Digi-CA™ RA/API

Digi-CA™ Registration Authority [RA] Access Point Interface [API]

The Digi-CA™ RA/API system is a highly customisable way to issue and manage x.509 Certificates issued for digital signature, secure email, two factor authentication and other purposes. It:

• allows full control over the contents of the "Subject" field of the certificate
• allows full control over certificate authorisation process (rejection/approval)
• allows full control over certificate status (revocation/suspension/de-suspension)
• allows fully customisable user interface web page design, which can be hosted anywhere, for the certificate enrolment and installation process.
• works with Microsoft Internet Explorer 5+ (and with Outlook 2000+/Outlook Express 5.x+).

RA Account Point Interface Setup

The Digi-CA™ RA/API system is account based, therefore in order to be able to implement and use the system, the RA API account needs to be setup first on the Digi-CA™ Certificate Engine core system. Before implementing the RA API you must contact the Digi-CAST™ Team to ensure you have the latest version and release notes.


Overview of the RA API System

The entire RA/API system is based on a flat and secure communication between the RA API and the Digi-CA™ Certificate Engine Core system. It is achieved using the HTTP ‘POST’ method secured with an SSL/TLS layer on top of a standard TCP/IP connection.


Flow Process

a. The RA API initiates the connection to the Digi-CA™ Certificate Engine Core system via the SSL/TLS layer and accesses a specific URL and passes the HTTP ‘POST’ parameters in the following pair format: {itemName}=, where {itemName} is the name value for the parameter key and {itemName} is the value of the parameter.

Depending on the specific action that needs to be completed by the Administrator, i.e.: Digi-ID™ request, Digi-ID™ approval, Digi-ID™ suspension, Digi-ID™ revocation or other request, a different URL will be used for each individual action.

b. The Digi-CA™ Certificate Engine Core verifies all received data against local policy applied for the relevant RA API. If all data are correct, Digi-CA™ Certificate Engine Core executes the requested action and provides a real time response, so the success or error message can be collected by the RA Point and further used for appropriate Registration Authority actions.

Relevant points below are an overview of the steps involved in the Digi-CA™ RA operations using the RA/API.