FinishRequest is used to finish a certificate request started with a call to StartNewKeyPairRequest or StartSigningRequest.
FinishRequest ( [in] NodeId applicationId [in] NodeId requestId [out] ByteString certificate [out] ByteString privateKey [out] ByteString issuerCertificates );
|applicationId||The identifier assigned to the Application Instance by the GDS.|
|requestId||The NodeId returned by StartNewKeyPairRequest or StartSigningRequest.|
|certificate||The DER encoded Certificate.|
|privateKey||The private key encoded in the format requested.
If a password was supplied the blob is protected with it.
This field is null if no private key was requested.
|issuerCertificates||The Certificates required to validate the new Certificate.|
This call is passes the NodeId returned by a previous call to StartNewKeyPairRequest or StartSigningRequest.
It is expected that a Client will periodically call this Method until the GDS has approved the request.
This Method can be invoked by a configuration tool which has provided user credentials with necessary access permissions. It can also be invoked by the Application that owns the Certificate (e.g. the private key used to create the channel shall be the same as the private key used to sign the request passed to StartSigningRequest).
The Method shall only be called via a SecureChannel with encryption enabled.
If auditing is supported, the GDS shall generate the CertificateDeliveredAuditEventType (see 7.6.10) if this Method succeeds or if it fails with anything but Bad_NothingToDo.
Method Result Codes (defined in Call Service)
|Bad_NotFound||The applicationId does not refer to a registered Application.|
|Bad_InvalidArgument||The requestId is does not reference to a valid request for the Application.|
|Bad_NothingToDo||There is nothing to do because request has not yet completed.|
|Bad_UserAccessDenied||The current user does not have the rights required.|
|Bad_RequestNotAllowed||The CertificateManager rejected the request.
The text associated with the error should indicate the exact reason.
Table 33 specifies the AddressSpace representation for the FinishRequest Method.
Table 33 – FinishRequest Method AddressSpace Definition