Create a DCC Trusted Document signer

To verify a DCC you must first create a Trusted Document signer. You can load a single Trusted Document signer, or an array of several. This allows DCCs to be recognised as valid in terms of the authority who issued the certificate.

If you have already created a document signer and used it to sign a DCC, that document signer has automatically been loaded as a trusted document signer on your tenant. You don't need to load the certificate again.

Prerequisites

  • Access to MATTR VII APIs. If you’re experiencing any difficulties, contact us.

  • A document signer certificate containing the public key in PEM Certificate format. The certificate could either be representing a self-signed certificate or an association to a CSCA.

The extension is pre-configured to only accept document signers from a limited number of countries. If the certificate supplied in the below request is not accepted, please contact us.

Request

Make a request of the following structure to create a trusted Document signer:

http
Copy to clipboard.
1POST https://YOUR_TENANT_URL/ext/dcc/v1/trusteddocumentsigners
json
Copy to clipboard.
1{
2    "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIIBdjCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAgMR4wCQYDVQQGEwJOWjARBgNV\r\nBAMeCgBNAGEAdAB0AHIwHhcNMjEwODIzMDE0ODU1WhcNMjMwODIzMDE0ODU1WjAg\r\nMR4wCQYDVQQGEwJOWjARBgNVBAMeCgBNAGEAdAB0AHIwWTATBgcqhkjOPQIBBggq\r\nhkjOPQMBBwNCAARs3d32VyxR45vEVlsdJNvMM7yWz8NTe4phl0ff4ggHy30tKLJv\r\nPzmFX7aE709RWy/8j3ZSZ+y8GiN9wucidB4To0gwRjASBgNVHRMBAf8ECDAGAQH/\r\nAgEDMDAGA1UdJQQpMCcGCysGAQQBjjePZQECBgsrBgEEAY43j2UBAQYLKwYBBAGO\r\nN49lAQMwCgYIKoZIzj0EAwIDRwAwRAIgUkZhGDMvfySa5F4AHIW2yius88paOHYD\r\n4sAk4/9NWiYCIEutK6B7xAzFUvXLzjsbSRemBBPrknml7Yh01uomBMYk\r\n-----END CERTIFICATE-----",
3    "public" : false
4}
  • certificatePem: Represents the trusted document signer.

  • public: This should always be set to false when used on a trial/sandbox tenant, and only set to true in production environments.

Response

json
Copy to clipboard.
1{
2    "id": "7d159820-10c6-4e70-8a2e-bf7d68f06074",
3    "certificatePem": "-----BEGIN CERTIFICATE-----\r\nMIIBdjCCAR2gAwIBAgIBATAKBggqhkjOPQQDAjAgMR4wCQYDVQQGEwJOWjARBgNV\r\nBAMeCgBNAGEAdAB0AHIwHhcNMjEwODIzMDE0ODU1WhcNMjMwODIzMDE0ODU1WjAg\r\nMR4wCQYDVQQGEwJOWjARBgNVBAMeCgBNAGEAdAB0AHIwWTATBgcqhkjOPQIBBggq\r\nhkjOPQMBBwNCAARs3d32VyxR45vEVlsdJNvMM7yWz8NTe4phl0ff4ggHy30tKLJv\r\nPzmFX7aE709RWy/8j3ZSZ+y8GiN9wucidB4To0gwRjASBgNVHRMBAf8ECDAGAQH/\r\nAgEDMDAGA1UdJQQpMCcGCysGAQQBjjePZQECBgsrBgEEAY43j2UBAQYLKwYBBAGO\r\nN49lAQMwCgYIKoZIzj0EAwIDRwAwRAIgUkZhGDMvfySa5F4AHIW2yius88paOHYD\r\n4sAk4/9NWiYCIEutK6B7xAzFUvXLzjsbSRemBBPrknml7Yh01uomBMYk\r\n-----END CERTIFICATE-----",
4    "certificateKid": "76a96f2d62d38119",
5    "certificateFingerprint": "76a96f2d62d381191e14e09c4fefe52ef94b40067adfafa6ba953ff8fdc469ab",
6    "certificateData": {
7        "notAfter": "2023-08-23T01:48:55.000Z",
8        "notBefore": "2021-08-23T01:48:55.000Z",
9        "keyUsage": {
10            "recovery": true,
11            "test": true,
12            "vaccination": true
13        },
14        "country": "NZ"
15    },
16    "public": false
17}

The response will include a unique id along with the extracted certificateData, certificateKid and certificateFingerprint that represents the newly uploaded trusted document signer.

The id value can be used to retrieve the Trusted Document signer, update it or remove it.

What's next?

You can now use the Trusted Document signer to verify a DCC.