Sub Certificate Authority PAdES Webtechnika
How to get access to CA
1. Get Access Token to Sub-CA PAdES
The Authorized Entity must send a POST request to the endpoint below to register and receive access to Sub-CA PAdES.
Endpoint
Body:
{
"common_name": "Authorized Entity name",
"country_name": "PL",
"email": "test@test.pl"
}
2. Download Access Token
Once your request is granted, you will receive an email with the URL to download the Access Token.
The download link expires after 24h or after the first use.
3. Use Access Token
Access Token should be added to the Request Header
"Authorization: Access-Token-to-CA-PAdES"
How to get Certificate for PAdES LTA
1. Register End Entity
Send a POST request to the registration endpoint of the given End Entity to receive the Secret Token of the given End Entity
Endpoint
Header:
"Authorization: Access-Token-to-CA-PAdES"
Body:
{
"email": "jk@example.pl",
"common_name": "Jan Kowalski",
"country_name": "PL",
"state_or_province_name": "warmińsko-mazurskie",
"locality_name": "Olsztyn"
}
You will receive a Secret Token
{
"secret_token": "Secret-Token"
}
2. Send End Entity's CSR
End Entity sends CSR to endpoint (POST):
Header:
"Authorization: Access-Token-to-CA-PAdES"
Body:
{
"secret_token": "End-Entity's-Secret-Token",
"csr": "-----BEGIN CERTIFICATE REQUEST-----M..."
}
CSR must be in PEM format
CSR Requirements – PAdES Profile:
Basic Constraints
- CA: Must be set to false
- Path Length: Not applicable (should be None)
Key Usage
The following key usages must be set:
- digitalSignature: true
- nonRepudiation / contentCommitment: true
The following key usages must not be set (i.e., must be false or omitted):
- Key Cert Sign
- CRL Sign
- Key Encipherment
- Data Encipherment
- Key Agreement
- Key Agreement
- Encipher Only
- Decipher Only
Subject DN Fields
The CSR must include the following Subject Distinguished Name (DN) fields (OIDs):
- commonName (2.5.4.3)
- countryName (2.5.4.6)
- stateOrProvinceName (2.5.4.8)
- localityName (2.5.4.7)
- emailAddress (1.2.840.113549.1.9.1)
Fields must be compatible with End Entity data
Extended Key Usage
- Not required (can be omitted)
Subject Alternative Name (SAN)
- The CSR must not require the presence of a Subject Alternative Name extension
3. Receive Certificate
If everything is in order, you will receive an End Entity Certificate in the form of a PEM in Respond
End Entity certificate is valid for 5 years
Certificate
Certificate
PEM fileCreated: May 21, 2025, 1:15 a.m.
Expire: May 20, 2030, 1:15 a.m.
Click to downloadCertificates Chain
PEM fileCreated: May 21, 2025, 1:15 a.m.
Expire: May 20, 2030, 1:15 a.m.
Click to downloadCertificates Archive
Certificate
PEM fileCreated: May 20, 2025, 5:19 p.m.
Expire: May 19, 2030, 5:19 p.m.
Click to downloadCertificates Chain
PEM fileCreated: May 20, 2025, 5:19 p.m.
Expire: May 19, 2030, 5:19 p.m.
Click to downloadCRL Distribution Point
https://cert.rumia.city/ca-pades/crl/sub-ca-pades.crl
Certificate Revocation List Archive
Certificate Revocation List [Latest]
PEM fileCreated: Dec. 30, 2025, 1:05 a.m.
Expire: Jan. 29, 2026, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: Dec. 10, 2025, 1:05 a.m.
Expire: Jan. 9, 2026, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: Nov. 20, 2025, 1:05 a.m.
Expire: Dec. 20, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: Oct. 31, 2025, 1:05 a.m.
Expire: Nov. 30, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: Oct. 11, 2025, 1:05 a.m.
Expire: Nov. 10, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: Sept. 21, 2025, 1:05 a.m.
Expire: Oct. 21, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: Sept. 1, 2025, 1:05 a.m.
Expire: Oct. 1, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: Aug. 12, 2025, 1:05 a.m.
Expire: Sept. 11, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: July 23, 2025, 1:05 a.m.
Expire: Aug. 22, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: July 3, 2025, 1:05 a.m.
Expire: Aug. 2, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: June 13, 2025, 1:05 a.m.
Expire: July 13, 2025, 1:05 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: May 23, 2025, 6:36 a.m.
Expire: June 22, 2025, 6:36 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: May 21, 2025, 1:15 a.m.
Expire: June 20, 2025, 1:15 a.m.
Click to downloadCertificate Revocation List
PEM fileCreated: May 20, 2025, 5:19 p.m.
Expire: June 19, 2025, 5:19 p.m.
Click to download