WEM Certificates
DigiCert Certificates
Requesting a DigiCert certificate
To access the AEMO APIs using APIM, you will need a DigiCert certificate, which is provided by AEMO.
The process for requesting a DigiCert certificate is as follows:
Market Participant
Ask your IT department to generate a CSR for your request (ask them to include the details in the Contents of CSR section below)
Email your MPA with your request and attach the CSR from your IT department
Market Participant Administrator
Email a New DigiCert Certificate Request to wa.operations@aemo.com.au and attach the CSR
AEMO
Check that the CSR contains valid user information
After validation, create the DigiCert (Target turnaround 3 business days but may take up to 5 business days, subject to load)
Email the link containing the DigiCert to the MPA
Market participant
Forward the link to the MP
Market Participant Administrator
Open the link and generate a pfx file according to your organisation’s procedures
Creating a CSR file
There are multiple ways to create a CSR, depending on your technology stack. To guide you through this step, we have prepared a short video highlighting:
Instructions on the DigiCert website on how to create a CSR by platform or operating system
A walkthrough of this process
Click here to view the short video.
Contents of CSR file
The CSR file to be sent to AEMO must follow the standards below:
Do not set the challenge password in the CSR.
The CN (Common Name) in the request should be of the format [username]-[participantId], using ASCII code 45 (also known as hyphen-minus).
We had to make this is different to the CN in the MPI Portal as DigiCert does not accept the @ character in the CN. Learn more: here
The CN is the key to authentication – make sure that it is exactly the same as shown above.
DigiCert certificates:
Are valid for three years
Have a 2048 bit RSA public key
Use the SHA-2 algorithm.
The following is an example of a CSR file. The file will include the lines BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST.
