light-mode-image
Learn
MATTR VII PlatformVerifier root CA certificates

Create a verifier root CA certificate

Creates a verifier root CA certificate to be used as part of mDocs online verification workflows.

  • A maximum of three Verifier root CA certificates can be created per tenant.

Analytics Events

CREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_STARTCREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_SUCCESSCREDENTIAL_PRESENTATION_VERIFIER_CA_CERTIFICATE_CREATE_FAIL

Roles

adminverifier
POST/v2/presentations/certificates/ca

Authorization

AuthorizationBearer <token>

In: header

Request Body

Verifier root CA certificate payload

Request payload for managed verifier root CA certificate

commonName?string

Used to define the common name of the created verifier root CA certificate. Used to establish trust with the verifier by wallets that implement certificate-based trust.

  • When provided, the value must be a valid PrintableString and cannot be an empty string.
  • If not provided and a custom domain is configured and verified, the custom domain is used followed by the word IACA.
  • If no custom domain is configured, the tenant subdomain is used instead.
Default"{tenantDomain} Verifier"
country?string

Indicates the verifier's country. If not provided, a country is selected based on the region of the tenant subdomain cloud host. When specified, the value must be a valid Alpha 2 country code as per ISO 3166-1.

notBefore?string

Used to set the date and time when the Verifier root CA certificate becomes valid and can be used to sign other intermediate certificates.

  • Must not be in the past.
  • Must be before notAfter.
Formatdate-time
notAfter?string

Used to set the date and time when the Verifier root CA certificate expires.

  • If not provided, calculated as notBefore + 20 years.
  • If not provided and notBefore is not provided, calculated as time of creation + 20 years.
  • Maximum value is 20 years from creation.
  • Must be after notBefore, if provided.
Formatdate-time

Request payload for unmanaged verifier root CA certificate

certificatePemstring

Verifier root CA certificate in PEM format. The certificate must be valid and not expired.

Response Body

curl -X POST "https://example.vii.au01.mattr.global/v2/presentations/certificates/ca" \  -H "Content-Type: application/json" \  -d '{}'
{
  "id": "string",
  "certificatePem": "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAL5...\n-----END CERTIFICATE-----",
  "certificateFingerprint": "a3b2c1d4e5f60718293a4b5c6d7e8f90123456789abcdef0123456789abcdef0",
  "certificateData": {
    "commonName": "Example Verifier",
    "country": "US",
    "notAfter": "2024-10-22T00:00:00Z",
    "notBefore": "2023-10-22T00:00:00Z"
  },
  "active": true,
  "isManaged": true
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}
{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}

How would you rate this page?

Delete a trusted issuer DELETE

Previous Page

Retrieve all verifier root CA certificates GET

Next Page