• Documentation
  • Renew Certificate

Renew Certificate

Update a certificate and bind the updated one with the device.

Operation Permissions

Required Authorization Required Operation Permission
Device Management Full Access

Request Format

POST http://{apigw-address}/connect-service/v2.0/certificates?action=renew

Request Parameters (URI)

Note

One of the following options must be used in a request to specify a device

  • assetId
  • productKey + deviceKey
Request Parameters (URI)
Name Location (Path/Query) Required or Not Data Type Description
orgId Query True String Organization ID which the asset belongs to. How to get Organization ID>>
assetId Query false String Asset ID of the device
productKey Query false String Product key of the device
deviceKey Query false String Device key of the device
certSn Query True int The number of the certificate to be updated
validDay Query False int The validity period of the certificate in days. If this parameter is not included in the request. It will be inferred that you specified the default value, 730. Certain rules as follows apply to this parameter.

Rules for the Validity Period of a Certificate

To validDay in a request, the following rules apply:

  • If the specified or default value (730) is less than the maximum validity period of the product that this device belongs to, the specified value or the default value shall be applied.
  • If the specified or default value (730) is greater than the maximum validity period of the product that this device belongs to, an error message is prompted and the application fails.
  • If the specified is greater than the default value, less than the maximum validity period of the product that this device belongs to, but exceeds the remaining CA root certificate validity, the CA root certificate validity period shall be applied.

Request Parameters (Body)

Request Parameters (Body)
Name Required or Not Data Type Description
csr False String CSR file (Certificate Signing Request) in the Privacy-Enhanced Mail (PEM) format. If this parameter is not included in the request, a certificate will be generated based on previous request data.

Response Parameters

Response Parameters (Body)
Name Data Type Description
data DeviceCertRenewResultInfo object Certificate binding information. See the table below for its structure.

DeviceCertRenewResultInfo Object

deviceCertApplyResultInfo Object
Name Data Type Description
certChainURL String CA root certificate URL
cert String The content of the certificate obtained
certSn String Certificate number
caCert String CA root certificate

Sample

Java SDK Sample

package com.envisioniot.enos.api.sample.connect_service.cert;

import com.envision.apim.poseidon.config.PConfig;
import com.envision.apim.poseidon.core.Poseidon;
import com.envisioniot.enos.connect_service.v2_1.cert.RenewCertificateRequest;
import com.envisioniot.enos.connect_service.v2_1.cert.RenewCertificateResponse;
import com.envisioniot.enos.connect_service.vo.DeviceIdentifier;

public class RenewCert {

    public static void main(String[] args) {
        String appKey = "e36cc693-3a07-456e6cafcbc2-9314-4ff6";
        String appSecret = "6cafcbc2-9314-4ff6-9450-861d4344a431";
        String serverUrl = "http://apim-apigw-proxy.alpha-k8s-cn4.eniot.io";

        String orgId = "o15444172373271";

