Setup a Trusted Document Signer

To verify a DCC through the MATTR extension the document signer for the DCC must be loaded as a trusted document signer.

If you have already created a document signer and used it to sign a DCC, that document signer has automatically been loaded as a trusted document signer on your tenant. You don't need to load the certificate again.

You can load a single, or set of trusted document signers. This allows DCCs signed by the loaded document signers to be recognised as valid in terms of the authority who issued the certificate.

Prerequisites

You need the following in order to proceed with this tutorial:

  • Access to the MATTR VII APIs.

  • A document signer certificate containing the public key in PEM Certificate format. The certificate could either be representing a self-signed certificate or association to a CSCA.

If you’re experiencing any difficulties, please contact us.

The extension is pre-configured to only accept document signers from a limited number of countries. If the certificate supplied in the below request is not accepted, please contact us.

Add a trusted document signer by invoking the API as follows.

Request

The request body should include the certificatePem that represents the trusted document signer.
The public flag should always be set to false when used on a trial/sandbox tenant.

http
Copy to clipboard.
1POST https://YOUR_TENANT_SUBDOMAIN.vii.mattr.global/ext/dcc/v1/trusteddocumentsigners
json
Copy to clipboard.
1{
2    "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIIBdjCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAgMR4wCQYDVQQGEwJOWjARBgNV\r\nBAMeCgBNAGEAdAB0AHIwHhcNMjEwODIzMDE0ODU1WhcNMjMwODIzMDE0ODU1WjAg\r\nMR4wCQYDVQQGEwJOWjARBgNVBAMeCgBNAGEAdAB0AHIwWTATBgcqhkjOPQIBBggq\r\nhkjOPQMBBwNCAARs3d32VyxR45vEVlsdJNvMM7yWz8NTe4phl0ff4ggHy30tKLJv\r\nPzmFX7aE709RWy/8j3ZSZ+y8GiN9wucidB4To0gwRjASBgNVHRMBAf8ECDAGAQH/\r\nAgEDMDAGA1UdJQQpMCcGCysGAQQBjjePZQECBgsrBgEEAY43j2UBAQYLKwYBBAGO\r\nN49lAQMwCgYIKoZIzj0EAwIDRwAwRAIgUkZhGDMvfySa5F4AHIW2yius88paOHYD\r\n4sAk4/9NWiYCIEutK6B7xAzFUvXLzjsbSRemBBPrknml7Yh01uomBMYk\r\n-----END CERTIFICATE-----",
3    "public" : false
4}

Response

json
Copy to clipboard.
1{
2    "id": "7d159820-10c6-4e70-8a2e-bf7d68f06074",
3    "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIIBdjCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAgMR4wCQYDVQQGEwJOWjARBgNV\r\nBAMeCgBNAGEAdAB0AHIwHhcNMjEwODIzMDE0ODU1WhcNMjMwODIzMDE0ODU1WjAg\r\nMR4wCQYDVQQGEwJOWjARBgNVBAMeCgBNAGEAdAB0AHIwWTATBgcqhkjOPQIBBggq\r\nhkjOPQMBBwNCAARs3d32VyxR45vEVlsdJNvMM7yWz8NTe4phl0ff4ggHy30tKLJv\r\nPzmFX7aE709RWy/8j3ZSZ+y8GiN9wucidB4To0gwRjASBgNVHRMBAf8ECDAGAQH/\r\nAgEDMDAGA1UdJQQpMCcGCysGAQQBjjePZQECBgsrBgEEAY43j2UBAQYLKwYBBAGO\r\nN49lAQMwCgYIKoZIzj0EAwIDRwAwRAIgUkZhGDMvfySa5F4AHIW2yius88paOHYD\r\n4sAk4/9NWiYCIEutK6B7xAzFUvXLzjsbSRemBBPrknml7Yh01uomBMYk\r\n-----END CERTIFICATE-----",
4    "certificateKid": "76a96f2d62d38119",
5    "certificateFingerprint": "76a96f2d62d381191e14e09c4fefe52ef94b40067adfafa6ba953ff8fdc469ab",
6    "certificateData": {
7        "notAfter": "2023-08-23T01:48:55.000Z",
8        "notBefore": "2021-08-23T01:48:55.000Z",
9        "keyUsage": {
10            "recovery": true,
11            "test": true,
12            "vaccination": true
13        },
14        "country": "NZ"
15    },
16    "public": false
17}
18

The response will include a unique id along with the extracted certificateData, certificateKid and certificateFingerprint that represents the newly uploaded trusted document signer.

The newly created/uploaded certificate can be removed using the id value from the response.