Create a verifier root CA certificate

POST/v2/presentations/certificates/ca

Creates a verifier root CA certificate to be used as part of mDocs online verification workflows.

A maximum of three Verifier root CA certificates can be created per tenant.

Analytic events

CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_START
CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_SUCCESS
CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_FAIL

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Request Body

application/json

Verifier root CA certificate payload

TypeScript Definitions

Use the request body type in TypeScript.

commonName?string

Used to define the common name of the created verifier root CA certificate. Used to establish trust with the verifier by wallets that implement certificate-based trust.

When provided, the value must be a valid PrintableString and cannot be an empty string.
If not provided and a custom domain is configured and verified, the custom domain is used followed by the word Verifier.
If no custom domain is configured, the tenant subdomain is used instead.

Default"{tenantDomain} Verifier"

country?string

Indicates the verifier's country. If not provided, a country is selected based on the region of the tenant subdomain cloud host. When specified, the value must be a valid Alpha 2 country code as per ISO 3166-1.

notBefore?string

Used to set the date and time when the Verifier root CA certificate becomes valid and can be used to sign other intermediate certificates.

Must not be in the past.
Must be before notAfter.

Formatdate-time

notAfter?string

Used to set the date and time when the Verifier root CA certificate expires.

If not provided, calculated as notBefore + 20 years.
If not provided and notBefore is not provided, calculated as time of creation + 20 years.
Maximum value is 20 years from creation.
Must be after notBefore, if provided.

Formatdate-time

certificatePem*string

Verifier root CA certificate in PEM format. The certificate must be valid and not expired.

Response Body

`application/json`

curl -X POST "https://example.vii.au01.mattr.global/v2/presentations/certificates/ca" \  -H "Content-Type: application/json" \  -d '{}'

{
  "id": "string",
  "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
  "certificateFingerprint": "a3b2c1d4e5f60718293a4b5c6d7e8f90123456789abcdef0123456789abcdef0",
  "certificateData": {
    "commonName": "Example Verifier",
    "country": "US",
    "notAfter": "2024-10-22T00:00:00Z",
    "notBefore": "2023-10-22T00:00:00Z"
  },
  "active": true,
  "isManaged": true
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

Create a verifier root CA certificate

Roles

Analytics Events

Analytic events

Authorization

Request Body

Response Body

`application/json`

`application/json`

`application/json`

Create a verifier root CA certificate

Roles

Analytics Events

Analytic events

Authorization

Request Body

Response Body

200application/json

400application/json

409application/json

`application/json`

`application/json`

`application/json`