Create a DCC Trusted Document signer
To verify a DCC you must first create a Trusted Document signer. You can load a single Trusted Document signer, or an array of several. This allows DCCs to be recognised as valid in terms of the authority who issued the certificate.
If you have already created a document signer and used it to
sign
a DCC, that document signer has automatically been loaded as a trusted document signer on your tenant. You don't need to load the certificate again.
Prerequisites
Access to MATTR VII APIs. If you’re experiencing any difficulties, contact us.
A document signer certificate containing the public key in PEM Certificate format. The certificate could either be representing a self-signed certificate or an association to a CSCA.
The extension is pre-configured to only accept document signers from a limited number of countries. If the certificate supplied in the below request is not accepted, please contact us.
Request
Make a request of the following structure to create a trusted Document signer:
1POST https://YOUR_TENANT_URL/ext/dcc/v1/trusteddocumentsigners
1{
2 "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIIBdjCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAgMR4wCQYDVQQGEwJOWjARBgNV\r\nBAMeCgBNAGEAdAB0AHIwHhcNMjEwODIzMDE0ODU1WhcNMjMwODIzMDE0ODU1WjAg\r\nMR4wCQYDVQQGEwJOWjARBgNVBAMeCgBNAGEAdAB0AHIwWTATBgcqhkjOPQIBBggq\r\nhkjOPQMBBwNCAARs3d32VyxR45vEVlsdJNvMM7yWz8NTe4phl0ff4ggHy30tKLJv\r\nPzmFX7aE709RWy/8j3ZSZ+y8GiN9wucidB4To0gwRjASBgNVHRMBAf8ECDAGAQH/\r\nAgEDMDAGA1UdJQQpMCcGCysGAQQBjjePZQECBgsrBgEEAY43j2UBAQYLKwYBBAGO\r\nN49lAQMwCgYIKoZIzj0EAwIDRwAwRAIgUkZhGDMvfySa5F4AHIW2yius88paOHYD\r\n4sAk4/9NWiYCIEutK6B7xAzFUvXLzjsbSRemBBPrknml7Yh01uomBMYk\r\n-----END CERTIFICATE-----",
3 "public" : false
4}
certificatePem
: Represents the trusted document signer.public
: This should always be set tofalse
when used on a trial/sandbox tenant, and only set totrue
in production environments.
Response
1{
2 "id": "7d159820-10c6-4e70-8a2e-bf7d68f06074",
3 "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIIBdjCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAgMR4wCQYDVQQGEwJOWjARBgNV\r\nBAMeCgBNAGEAdAB0AHIwHhcNMjEwODIzMDE0ODU1WhcNMjMwODIzMDE0ODU1WjAg\r\nMR4wCQYDVQQGEwJOWjARBgNVBAMeCgBNAGEAdAB0AHIwWTATBgcqhkjOPQIBBggq\r\nhkjOPQMBBwNCAARs3d32VyxR45vEVlsdJNvMM7yWz8NTe4phl0ff4ggHy30tKLJv\r\nPzmFX7aE709RWy/8j3ZSZ+y8GiN9wucidB4To0gwRjASBgNVHRMBAf8ECDAGAQH/\r\nAgEDMDAGA1UdJQQpMCcGCysGAQQBjjePZQECBgsrBgEEAY43j2UBAQYLKwYBBAGO\r\nN49lAQMwCgYIKoZIzj0EAwIDRwAwRAIgUkZhGDMvfySa5F4AHIW2yius88paOHYD\r\n4sAk4/9NWiYCIEutK6B7xAzFUvXLzjsbSRemBBPrknml7Yh01uomBMYk\r\n-----END CERTIFICATE-----",
4 "certificateKid": "76a96f2d62d38119",
5 "certificateFingerprint": "76a96f2d62d381191e14e09c4fefe52ef94b40067adfafa6ba953ff8fdc469ab",
6 "certificateData": {
7 "notAfter": "2023-08-23T01:48:55.000Z",
8 "notBefore": "2021-08-23T01:48:55.000Z",
9 "keyUsage": {
10 "recovery": true,
11 "test": true,
12 "vaccination": true
13 },
14 "country": "NZ"
15 },
16 "public": false
17}
The response will include a unique id
along with the extracted certificateData
, certificateKid
and certificateFingerprint
that represents the newly uploaded trusted document signer.
The id
value can be used to retrieve the Trusted Document signer, update it or remove it.
What's next?
You can now use the Trusted Document signer to verify a DCC.