• Documentation
  • Renew Certificate

Renew Certificate

Update a certificate and bind the updated one with the device.

Operation Permissions

Required Authorization

Required Operation Permission

Device Management

Full Access

Request Format

POST http://{apigw-address}/connect-service/v2.0/certificates?action=renew

Request Parameters (URI)

Note

One of the following options must be used in a request to specify a device

  • assetId

  • productKey + deviceKey

Request Parameters (URI)

Name

Location (Path/Query)

Required or Not

Data Type

Description

orgId

Query

True

String

Organization ID which the asset belongs to. How to get Organization ID>>

assetId

Query

false

String

Asset ID of the device

productKey

Query

false

String

Product key of the device

deviceKey

Query

false

String

Device key of the device

certSn

Query

True

int

The number of the certificate to be updated

validDay

Query

False

int

The validity period of the certificate in days. If this parameter is not included in the request. It will be inferred that you specified the default value, 730. Certain rules as follows apply to this parameter.

Rules for the Validity Period of a Certificate

To validDay in a request, the following rules apply:

  • If the specified or default value (730) is less than the maximum validity period of the product that this device belongs to, the specified value or the default value shall be applied.

  • If the specified or default value (730) is greater than the maximum validity period of the product that this device belongs to, an error message is prompted and the application fails.

  • If the specified is greater than the default value, less than the maximum validity period of the product that this device belongs to, but exceeds the remaining CA root certificate validity, the CA root certificate validity period shall be applied.

Request Parameters (Body)

Request Parameters (Body)

Name

Required or Not

Data Type

Description

csr

False

String

CSR file (Certificate Signing Request) in the Privacy-Enhanced Mail (PEM) format. If this parameter is not included in the request, a certificate will be generated based on previous request data.

Response Parameters

Response Parameters (Body)

Name

Data Type

Description

data

DeviceCertRenewResultInfo object

Certificate binding information. See the table below for its structure.

DeviceCertRenewResultInfo Object

deviceCertApplyResultInfo Object

Name

Data Type

Description

certChainURL

String

CA root certificate URL

cert

String

The content of the certificate obtained

certSn

String

Certificate number

caCert

String

CA root certificate

Sample

Java SDK Sample

package com.envisioniot.enos.api.sample.connect_service.cert;

import com.envision.apim.poseidon.config.PConfig;
import com.envision.apim.poseidon.core.Poseidon;
import com.envisioniot.enos.connect_service.v2_1.cert.RenewCertificateRequest;
import com.envisioniot.enos.connect_service.v2_1.cert.RenewCertificateResponse;
import com.envisioniot.enos.connect_service.vo.DeviceIdentifier;

public class RenewCert {

    public static void main(String[] args) {
        String appKey = "e36cc693-3a07-456e6cafcbc2-9314-4ff6";
        String appSecret = "6cafcbc2-9314-4ff6-9450-861d4344a431";
        String serverUrl = "http://apim-apigw-proxy.alpha-k8s-cn4.eniot.io";

        String orgId = "o15444172373271";

