OpenAPI - Certificates

Send a certificate created on KSC

This is a programmatic way to do Create Certificate -> Mail or VPN certificate (placed in User Certificate Store) -> Self-Signed Certificate from KSC. The certificate is generated on the KSC and send to a user and his device - to the device, where the specific user is the owner. User is chosen by his unique ID, ul_binId parameter. See List Users page for details on how to get unique user IDs.

userID = 'YbTpoXJ4XkSxzy5hcXm75w=='

url = ksc_server + "/api/v1.0/MdmCertCtrlApi.SetCertificateAsync2"
# "NSDomain" - Domain Auth 
# "CPKES" - certificate for OS Android
# "CTMail" - Mail certificate type
# "ul_binId" - paramBinary complex data with base64-encoded unique user ID

data = {'pAuthType':{'NSDomain': True},'pCertificate':{'CPKES':True, 'CTMail':True}, "pRecipient":{"ul_binId":{"type":"binary","value":userID}}}

response =, headers=common_headers, data=json.dumps(data), verify=False)
wstrIteratorId = json.loads(response.text)


This is a complex data type with base64 encoded string data. Example:

import base64
paramBinary = {"type": "binary", "value": "c29tZXRleHQ="}
print(base64.b64decode("c29tZXRleHQ=")) # b'sometext'

This paramBinary type is used for transferring certificate PEM data, certificate password data etc. Note: although PFX container is supported in documentation, using it raises “cannot be JSON serialised” errors.