Guides
Platform management
Identifiers
Certificates
Create a DSC

How to create a DSC

A DSC (Document Signer Certificate) is an intermediate X.509 certificate used to digitally sign Mobile Security Objects (MSOs) in Mobile Credentials.

Request

Make a request of the following structure to create a DSC:

POST /v2/credentials/mobile/document-signers
{
    "active": true,
    "commonName": "MATTR DSC",
    "notAfter": "2024-08-26"
}
  • active : This required parameter defines the status of the created DSC. Only active (true) DSCs can be used to sign Mobile Credentials.
  • commonName : This optional parameter indicates the common name of the DSC certificate. When specified, the value must be a valid PrintableString and cannot be an empty string. If not provided and a custom domain is configured and verified, the custom domain is used followed by the words Document Signer. If no custom domain is configured, the tenant subdomain is used instead.
  • notAfter : This optional paramter defines the date after which the DSC can no longer be used to sign Mobile Credentials. If not provided, defaults to 365 days. Maximum value is 457 days.

Response

{
    "id": "e7ffdcb3-be6b-4476-a1a9-bbb92db1bc0f",
    "active": true,
    "publicKeyJwk": {
        "kty": "EC",
        "crv": "P-256",
        "x": "3roTNEegJH4Y3QNRDCfBe8K0_rBYL8FoYvyJEaDSYWI",
        "y": "ZXvaLVjQIHJHAUcWR5jPcYBLkdQPum4h5i0EJ1iYxx4"
    },
    "certificatePem": "-----BEGIN CERTIFICATE-----\\r\\nMIIB7zCCAZWgAwIBAgIKVvisuUgAu633uzAKBggqhkjOPQQDAjAgMR4wCQYDVQQG\\r\\nEwJOWjARBgNVBAMTCk1BVFRSIElBQ0EwHhcNMjMwODA4MDAwOTIxWhcNMjQwODAy\\r\\nMDAwOTIxWjAfMR0wCQYDVQQGEwJOWjAQBgNVBAMTCU1BVFRSIERTQzBZMBMGByqG\\r\\nSM49AgEGCCqGSM49AwEHA0IABN66EzRHoCR+GN0DUQwnwXvCtP6wWC/BaGL8iRGg\\r\\n0mFiZXvaLVjQIHJHAUcWR5jPcYBLkdQPum4h5i0EJ1iYxx6jgbcwgbQwEgYDVR0T\\r\\nAQH/BAgwBgEB/wIBAzAdBgNVHQ4EFgQU1fqFUtZavQ4hgjh8AyjJpJeEWuswHwYD\\r\\nVR0jBBgwFoAUjjXBxoeCHztXWKK0abLha7Pn/EgwDgYDVR0PAQH/BAQDAgCAMBwG\\r\\nA1UdEQQVMBOBEWluZm9AbWF0dHIuZ2xvYmFsMBwGA1UdEgQVMBOBEWluZm9AbWF0\\r\\ndHIuZ2xvYmFsMBIGA1UdJQQLMAkGByiBjF0FAQIwCgYIKoZIzj0EAwIDSAAwRQIg\\r\\nKwQAsGozvv4zzNN8nbDI7aCfWA14e9JxsbveD5nRgTMCIQCE7h9AxvYAMpP+iyS/\\r\\nX9cZo87CcUTOJSU7Am2Y7WEDfg==\\r\\n-----END CERTIFICATE-----\\r\\n",
    "certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
    "certificateData": {
        "notAfter": "2024-08-26T00:09:21.000Z",
        "notBefore": "2023-08-08T00:09:21.000Z",
        "commonName": "MATTR DSC",
        "country": "NZ"
    }
}
  • id : Each DSC created on MATTR VII will have a unique identifier which must be provided when using this DSC to sign a Mobile Credential.
  • active : Indicates the DSC status. Only active (true) DSCs can be used to sign Mobile Credentials.
  • publicKeyJwk : JWK format of the DSC public key.
  • certificatePEM : Certificate PEM format.
  • certificateFingerprint : DSC Hash that includes all certificate data and its signature.
  • certificateData : Key details of the created DSC:
    • notAfter : DSC expiry date. Cannot be later than the notAfter of the IACA used to sign the DSC.
    • notBefore : DSC creation date. Cannot be earlier than the notBefore date of the IACA used to issue the DSC.
    • commonName : DSC name, as provided in the request.
    • country : Country of the IACA’s issuer.
Create an IACACreate a did:key