7 Certificate Management Overview ToC Previous Next

7.6 Information Model for Pull Certificate Management ToC Previous Next

7.6.5 FinishRequest ToC Previous Next

FinishRequest is used to finish a certificate request started with a call to StartNewKeyPairRequest or StartSigningRequest.


FinishRequest (
[in]  NodeId applicationId
[in]  NodeId requestId
[out] ByteString certificate
[out] ByteString privateKey
[out] ByteString[] issuerCertificates

Argument Description
applicationId The identifier assigned to the Application Instance by the GDS.
requestId The NodeId returned by StartNewKeyPairRequest or StartSigningRequest.
certificate The DER encoded Certificate.
privateKey The private key encoded in the format requested.
If a password was supplied the blob is protected with it.
This field is null if no private key was requested.
issuerCertificates The Certificates required to validate the new Certificate.

This call is passes the NodeId returned by a previous call to StartNewKeyPairRequest or StartSigningRequest.

It is expected that a Client will periodically call this Method until the GDS has approved the request.

This Method can be invoked by a configuration tool which has provided user credentials with necessary access permissions. It can also be invoked by the Application that owns the Certificate (e.g. the private key used to create the channel shall be the same as the private key used to sign the request passed to StartSigningRequest).

The Method shall only be called via a SecureChannel with encryption enabled.

If auditing is supported, the GDS shall generate the CertificateDeliveredAuditEventType (see 7.6.10) if this Method succeeds or if it fails with anything but Bad_NothingToDo.

Method Result Codes (defined in Call Service)

Result Code Description
Bad_NotFound The applicationId does not refer to a registered Application.
Bad_InvalidArgument The requestId is does not reference to a valid request for the Application.
Bad_NothingToDo There is nothing to do because request has not yet completed.
Bad_UserAccessDenied The current user does not have the rights required.
Bad_RequestNotAllowed The CertificateManager rejected the request.
The text associated with the error should indicate the exact reason.

Table 33 specifies the AddressSpace representation for the FinishRequest Method.

Table 33 – FinishRequest Method AddressSpace Definition

Attribute Value
BrowseName FinishRequest
References NodeClass BrowseName DataType TypeDefinition ModellingRule
HasProperty Variable InputArguments Argument[] PropertyType Mandatory
HasProperty Variable OutputArguments Argument[] PropertyType Mandatory

Previous Next