Account users can generate an API access key to use it for authentication purpose while making API calls.

RESTful services designed for scale, flexibility & ease of integration. emSign Interface-less APIs enables access to key functionalities offered on emSign product that can be consumed by your application. Our API's are built on REST and therefore interoperable with any existing web application framework that supports REST based API calls.

emSign's ACME service is meticulously crafted to simplify the automation of SSL/TLS processes, mitigating the complexity and effort associated with managing numerous certificates within an enterprise. With organizations juggling a multitude of certificates, each demanding significant time and effort, ACME proves invaluable by completely automating the essential procedures needed to oversee SSL/TLS certificates across all endpoints in your organization.

In this section

• REST APIs

• ACME APIs

Procedure for installing Certificate in HSM

• This tool is used to download the certificate in a soft Token (or) USB Token.

• The eMudhra emSign Click Tool can be downloaded in this Page.

• This tool can be downloaded in Windows 7, Ubuntu, MAC operating systems.

• Click the Download button provided or copy the link and paste it in the address bar to use the tool and generate the certificate as shown below.

• The tool gets downloaded in the system. Upon clicking the tool will be displayed in a modal.

Step: 1 (Open emSign Click Tool)

Step: 2 (Please enter "Order ID" and its associated "Download PIN". Click on "Confirm") Note: Once the certificate is ready for download, Download PIN will be shared to the respective certificate requester's Email ID.

Step: 3 (Certificate Requester will be redirected to "Download" tab as shown below) For an example, Select "Utimaco HSMs" from the dropdown list of Cryptographic Service Provider

Step: 4 (On click of "Agree & Download", system will prompt to provide "Library Path", "Slot ID" and "Normal User Pin" associated with the selected HSM provider for certificate download.)

Step: 5 (Login to your HSM service provider. In your HSM provider application, Slot management / Configuration setup should be made as shown below.)

Step: 6 (Initiate HSM services as shown below.)

Step: 7 (Once the HSM services are successfully initialized, detailed information (Status, etc.) can be viewed as shown below.)

Step: 8 (Certificate will be downloaded successfully as shown below.)

Step: 9 (Certificate installed successfully in HSM )

• User can manage or create new REST API under this page.

• To create a new REST API, user need to click on "Add" button, a modal will be displayed.

• Enter description & select the user for which you wanted to generate the access key, then click on "Generate Access Key" button to proceed further.

• Upon submitting the request an access key will be generated by the system as shown below.

CA connectors (Certification Authority connectors) are software or middleware components that allow systems, applications, or services to integrate with Certification Authorities (CAs) for the management and automation of digital certificates within an organization's IT infrastructure.

CERTInext has provision to create the following CA connectors:

• emCA

• Microsoft PKI

• DigiCert

emCA

To create emCA credential, required fields are:

• Name:

• Base URL:

• By default, its Common Connector

• Username:

Fill in all the details and click on ‘Create’ button.

Microsoft PKI

To create Microsoft PKI credential, the required fields are:

• Name:

• Base URL:

• By default, its Common Connector

• CA Setup Type: Select the type as Standalone CA or Enterprise CA

Fill in all the details and click on ‘Create’ button.

DigiCert

To create DigiCert credential, the required fields are

• Name:

• DigiCert API Base URL:

• DigiCert API Key:

• Server Platform ID:

Fill in all the details and click on ‘Proceed’ button.

User can manage or create new ACME API under this page.

• To create a new ACME API, user need to click on "Add" button, a modal will be displayed.

• Enter description, user, select the group for which you wanted to generate the key ID & Mac Key, select the product, add tags (optional), then click on "Generate EAB Credentials" button to proceed further

• Upon submitting the request, a key ID & Mac Key will be generated by the system as shown below w.r.t to the selected group.

• This tool is used to download the certificate in a soft Token (or) USB Token.

• The eMudhra emSign Click Tool can be downloaded in this Page - This tool can be downloaded in Windows 7, Ubuntu, MAC operating systems.

• Click the Download button provided or copy the link and paste it in the address bar to use the tool and generate the certificate as shown below.

The tool gets downloaded in the system. Upon clicking the tool will be displayed in a modal.

For downloading the certificate through emSign Click, you will need to ensure that the URLs you provided are trusted and accessible through your network or firewall. The URLs are:

Depending on your network setup (e.g., firewall, security gateway), you will need to add the URLs to the whitelist.

Note: The above changes need to be done only if the download to be done in Organization’s system if there are firewall/security restrictions.

For personal PCs no changes are required.

In this section

• Procedure for installing Certificate in HSM

• Procedure for Attested CSR Generation

The eMudhra Certificate Utility Tool is designed to simplify certificate-related processes, such as generating CSRs (Certificate Signing Requests), importing, and exporting certificates in various formats.

CSR Generation

Download the eMudhra Certificate Utility Tool from this page by clicking the "Download" button or copying the link into your browser's address bar.

After downloading, open the tool to access the CSR Generator section.

Enter the required details:

• Common Name

• Country

• Algorithm

Click the "Generate CSR" button.

Save the generated CSR locally or copy it for use where required.

Import & Export Certificate

The tool includes an Import & Export feature to convert certificates into various formats like .pfx, .jks, or .pem. It also allows exporting private keys as .key files when exporting .pfx certificates.

Importing Certificates

Click "Import Certificate" to get started.

Select the certificate using one of the following options:

• Option 1: Import only the end-entity certificate (e.g., .cer issued by emSign).

• Option 2: Import the complete certificate chain (e.g., .zip received from emSign).

Once the certificate is imported, view details such as:

• Common Name (e.g., emsign.com)

• Certificate Serial Number

• Thumbprint Value

Exporting Certificates

Choose the desired export format:

• Option 1: .pfx

• Option 2: .pem

• Option 3: .jks

If exporting as .pfx, set a PFX password for future use.

Click "Export" to save the certificate.

Upon successful export, the following files will be available:

• .pfx File

• .key File (Private Key)

Attested CSR can be generated using HSM via emSign Click Tool.

Step 1: Open emSign Click Tool.

Step 2: Click "Tools" from the menu. Step 3: Click "Generate CSR for HSM".

Step 4: Please follow the help section to generate your CSR.

Step 5: Proceed to enter the mandatory details and click "Generate CSR". Note: emSign Click Tool supports the below HSM Providers.

• ncipher HSMs

• Safenet Luna HSMs

• Utimaco HSMs

Step 6: Please click Copy CSR / Save CSR to save the CSR in your computer.

Step 7: Private Key stored successfully in the HSM.

Step 8: Submit the CSR to emSign via Portal / API accordingly.