Skip to main content

Create a DCC Trusted Document signer

To verify a DCC you must first create a Trusted Document signer. You can load a single Trusted Document signer, or an array of several. This allows DCCs to be recognised as valid in terms of the authority who issued the certificate.

tip

If you have already created a document signer and used it to sign a DCC, that document signer has automatically been loaded as a trusted document signer on your tenant. You don't need to load the certificate again.

Prerequisites

  • Access to Sovrin APIs. If you’re experiencing any difficulties, contact us.

  • A document signer certificate containing the public key in PEM Certificate format. The certificate could either be representing a self-signed certificate or an association to a CSCA.

tip

The extension is pre-configured to only accept document signers from a limited number of countries. If the certificate supplied in the below request is not accepted, please contact us.

Request

Make a request of the following structure to create a trusted Document signer:


POST https://api.sovrin.one/ext/dcc/v1/trusteddocumentsigners


{
    "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIIBdjCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAgMR4wCQYDVQQGEwJOWjARBgNV\r\nBAMeCgBNAGEAdAB0AHIwHhcNMjEwODIzMDE0ODU1WhcNMjMwODIzMDE0ODU1WjAg\r\nMR4wCQYDVQQGEwJOWjARBgNVBAMeCgBNAGEAdAB0AHIwWTATBgcqhkjOPQIBBggq\r\nhkjOPQMBBwNCAARs3d32VyxR45vEVlsdJNvMM7yWz8NTe4phl0ff4ggHy30tKLJv\r\nPzmFX7aE709RWy/8j3ZSZ+y8GiN9wucidB4To0gwRjASBgNVHRMBAf8ECDAGAQH/\r\nAgEDMDAGA1UdJQQpMCcGCysGAQQBjjePZQECBgsrBgEEAY43j2UBAQYLKwYBBAGO\r\nN49lAQMwCgYIKoZIzj0EAwIDRwAwRAIgUkZhGDMvfySa5F4AHIW2yius88paOHYD\r\n4sAk4/9NWiYCIEutK6B7xAzFUvXLzjsbSRemBBPrknml7Yh01uomBMYk\r\n-----END CERTIFICATE-----",
    "public" : false
}

  • certificatePem: Represents the trusted document signer.

  • public: This should always be set to false when used on a trial/sandbox tenant, and only set to true in production environments.

Response


{
    "id": "7d159820-10c6-4e70-8a2e-bf7d68f06074",
    "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIIBdjCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAgMR4wCQYDVQQGEwJOWjARBgNV\r\nBAMeCgBNAGEAdAB0AHIwHhcNMjEwODIzMDE0ODU1WhcNMjMwODIzMDE0ODU1WjAg\r\nMR4wCQYDVQQGEwJOWjARBgNVBAMeCgBNAGEAdAB0AHIwWTATBgcqhkjOPQIBBggq\r\nhkjOPQMBBwNCAARs3d32VyxR45vEVlsdJNvMM7yWz8NTe4phl0ff4ggHy30tKLJv\r\nPzmFX7aE709RWy/8j3ZSZ+y8GiN9wucidB4To0gwRjASBgNVHRMBAf8ECDAGAQH/\r\nAgEDMDAGA1UdJQQpMCcGCysGAQQBjjePZQECBgsrBgEEAY43j2UBAQYLKwYBBAGO\r\nN49lAQMwCgYIKoZIzj0EAwIDRwAwRAIgUkZhGDMvfySa5F4AHIW2yius88paOHYD\r\n4sAk4/9NWiYCIEutK6B7xAzFUvXLzjsbSRemBBPrknml7Yh01uomBMYk\r\n-----END CERTIFICATE-----",
    "certificateKid": "76a96f2d62d38119",
    "certificateFingerprint": "76a96f2d62d381191e14e09c4fefe52ef94b40067adfafa6ba953ff8fdc469ab",
    "certificateData": {
        "notAfter": "2023-08-23T01:48:55.000Z",
        "notBefore": "2021-08-23T01:48:55.000Z",
        "keyUsage": {
            "recovery": true,
            "test": true,
            "vaccination": true
        },
        "country": "NZ"
    },
    "public": false
}

The response will include a unique id along with the extracted certificateData, certificateKid and certificateFingerprint that represents the newly uploaded trusted document signer.

The id value can be used to retrieve the Trusted Document signer, update it or remove it.

What's next? You can now use the Trusted Document signer to verify a DCC.