        String newCert = "-----BEGIN NEW CERTIFICATE REQUEST-----\n" +
                "MIICwTCCAakCAQAwfDELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREw\n" +
                "DwYDVQQHDAhTaGFuZ2hhaTENMAsGA1UECgwERW5PUzERMA8GA1UEAwwITVJtSXl6\n" +
                "UFcxDTALBgNVBAsMBEVuT1MxFjAUBgkqhkiG9w0BCQEWBzREbmIxVDEwggEiMA0G\n" +
                "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+dU5jLAu7Kb88hONou6PycTnv9+3/\n" +
                "FFPaHm5I8vPfhh0QL6TcunKpm97Dyds1yHgMCqVT+gWgO4MHFz8TiIb9JKRjHn/6\n" +
                "kFea1ccZU9nYGuv+yMGqa340NjN/vP+XpjXm6Xkqw7ujehhNoBuKJZh6+uXlf2yw\n" +
                "1gTP9vWJTc7cuiky2jgKl6/47iKEmIMT1xpHVDp16LWX08/aamJESPJ171RFFxf/\n" +
                "6z2taiK/z7McXFRHk+SdYGN0iTNZQqoFKi3S9S8FvkLBQF8gHOytZdpnSz6SZwW0\n" +
                "DJUv8VGFWQYOVU67BzVR59s0CVM9IdAHntjXm2t3BF0A9kKZa6VDzHpxAgMBAAGg\n" +
                "ADANBgkqhkiG9w0BAQsFAAOCAQEASGPYV0t4zPT3XA42SKqNzNEiYvB550/6Vh1y\n" +
                "mxD+mQXeyvkZn5OcxtuzrgD7aBVRcT/j+tK4XP8s+ODYiM+VSrqLs+a5ZGmOhHHf\n" +
                "36MdmAK8I/dNyHZBiTf+GI5ibul2vaSpYYUwarzMu0azT6+d2qiUl7TqVVIGo4+P\n" +
                "PSRp+V+9e4RJ/TKUjAToBazz154tXU5psVmQ1Ac9oF7Y/9AvGTtusLUDHCu3T45J\n" +
                "QiwAUsMkSla5HCZEftNV8uC+BR6GktfFGLv3Gx+havoBsi82OPDUbBBtKgbiIQyq\n" +
                "bslaLc4GkDZTZPz4st7/ChYOZVJNxz2CAx1JU4VAfjonqChzbw==\n" +
                "-----END NEW CERTIFICATE REQUEST-----";
        Integer certSn = 2667;
        RenewCertificateRequest request = new RenewCertificateRequest();
        request.setCertSn(certSn);
        request.setCsr(newCert);
        request.setValidDay(220);
        DeviceIdentifier identifier = new DeviceIdentifier();
        identifier.setProductKey("ymcDiAHd");
        identifier.setAssetId("KloXinjW");
        identifier.setDeviceKey("TT6MyEFaO7");
        request.setDevice(identifier);
        request.setOrgId(orgId);
        RenewCertificateResponse certRsp = Poseidon.config(PConfig.init().appKey(appKey).appSecret(appSecret).debug())
                .url(serverUrl)
                .getResponse(request, RenewCertificateResponse.class);
        System.out.println(certRsp.getData());
    }
}

Error Code

Error Code

Error Code

Type

Description

99400

  • The specified validity period exceeds the maximum certificate validity period of the product to which this device belongs.

  • Exceeded the remaining valid days of the CA root certificate! The valid day cannot be greater than x day!

  • Error info:message: (message content), detail message: (detailed message content)

  • The old certificate serial number is a mandatory field

  • The serial number of the incoming old certificate is illegal (less than 0)

  • The certificate list bound to the device does not have the certificate, or the certificate is bound to other devices.

  • The old certificate has been revoked and cannot be updated.

  • The old certificate has been expired and cannot be updated.

  • The product to which the device belongs is not a product that supports BiDirectionalAuth.

  • device identifier is invalid

  • orgId is null

  • The validity period specified is longer than the maximum validity period of the product that this device belongs to

  • he validity period specified is longer than the remaining CA root certificate’s validity period. The validity period cannot exceed x days. (x representing the remaining CA root certificate validity period.)

  • Parameter error. Detailed cause will be given in message or detailed message .

  • The number of the original certificate is required.

  • The certificate number in the request is invalid (less than 0).

  • The device has no certificate bound or the certificate has been bound to another device.

  • The original certificate has been revoked, or cannot be updated or revoked.

  • The original certificate has expired, or cannot be updated or revoked.

  • The product that the device belongs to does not support bi-directional authorization

  • Either assetId or productKey + deviceKey is not included in the request.

  • orgId is not included in the request

11404

device can not be found

No device can be found by either assetId or productKey + deviceKey .

11833

certificate already bind to another device

The certificate has been bound to another device.

99500

  • hub service internal error!

  • certificate service err info:code: x, message: y, detail message: z

  • certificate service internal error!

  • product service internal error!

  • Internal error

  • Internal CA service error. Detailed causes are given in message or detail message .

  • Internal certificate error

  • Internal product service error