type is invalid; -36 = The term is invalid for certificate type; -37 = The cert type name is invalid; -38 = Unable to enroll device certificate as some required fields are empty; -39 = The cert type ID is invalid; -100 = Invalid auth data; -101 = The 'Access code' argument is invalid; -106 = EULA is not accepted; -110 = Domain is not allowed for customer; -111 = Domain is not allowed for organization; -112 = KU/EKU template is not allowed for customer; -113 = KU/EKU template is not allowed any more; -114 = Client Cert Type is not available for organization; -115 = Domain is not DCV validated (while 'Enforce DCV for S/MIME' is ON); -116 = Can't change person properties; -120 = Customer configuration is not allowed the desired action. If 'status code' > 0 SSL identifier. It will be used for certificate collecting/revoking. 3.5.Function for Retrieving All Ids of KU/EKU for Device Cert Enroll Process DeviceCertTypeIdsResponse getdevicecerttypeids (AuthData authdata) 3.5.1. Arguments Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 9

Variable Name Type Description authdata AuthData Authentication data. See description in the section 3.4.1.1.AuthData type. 3.5.2. Return value - DeviceCertTypeIdsResponse Status code If ' status code' < 0 If 'status code' > 0 Possible Value(s) 0 = SUCCESSFUL; -3 = The 'User name' argument is invalid; -7 = Country is not a valid ISO-3166 country; -9 = The CSR is not valid Base-64 data; -10 = The CSR cannot be decoded; -11 = The CSR uses an unsupported algorithm; -12 = The CSR has an invalid signature; -13 = The CSR uses an unsupported key size; -14 = An unknown error occurred; -16 = Permission denied; -24 = Auth data argument is invalid; -25 = DCV not performed; -26 = Organization has incorrect OV status; -31 = The email is not a valid email; -32 = The passphrase is empty; -33 = The certificate type is invalid; -34 = The secret key is invalid; -35 = The Server type is invalid; -36 = The term is invalid for certificate type; -37 = The cert type name is invalid; -38 = Unable to enroll device certificate as some required fields are empty; -39 = The cert type ID is invalid; -100 = Invalid auth data; -101 = The 'Access code' argument is invalid; -106 = EULA is not accepted; -110 = Domain is not allowed for customer; -111 = Domain is not allowed for organization; -112 = KU/EKU template is not allowed for customer; -113 = KU/EKU template is not allowed any more; -114 = Client Cert Type is not available for organization; -115 = Domain is not DCV validated (while 'Enforce DCV for S/MIME' is ON); -116 = Can't change person properties; -120 = Customer configuration is not allowed the desired action. List of all retrieving Ids will be used for certificate enroll. Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 10

3.6.Function for Retrieving Certificate Type Information by its ID DeviceCertTypeResponse getdevicecerttype (AuthData authdata, Integer certtypeid) Variable Name Type Description authdata AuthData Authentication data. See description in the section 3.4.1.1.AuthData type. certtypeid Integer Identifier for Device certificate type. When not specified, default type is used. 3.6.1. Return value - DeviceCertTypeResponse Status code If ' status code' < 0 Possible Value(s) 0 = SUCCESSFUL; -3 = The 'User name' argument is invalid; -7 = Country is not a valid ISO-3166 country; -9 = The CSR is not valid Base-64 data; -10 = The CSR cannot be decoded; -11 = The CSR uses an unsupported algorithm; -12 = The CSR has an invalid signature; -13 = The CSR uses an unsupported key size; -14 = An unknown error occurred; -16 = Permission denied; -24 = Auth data argument is invalid; -25 = DCV not performed; -26 = Organization has incorrect OV status; -31 = The email is not a valid email; -32 = The passphrase is empty; -33 = The certificate type is invalid; -34 = The secret key is invalid; -35 = The Server type is invalid; -36 = The term is invalid for certificate type; -37 = The cert type name is invalid; -38 = Unable to enroll device certificate as some required fields are empty; -39 = The cert type ID is invalid; -100 = Invalid auth data; -101 = The 'Access code' argument is invalid; -106 = EULA is not accepted; Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 11

-110 = Domain is not allowed for customer; -111 = Domain is not allowed for organization; -112 = KU/EKU template is not allowed for customer; -113 = KU/EKU template is not allowed any more; -114 = Client Cert Type is not available for organization; -115 = Domain is not DCV validated (while 'Enforce DCV for S/MIME' is ON); -116 = Can't change person properties; -120 = Customer configuration is not allowed the desired action. 3.7.Function for Retrieving Custom Fields for Customer getdevicecustomfields (String customerloginuri, String uriextension) Variable Name Type Description customerloginuri String Customer login URI. uriextension String URI extension. 3.7.1. Return value - DeviceCertCustomFieldResponse Status code If ' status code' < 0 Possible Value(s) 0 = SUCCESSFUL; -3 = The 'User name' argument is invalid; -7 = Country is not a valid ISO-3166 country; -9 = The CSR is not valid Base-64 data; -10 = The CSR cannot be decoded; -11 = The CSR uses an unsupported algorithm; -12 = The CSR has an invalid signature; -13 = The CSR uses an unsupported key size; -14 = An unknown error occurred; -16 = Permission denied; -24 = Auth data argument is invalid; -25 = DCV not performed; -26 = Organization has incorrect OV status; -31 = The email is not a valid email; -32 = The passphrase is empty; -33 = The certificate type is invalid; -34 = The secret key is invalid; -35 = The Server type is invalid; -36 = The term is invalid for certificate type; -37 = The cert type name is invalid; Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 12

-38 = Unable to enroll device certificate as some required fields are empty; -39 = The cert type ID is invalid; -100 = Invalid auth data; -101 = The 'Access code' argument is invalid; -106 = EULA is not accepted; -110 = Domain is not allowed for customer; -111 = Domain is not allowed for organization; -112 = KU/EKU template is not allowed for customer; -113 = KU/EKU template is not allowed any more; -114 = Client Cert Type is not available for organization; -115 = Domain is not DCV validated (while 'Enforce DCV for S/MIME' is ON); -116 = Can't change person properties; -120 = Customer configuration is not allowed the desired action. If 'status code' > 0 List of custom fields will be used for certificate enroll. 3.8.Utility Function for Getting Short Information about Web Service (name, version, etc.) String getwebserviceinfo() Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 13

About Comodo CA Comodo Certificate Authority is one of the world s largest providers of SSL certificates by volume having issued over 91 million certificates and serving over 200,000 customers across 150 countries. The company provides a full suite of certificate products spanning all validation levels for website certificates, certificates for code-signing and emailsigning, and the Comodo Certificate Manager (CCM) platform. Comodo CA has its US headquarters in New Jersey and international offices in the United Kingdom, Ukraine and India. Comodo CA Limited 3 rd floor, Office Village Exchange Quay Trafford Road, Manchester, M5 3EQ United Kingdom Tel : +44 (0) 161 874 7070 Fax : +44 (0) 161 877 1767 Comodo Certificate Manager Device Cert Enroll API 2017 Comodo CA Limited All rights reserved 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback