ACME Finalize Order REST API - dogtagpki/pki GitHub Wiki

Overview

This operation finalizes an ACME order as defined in RFC 8555 Section 7.4.

The client begins the certificate issuance process by sending a POST request to the server’s newOrder resource. The body of the POST is a JWS object whose JSON payload is a subset of the order object defined in Section 7.1.3, containing the fields that describe the certificate to be issued.

Request

POST /acme/order/TOlocE8rfgo/finalize HTTP/1.1
Host: example.com
Content-Type: application/jose+json

{
    "protected": base64url({
        "alg": "ES256",
        "kid": "https://example.com/acme/acct/evOfKhNU60wg",
        "nonce": "MSF2j2nawWHPxxkE3ZJtKQ",
        "url": "https://example.com/acme/order/TOlocE8rfgo/finalize"
    }),
    "payload": base64url({
        "csr": "MIIBPTCBxAIBADBFMQ...FS6aKdZeGsysoCo4H9P",
    }),
    "signature": "uOrUfIIk5RyQ...nw62Ay1cl6AB"
}

Response

HTTP/1.1 200 OK
Replay-Nonce: CGf81JWBsq8QyIgPCi9Q9X
Link: <https://example.com/acme/directory>;rel="index"
Location: https://example.com/acme/order/TOlocE8rfgo

{
    "status": "valid",
    "expires": "2016-01-20T14:09:07.99Z",

    "notBefore": "2016-01-01T00:00:00Z",
    "notAfter": "2016-01-08T00:00:00Z",

    "identifiers": [
        { "type": "dns", "value": "www.example.org" },
        { "type": "dns", "value": "example.org" }
    ],

    "authorizations": [
        "https://example.com/acme/authz/PAniVnsZcis",
        "https://example.com/acme/authz/r4HqLzrSrpI"
    ],

    "finalize": "https://example.com/acme/order/TOlocE8rfgo/finalize",

    "certificate": "https://example.com/acme/cert/mAt3xBGaobw"
}
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️