Learn

Create a DSC

MATTR VII uses Document Signer Certificates (DSCs) to digitally sign Mobile Security Objects (MSO) in Mobile Credentials. The DSC itself must be issued and signed by the root certificate, which is the Issuing Authority Certificate Authority (IACA). Refer to chain of trust for more information.

A single MATTR VII tenant can have multiple DSCs, signed by the same IACA. Different DSCs can have the same or different validity and activation status.

To sign Mobile Credentials, a valid and active DSC must be used. If there are multiple valid and active DSCs on the tenant, the most recently created or modified one is used. Note that a Mobile Credential expiry date cannot be later than that of the DSC used to sign it.

Request

Make the following request to create a new document signer:

http
Copy to clipboard.
1POST /v2/credentials/mobile/documentsigners
json
Copy to clipboard.
1{
2  "active": true,
3  "commonName": "MATTR DSC",
4  "notAfter": "2024-08-26"
5}

  • active: This required parameter defines the status of the created DSC. Only active DSCs can be used to sign Mobile Credentials.

  • commonName: This optional parameter indicates the common name of the DSC certificate. When specified, the value must be a valid PrintableString. If not provided and a custom domain is configured and verified, the custom domain is used. If no custom domain is configured, the tenant subdomain is used.

  • notAfter: Optional date after which the DSC can no longer be used to sign Mobile Credentials. If not provided, defaults to 365 days. Maximum value is 457 days.

Response

json
Copy to clipboard.
1{
2    "id": "e7ffdcb3-be6b-4476-a1a9-bbb92db1bc0f",
3    "publicKeyJwk": {
4        "kty": "EC",
5        "crv": "P-256",
6        "x": "3roTNEegJH4Y3QNRDCfBe8K0_rBYL8FoYvyJEaDSYWI",
7        "y": "ZXvaLVjQIHJHAUcWR5jPcYBLkdQPum4h5i0EJ1iYxx4"
8    },
9    "certificatePem": "-----BEGIN CERTIFICATE-----\\r\\nMIIB7zCCAZWgAwIBAgIKVvisuUgAu633uzAKBggqhkjOPQQDAjAgMR4wCQYDVQQG\\r\\nEwJOWjARBgNVBAMTCk1BVFRSIElBQ0EwHhcNMjMwODA4MDAwOTIxWhcNMjQwODAy\\r\\nMDAwOTIxWjAfMR0wCQYDVQQGEwJOWjAQBgNVBAMTCU1BVFRSIERTQzBZMBMGByqG\\r\\nSM49AgEGCCqGSM49AwEHA0IABN66EzRHoCR+GN0DUQwnwXvCtP6wWC/BaGL8iRGg\\r\\n0mFiZXvaLVjQIHJHAUcWR5jPcYBLkdQPum4h5i0EJ1iYxx6jgbcwgbQwEgYDVR0T\\r\\nAQH/BAgwBgEB/wIBAzAdBgNVHQ4EFgQU1fqFUtZavQ4hgjh8AyjJpJeEWuswHwYD\\r\\nVR0jBBgwFoAUjjXBxoeCHztXWKK0abLha7Pn/EgwDgYDVR0PAQH/BAQDAgCAMBwG\\r\\nA1UdEQQVMBOBEWluZm9AbWF0dHIuZ2xvYmFsMBwGA1UdEgQVMBOBEWluZm9AbWF0\\r\\ndHIuZ2xvYmFsMBIGA1UdJQQLMAkGByiBjF0FAQIwCgYIKoZIzj0EAwIDSAAwRQIg\\r\\nKwQAsGozvv4zzNN8nbDI7aCfWA14e9JxsbveD5nRgTMCIQCE7h9AxvYAMpP+iyS/\\r\\nX9cZo87CcUTOJSU7Am2Y7WEDfg==\\r\\n-----END CERTIFICATE-----\\r\\n",
10    "certificateFingerprint": "f6cad6e579d70b3973efa60624af731a580d1a11a7579e70f2f10f059dc86172",
11    "certificateData": {
12        "notAfter": "2024-08-26T00:09:21.000Z",
13        "notBefore": "2023-08-08T00:09:21.000Z",
14        "commonName": "MATTR DSC",
15        "country": "NZ"
16    }
17}

  • id: Each DSC created on MATTR VII will have a unique identifier which must be provided when using this DSC to sign a Mobile Credential.

  • publicKeyJwk: JWK format of the DSC public key.

  • certificatePEM: Certificate PEM format.

  • certificateFingerprint: DSC Hash that includes all certificate data and its signature.

  • certificateData: Key details of the created DSC:

    • notAfter: DSC expiry date. Cannot be later than the notAfter of the IACA used to sign the DSC.

    • notBefore: DSC creation date. Cannot be earlier than the notBefore date of the IACA used to issue the DSC.

    • commonName: DSC name, as set in the request above.

    • country: Country of the IACA’s issuer.

What's Next?

Now that you have an IACA and a DSC, you must create a new Mobile Credential Configuration before you can issue Mobile Credentials. Refer to Create a Mobile Credential Configuration for step-by-step instructions.