• Technology
• KnowledgeBase
• Server
• CertificateDeployment

• NOTA BENE - WORK IN PROGRESS - Your Inputs & Thoughts

• To Technology Knowledge Base - To Technology Knowledge Base - Overview - To Technology Knowledge Base - Server Certificate

CAcert.org Organization Certificate Widespread Deployment

• This is the current API to CAcert:

Certificate Issuing

• This interface can be used to issue new certificates:
• The interface is made available through a single HTTPS call.
• Parameters:

  URL	https://www.cacert.org/api/ccsr.php
  Action	can be POST or GET ($_REQUEST)
  username	username of the account that is used to issue the certificate
  password	password of the account that is used to issue the certificate
  email[0]	First email address for the certificate
  email[1]	Second email address for the certificate (and [2], [3] etc.)
  name	the name which should go into the certificate (Firstname Lastname or Firstname Middlename Lastname)
  codesign	1 or 0, whether it should be a codesigning certificate or not
  optionalCSR	The client CSR, which despite the name is a required parameter

• Example:

  https://www.cacert.org/api/ccsr.php?username=user@example.org&password=secret&email[0]=user@domain.org&name=Mr.%20Mueller&codesign=0

• This interface is currently lacking the possiblity to select the root certificate (class1/class3). If you need this feature, please contact us.

Account Status Interface

• This interfaces tells you the email addresses that are verified in the account, the names of the person of the account, and whether the account is permitted to issue CodeSigning(CS) certificates or not.

• Parameters:

  URL	https://www.cacert.org/api/cemails.php
  Action	can be POST or GET ($_REQUEST)
  username	username of the account that is used to issue the certificate
  password	password of the account that is used to issue the certificate

• Request example:

  https://www.cacert.org/api/cemails.php?username=john@doe.com&password=johnny

• Returns:

  200,Authentication Ok
  CS=0
  NAME=CAcert WoT User
  NAME=John Doe
  NAME=JOhn M. Doe
  EMAIL=john@doe.com
  EMAIL=john@super.com
  EMAIL=j@doe.au

• John Doe can not issue code-signing certificates, he can choose between the three names, and can include any of the 3 email addresses in the certificate.

Future API Ideas

• We have collected several ideas for additional interfaces:

• http://wiki.cacert.org/wiki/Software/IntegrationInterface

• If you need anything else, please contact us!

Inputs & Thoughts

• 20091002- Philipp Gühring /E-Mail

• As far as I remember, the API automatically recognizes the Organisation
  from the Domain that is used in the certificates. So if you want to
  issue a certificate for scott.milliken@Vanderbilt.Edu, it recognizes the
  Vanderbilt.Edu and adds the appropriate Organisational details to it.
  (Like in the webinterface too)
  If there are any details missing, please contact me.
  
  The API can be used with either personal client certificates (use
  secure.cacert.org instead of www.cacert.org then) or username/password
  (with www.cacert.org).
  The only limitation at the moment is that we can't limit the certificate
  to a specific organisation. The certificate is currently bound to your
  personal account, like in the webinterface. If you need additional
  restrictions there, please tell us your needs.

• YYYYMMDD-YourName

• Text / Your Statements, thoughts and e-mail snippets, Please

• YYYYMMDD-YourName

• Text / Your Statements, thoughts and e-mail snippets, Please

Category or Categories

CategorySample