WEM Certificates

DigiCert Certificates 

Requesting a DigiCert certificate

To access the AEMO APIs using APIM, you will need a DigiCert certificate, which is provided by AEMO. 

The process for requesting a DigiCert certificate is as follows:

Market Participant

Ask your IT department to generate a CSR for your request (ask them to include the details in the Contents of CSR section below)

Email your MPA with your request and attach the CSR from your IT department 

Market Participant Administrator

Email a New DigiCert Certificate Request to wa.operations@aemo.com.au and attach the CSR 


Check that the CSR contains valid user information ​​​​​​​

After validation, create the DigiCert (Target turnaround 3 business days but may take up to 5 business days, subject to load)

Email the link containing the DigiCert to the MPA  

Market participant

Forward the link to the MP 

Market Participant Administrator

Open the link and generate a pfx file according to your organisation’s procedures 

Creating a CSR file

There are multiple ways to create a CSR, depending on your technology stack. To guide you through this step, we have prepared a short video highlighting:

  1. Instructions on the DigiCert website on how to create a CSR by platform or operating system 

  2. A walkthrough of this process

Click here to view the short video.  

Contents of CSR file

The CSR file to be sent to AEMO must follow the standards below:

  • Do not set the challenge password in the CSR.​

  • The CN (Common Name) in the request should be of the format [username]-[participantId], using ASCII code 45 (also known as hyphen-minus).​

    • We had to make this is different to the CN in the MPI Portal as DigiCert does not accept the @ character in the CN. Learn more: here 

  • The CN is the key to authentication – make sure that it is exactly the same as shown above.​

  • DigiCert certificates:

    • Are valid for three years

    • Have a 2048 bit RSA public key

    • Use the SHA-2 algorithm.

The following is an example of a CSR file. The file will include the lines BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST.