. '''NOTA BENE - WORK IN PROGRESS''' - [[Technology/KnowledgeBase/Server/CertificateDeployment#Inputs_&_Thoughts|Your Inputs & Thoughts]] :-)
. '''To Technology''' '''[[Technology#Technology_Knowledge_Base| Knowledge Base]]''' - '''To Technology ''' '''[[Technology/KnowledgeBase| Knowledge Base - Overview]]''' - '''To Technology''' '''[[Technology/KnowledgeBase/Server| Knowledge Base - Server Certificate]]'''
----
== CAcert.org Organization Certificate Widespread Deployment ==
. This is the current API to CAcert:
<
>
== Certificate Issuing ==
. This interface can be used to issue new certificates:
. The interface is made available through a single HTTPS call.
. Parameters:
||URL||https://www.cacert.org/api/ccsr.php||
||Action||can be POST or GET ($_REQUEST)||
||username||username of the account that is used to issue the certificate||
||password||password of the account that is used to issue the certificate||
||email[0]||First email address for the certificate||
||email[1]||Second email address for the certificate (and [2], [3] etc.)||
||name||the name which should go into the certificate (Firstname Lastname or Firstname Middlename Lastname)||
||codesign||1 or 0, whether it should be a codesigning certificate or not||
||optionalCSR||The client CSR, which despite the name is a required parameter||
. Example:
{{{
https://www.cacert.org/api/ccsr.php?username=user@example.org&password=secret&email[0]=user@domain.org&name=Mr.%20Mueller&codesign=0
}}}
. This interface is currently lacking the possiblity to select the root certificate (class1/class3). If you need this feature, please contact us.
<
>
== Account Status Interface ==
. This interfaces tells you the email addresses that are verified in the account, the names of the person of the account, and whether the account is permitted to issue CodeSigning(CS) certificates or not.
. Parameters:
||URL||https://www.cacert.org/api/cemails.php||
||Action||can be POST or GET ($_REQUEST)||
||username||username of the account that is used to issue the certificate||
||password||password of the account that is used to issue the certificate||
. Request example:
{{{
https://www.cacert.org/api/cemails.php?username=john@doe.com&password=johnny
}}}
. Returns:
{{{
200,Authentication Ok
CS=0
NAME=CAcert WoT User
NAME=John Doe
NAME=JOhn M. Doe
EMAIL=john@doe.com
EMAIL=john@super.com
EMAIL=j@doe.au
}}}
. John Doe can not issue code-signing certificates, he can choose between the three names, and can include any of the 3 email addresses in the certificate.
<
>
== Future API Ideas ==
. We have collected several ideas for additional interfaces:
. http://wiki.cacert.org/wiki/Software/IntegrationInterface
. If you need anything else, please contact us!
<
>
----
== Inputs & Thoughts ==
. 20091002- [[Philipp Gühring]] /E-Mail
. {{{
As far as I remember, the API automatically recognizes the Organisation
from the Domain that is used in the certificates. So if you want to
issue a certificate for scott.milliken@Vanderbilt.Edu, it recognizes the
Vanderbilt.Edu and adds the appropriate Organisational details to it.
(Like in the webinterface too)
If there are any details missing, please contact me.
The API can be used with either personal client certificates (use
secure.cacert.org instead of www.cacert.org then) or username/password
(with www.cacert.org).
The only limitation at the moment is that we can't limit the certificate
to a specific organisation. The certificate is currently bound to your
personal account, like in the webinterface. If you need additional
restrictions there, please tell us your needs.
}}}
----
. YYYYMMDD-YourName
. {{{
Text / Your Statements, thoughts and e-mail snippets, Please
}}}
----
. YYYYMMDD-YourName
. {{{
Text / Your Statements, thoughts and e-mail snippets, Please
}}}
----
<
>
'''Category''' or '''Categories'''<
>
CategorySample