        String newCert = "-----BEGIN NEW CERTIFICATE REQUEST-----\n" +
                "MIICwTCCAakCAQAwfDELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREw\n" +
                "DwYDVQQHDAhTaGFuZ2hhaTENMAsGA1UECgwERW5PUzERMA8GA1UEAwwITVJtSXl6\n" +
                "UFcxDTALBgNVBAsMBEVuT1MxFjAUBgkqhkiG9w0BCQEWBzREbmIxVDEwggEiMA0G\n" +
                "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+dU5jLAu7Kb88hONou6PycTnv9+3/\n" +
                "FFPaHm5I8vPfhh0QL6TcunKpm97Dyds1yHgMCqVT+gWgO4MHFz8TiIb9JKRjHn/6\n" +
                "kFea1ccZU9nYGuv+yMGqa340NjN/vP+XpjXm6Xkqw7ujehhNoBuKJZh6+uXlf2yw\n" +
                "1gTP9vWJTc7cuiky2jgKl6/47iKEmIMT1xpHVDp16LWX08/aamJESPJ171RFFxf/\n" +
                "6z2taiK/z7McXFRHk+SdYGN0iTNZQqoFKi3S9S8FvkLBQF8gHOytZdpnSz6SZwW0\n" +
                "DJUv8VGFWQYOVU67BzVR59s0CVM9IdAHntjXm2t3BF0A9kKZa6VDzHpxAgMBAAGg\n" +
                "ADANBgkqhkiG9w0BAQsFAAOCAQEASGPYV0t4zPT3XA42SKqNzNEiYvB550/6Vh1y\n" +
                "mxD+mQXeyvkZn5OcxtuzrgD7aBVRcT/j+tK4XP8s+ODYiM+VSrqLs+a5ZGmOhHHf\n" +
                "36MdmAK8I/dNyHZBiTf+GI5ibul2vaSpYYUwarzMu0azT6+d2qiUl7TqVVIGo4+P\n" +
                "PSRp+V+9e4RJ/TKUjAToBazz154tXU5psVmQ1Ac9oF7Y/9AvGTtusLUDHCu3T45J\n" +
                "QiwAUsMkSla5HCZEftNV8uC+BR6GktfFGLv3Gx+havoBsi82OPDUbBBtKgbiIQyq\n" +
                "bslaLc4GkDZTZPz4st7/ChYOZVJNxz2CAx1JU4VAfjonqChzbw==\n" +
                "-----END NEW CERTIFICATE REQUEST-----";
        Integer certSn = 2667;
        RenewCertificateRequest request = new RenewCertificateRequest();
        request.setCertSn(certSn);
        request.setCsr(newCert);
        request.setValidDay(220);
        DeviceIdentifier identifier = new DeviceIdentifier();
        identifier.setProductKey("ymcDiAHd");
        identifier.setAssetId("KloXinjW");
        identifier.setDeviceKey("TT6MyEFaO7");
        request.setDevice(identifier);
        request.setOrgId(orgId);
        RenewCertificateResponse certRsp = Poseidon.config(PConfig.init().appKey(appKey).appSecret(appSecret).debug())
                .url(serverUrl)
                .getResponse(request, RenewCertificateResponse.class);
        System.out.println(certRsp.getData());
    }
}

Error Code

Error Code
Error Code Type Description
99400
  • The specified validity period exceeds the maximum certificate validity period of the product to which this device belongs.
  • Exceeded the remaining valid days of the CA root certificate! The valid day cannot be greater than x day!
  • Error info:message: (message content), detail message: (detailed message content)
  • The old certificate serial number is a mandatory field
  • The serial number of the incoming old certificate is illegal (less than 0)
  • The certificate list bound to the device does not have the certificate, or the certificate is bound to other devices.
  • The old certificate has been revoked and cannot be updated.
  • The old certificate has been expired and cannot be updated.
  • The product to which the device belongs is not a product that supports BiDirectionalAuth.
  • device identifier is invalid
  • orgId is null
  • The validity period specified is longer than the maximum validity period of the product that this device belongs to
  • he validity period specified is longer than the remaining CA root certificate’s validity period. The validity period cannot exceed x days. (x representing the remaining CA root certificate validity period.)
  • Parameter error. Detailed cause will be given in message or detailed message .
  • The number of the original certificate is required.
  • The certificate number in the request is invalid (less than 0).
  • The device has no certificate bound or the certificate has been bound to another device.
  • The original certificate has been revoked, or cannot be updated or revoked.
  • The original certificate has expired, or cannot be updated or revoked.
  • The product that the device belongs to does not support bi-directional authorization
  • Either assetId or productKey + deviceKey is not included in the request.
  • orgId is not included in the request
11404 device can not be found No device can be found by either assetId or productKey + deviceKey .
11833 certificate already bind to another device The certificate has been bound to another device.
99500
  • hub service internal error!
  • certificate service err info:code: x, message: y, detail message: z
  • certificate service internal error!
  • product service internal error!
  • Internal error
  • Internal CA service error. Detailed causes are given in message or detail message .
  • Internal certificate error
  • Internal product service error