Apply Certificate

Apply for a certificate and bind it to a specified device. You can also configure the validity period for a certificate you have previously obtained.

Operation Permissions

Required Authorization

Required Operation Permission

Device Management

Full Access

Request Format

POST http://{apigw-address}/connect-service/v2.0/certificates?action=apply

Request Parameters (URI)

Note

One of the following options must be used in a request to specify a device

  • assetId

  • productKey + deviceKey

Request Parameters (URI)

Name

Location (Path/Query)

Required or Not

Data Type

Description

orgId

Query

True

String

Organization ID which the asset belongs to. How to get Organization ID>>

assetId

Query

false

String

Asset ID of the device

productKey

Query

false

String

Product key of the device

deviceKey

Query

false

String

Device key of the device

validDay

Query

false

int

The validity period of the certificate in days. If this parameter is not included in the request. It will be inferred that you specified the default value, 730. Certain rules as follows apply to this parameter.

Rules for the Validity Period of a Certificate

To validDay in a request, the following rules apply:

  • If the specified or default value (730) is less than the maximum validity period of the product that this device belongs to, the specified value or the default value shall be applied.

  • If the specified or default value (730) is greater than the maximum validity period of the product that this device belongs to, an error message is prompted and the application fails.

  • If the specified is greater than the default value, less than the maximum validity period of the product that this device belongs to, but exceeds the remaining CA root certificate validity, the CA root certificate validity period shall be applied.

Request Parameters (Body)

Request Parameters (Body)

Name

Required or Not

Data Type

Description

csr

True

String

CSR file (Certificate Signing Request) in the Privacy-Enhanced Mail (PEM) format.

Response Parameters

Response Parameters (Body)

Name

Data Type

Description

data

DeviceCertApplyResultInfo, JSON object

Certificate binding information. See the table below for its structure.

deviceCertApplyResultInfo Object

deviceCertApplyResultInfo Object

Name

Data Type

Description

certChainURL

String

CA root certificate URL

cert

String

The content of the certificate obtained

certSn

String

Certificate Number

caCert

String

CA root certificate

Sample

Java SDK Sample

package com.envisioniot.enos.api.sample.connect_service.cert;

import com.envision.apim.poseidon.config.PConfig;
import com.envision.apim.poseidon.core.Poseidon;
import com.envisioniot.enos.connect_service.v2_1.cert.ApplyCertificateRequest;
import com.envisioniot.enos.connect_service.v2_1.cert.ApplyCertificateResponse;
import com.envisioniot.enos.connect_service.vo.DeviceIdentifier;


public class applyCert {

    public static void main(String[] args) {

        String appKey = "e36cc693-3a07-456e6cafcbc2-9314-4ff6";
        String appSecret = "6cafcbc2-9314-4ff6-9450-861d4344a431";
        String serverUrl = "http://apim-apigw-proxy.alpha-k8s-cn4.eniot.io";

        String orgId = "o15444172373271";

        ApplyCertificateRequest applyCertificateRequest = new ApplyCertificateRequest();
        String csr = "-----BEGIN NEW CERTIFICATE REQUEST-----\n" +
                "MIICwTCCAakCAQAwfDELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREw\n" +
                "DwYDVQQHDAhTaGFuZ2hhaTENMAsGA1UECgwERW5PUzERMA8GA1UEAwwITVJtSXl6\n" +
                "UFcxDTALBgNVBAsMBEVuT1MxFjAUBgkqhkiG9w0BCQEWBzREbmIxVDEwggEiMA0G\n" +
                "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCRmPrs0ubuH2HeGT9kwB72/SuKWf3\n" +
                "WtWQ5csRWlSOullOQn2OUqdVPOcnZm2hQQ7WGDH3cvyD49CIeVF/a8jqzqbkrk/5\n" +
                "jINuu71tjMzRRZWym8KOmYbA2nO8Wdko8mebuYtcSpic7fByGRhGytsE2EU+TD0a\n" +
                "K1tSjMCME0ba9/ImU+q5ziI0YPRI2Pz2Sw08rpTxICocw/oGEqNbK0cYHMbQjEmQ\n" +
                "spa5MARGz3coGlRu8CsyGXwkUC6zJVxJxbNA7/VTc2PCRhS2SfjBOT226cSharH8\n" +
                "4VGywXN+YLaMUDFui2gb2E5tHFIzWD0X1qCWtDsbPIZhlPt7agsmPkLrAgMBAAGg\n" +
                "ADANBgkqhkiG9w0BAQsFAAOCAQEAVMv03+jwh/6H4+x+sQiu4qxQeBuNWagqVL/C\n" +
                "HEoyWkWOzeJHpMI59OLukHQ4QJi1IwBSB0TdWn1kfpb0ztNaYfKCR5mQLErNw9ee\n" +
                "01mEeG+3Lgmd4FRWvnNdL42kQ4GeDIkmpI/aEabMHjLwcFofzeZHRsaRyeetG5Bv\n" +
                "oGTOK1hFP4lS1p40aueHa3WNEw7z/QG2lNMz5+HPbEqJhe5AoQicMMFciZ+y1LZV\n" +
                "ZU72eVecirZPMsYOjjQ9+TLztfSLEPCZ60xA0QkTn4CFgoX8DvuzxP2uJeZ70Mch\n" +
                "Z58IqTZQkAWrTx7t4w3+rGBwQ/pkFXANd2NtYr9Mt50wIoMXzw==\n" +
                "-----END NEW CERTIFICATE REQUEST-----\n";
        applyCertificateRequest.setCsr(csr);
        DeviceIdentifier device = new DeviceIdentifier();
        device.setProductKey("ymcDiAHd");
        device.setAssetId("KloXinjW");
        device.setDeviceKey("TT6MyEFaO7");
        applyCertificateRequest.setDevice(device);
        applyCertificateRequest.setValidDay(250);
        applyCertificateRequest.setOrgId(orgId);
        ApplyCertificateResponse certRsp = Poseidon.config(PConfig.init().appKey(appKey).appSecret(appSecret).debug())
                .url(serverUrl)
                .getResponse(applyCertificateRequest, ApplyCertificateResponse.class);
        System.out.println(certRsp.getData());
    }
}

Error Code

Error Code

Code

Type

Description

99400

  • The specified validity period exceeds the maximum certificate validity period of the product to which this device belongs.

  • Exceeded the remaining valid days of the CA root certificate! The valid day cannot be greater than x day!

  • Error info:message: (message content), detail message: (detailed message content)

  • The product to which the device belongs is not a product that supports BiDirectionalAuth.

  • Device identifier is invalid

  • orgId is null

  • The validity period specified is longer than the maximum validity period of the product that this device belongs to

  • The validity period specified is longer than the remaining CA root certificate’s validity period. The validity period cannot exceed x days. (x representing the remaining CA root certificate validity period.)

  • Parameter error. Detailed cause will be given in message or detailed message .

  • The product that the device belongs to does not support bi-directional authentication

  • assetId or productKey + deviceKey is not included in the request to specify a device

  • orgId is not included in the request

11404

device can not be found

No device can be specified by assetId or productKey + deviceKey.

11833

certificate already bind to another device

The certificate has already been bound to another device.

99500

  • hub service internal error!

  • certificate service err info:code: x, message: y, detail message: z

  • certificate service internal error!

  • product service internal error!

  • Internal error

  • Internal CA service error. Detailed causes are given in message or detail message .

  • Internal certificate error

  • Internal product error