Examples for importing a certificate

9.1 Examples for importing a certificate

Assume you have a certificate that you want to import into MyID. The user does not already exist in MyID, so you need to set the Allow Certificate User Creation option on the Certificates page of the Operation Settings workflow to allow MyID to create a user from the DN information contained in the certificate. You can import certificates in Base 64 format, either using X.509 (.cer files) or PKCS#12 (.pfx files); in this example, you have a .cer file that you want to import.

Before you run the examples, you must substitute the following placeholders:

myserver.example.com

The examples assume your MyID web server is on myserver.example.com – replace this placeholder with the address of your own MyID web server.
<YOUR-TOKEN>

The scripts assume that you have already obtained an access token. Replace this placeholder with a recently-acquired access token.

See section 3, Server-to-server authentication for more information on this process.
<X509 BASE64>

These examples import the certificate from its X.509 Base 64-encoded data. You can obtain this from an exported Base 64-encoded X.509 .cer file.

Open the .cer file in a text editor to find the Base 64-encoded certificate. Replace this placeholder with the Base 64 information. Do not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- lines.
<CERT POLICY>

You must determine the ID of a certificate policy with which you want to associate the imported certificate. You can find certificate policy IDs in the ObjectID field of the CetPolicies table in the MyID database, or through the API. Replace this placeholder with the ID of the certificate policy.

9.1.1 cURL

Copy

curl.exe -X "POST" "https://myserver.example.com/rest.core/api/Certificates/import" -H "Authorization: Bearer <YOUR TOKEN>" -H "accept: application/json" -H "x-api-version: 1" -H "Content-Type: application/json" -d "{ ""createUser"": true, ""x509"": ""<X509 BASE64>"", ""certPolicyId"": ""<CERT POLICY>""}"

9.1.2 Python

Copy

import requests
import json

# Set the server
server = "myserver.example.com"

# Set the access token
token = "<YOUR TOKEN>"

# Set the option whether or not to create a new user based on the 
# certificate information.
# You must set the "Allow Certificate User Creation" option on the 
# "Certificates" page of the Operation Settings workflow to allow 
# MyID to create a user.
createUser = True

# Create the payload for the API call containing the certificate data.
# This example imports an X.509 certificate in Base64.
certData = {
    "createUser": createUser,
    "x509": "<X509 BASE64>",
    "certPolicyId": "<CERT POLICY>"
}

certificate = json.dumps(certData)

# Set up the call for the API
response = requests.post(
    "https://" + server + "/rest.core/api/Certificates/import",
    headers={"Authorization": "Bearer " + token,
        "Content-Type": "application/json",
        "accept": "application/json",
        "x-api-version": "1"}, 
    data=certificate)

# Display the response
if response.status_code==200:
    returnedData = json.loads(response.text)
    print(returnedData)
else:
    print("An error occurred:")
    returnedData = json.loads(response.text)
    print("Error code: " + returnedData["code"])
    print("Error message: " + returnedData["message"])

9.1.3 PowerShell

Copy

# Set the server
$server = "myserver.example.com"

# Get the access token
$token = "<YOUR TOKEN>"

# Create the payload for the API call containing the certificate data.
# This example imports an X.509 certificate in Base64.
$certData = "{'createUser': true, 'x509': '<X509 BASE64>', 'certPolicyId': '<CERT POLICY>'}"

# Set up the call for the API
$authHeader = @{
    'Content-Type'='application/json'
    'Authorization'="Bearer $token"
    'x-api-version'= '1'
 }
$URI = 'https://' + $server + '/rest.core/api/Certificates/import'
$reassignRequest  = @{
    Headers =  $authHeader
    Uri = $URI
    Method = "POST"
    Body = $certData
}

# Display the response
try {
    $result = Invoke-WebRequest @reassignRequest | ConvertFrom-Json
    Write-Host $result
}
catch {
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host "An error occurred:"
    Write-Host "Error code:" $responseBody.code
    Write-Host "Error message:" $responseBody.message
}