4. Request for Client Authentication Certificate

REQUEST CLIENT AUTHENTICATION CERTIFICATE

The base URLs, depending on HARICA’s environment, are the following:

You can find every JSON that is required in each POST request as well as their acceptable key-value pairs in the HARICA - API Documentation Swagger website.

Step 1

To begin, ensure that you are logged into your CertManager account. This is a necessary step before utilizing any features of the API.
For further details on authentication and account setup, please refer to the documentation available Register and Log In".

For more information, you can refer to the additional documentation available on HARICA - API Documentation Swagger

Client Authentication IV or OV

Step 2

Submit a POST request to the API endpoint /api/ClientAuthenticationCertificate/RequestClientAuthenticationCertificate with form data outlined below.
Example (test data):

 
givenName: testGivenName
surname: testSurname
country: GR
organization: testOrganization
city: testCity
state: testState
emails: test1@harica.gr,test2@harica.gr
dnsNames: harica.gr,test.harica.gr,
organizationalUnits: Customer Care,  testOU
commonName: test1@harica.gr
evidence: Form File
duration: 1
certificateType: CLIENT_AUTHENTICATION_IV or 
CLIENT_AUTHENTICATION_OV

Data Explanation:

  • givenName: Your given name (mandatory for IV Certificates).
  • surname: Your surname (mandatory for IV Certificates).
  • country: The country to be added to the certificate.
  • organization: The organization name to be added to the certificate (optional).
  • city: The locality to be added to the certificate (optional).
  • state: The state to be added to the certificate (optional).
  • emails: Email addresses belonging to your organization to be added to the certificate (optional, maximum 3).
  • dnsNames: FQDNs to be added to the certificate, which must belong to your organization (optional, maximum 3).
  • organizationalUnits: Organizational units to be added to the certificate (optional, maximum 3).
  • commonName: The certificate common name. This can be any value. If you include an email address or DNS name, ensure it is listed in the respective fields above.
  • evidence: A form file (pdf or zip) containing your ID (optional for OV certificates).
  • duration: Set this value to 1.
  • certificateType: The type of certificate you are requesting.

Step 3

Please await the validation of your certificate request by the Validation Specialist.

You will receive an email notification once you can continue to Step 4.

Step 4

Once your request is processed, you will be able to issue a certificate in the p12 format.

  1. First, obtain the Transaction ID by submitting a POST request to the API endpoint
    /api/ClientAuthenticationCertificate/GetMyClientAuthenticationTransactions
    This will retrieve a list of your Client Authentication transactions along with related details.
    From the response JSON, locate the transaction that meets the following criteria:
    • "hasReview" equal to false (that means that there aren’t any pending reviews from the validators to check).
    • "transactionStatus" equal to equal to "Pending".
    Keep the transactionId from this request for use in the next API call.
  2. To request the issuance of a certificate in p12 format, submit a POST request to the API endpoint
    /api/Certificate/RequestCertificateP12 including the required JSON data for key creation.

    Example JSON data format:
     
    {
       "keyAlg": "ECDSA",
       "pickupPassword": "the pickup password",
        "keySpec": "256",
       "transactionId": "87d86wsd-afr…"
    }
                            

    Data Explanation:
    • keyAlg: The key algorithm you choose. Accepted values are "RSA" and "ECDSA".
    • pickupPassword: The password required to decrypt the p12 file and retrieve your certificate
    • keySpec: The key size for the algorithm. Accepted values are:
      • For RSA: 2048, 3072, 4096
      • For ECDSA: 256, 384
    • transactionId: The transaction ID obtained from the previous API call

    As a response to this API call, you will receive the p12 file. In Postman, ensure you use the “Send and Download” option to properly retrieve the file.