diff --git a/app/controllers/repp/v1/certificates_controller.rb b/app/controllers/repp/v1/certificates_controller.rb
new file mode 100644
index 000000000..290182d55
--- /dev/null
+++ b/app/controllers/repp/v1/certificates_controller.rb
@@ -0,0 +1,51 @@
+module Repp
+ module V1
+ class CertificatesController < BaseController
+ THROTTLED_ACTIONS = %i[create].freeze
+ include Shunter::Integration::Throttle
+
+ api :POST, '/repp/v1/certificates'
+ desc 'Submit a new api user certificate signing request'
+ def create
+ authorize! :create, Certificate
+ @api_user = current_user.registrar.api_users.find(cert_params[:api_user_id])
+
+ csr = decode_cert_params(cert_params[:csr])
+
+ @certificate = @api_user.certificates.build(csr: csr)
+ unless @certificate.save
+ handle_non_epp_errors(@certificate)
+ return
+ end
+
+ notify_admins
+ render_success(data: { api_user: { id: @api_user.id } })
+ end
+
+ private
+
+ def cert_params
+ params.require(:certificate).permit(:api_user_id, csr: %i[body type])
+ end
+
+ def decode_cert_params(csr_params)
+ return if csr_params.blank?
+
+ Base64.decode64(csr_params[:body])
+ end
+
+ def notify_admins
+ admin_users_emails = User.all.select { |u| u.roles.include? 'admin' }.pluck(:email)
+
+ return if admin_users_emails.empty?
+
+ admin_users_emails.each do |email|
+ CertificateMailer.new_certificate_signing_request(email: email,
+ api_user: @api_user,
+ csr: @certificate)
+ .deliver_now
+ end
+ end
+ end
+ end
+end
diff --git a/app/mailers/certificate_mailer.rb b/app/mailers/certificate_mailer.rb
new file mode 100644
index 000000000..ad5622352
--- /dev/null
+++ b/app/mailers/certificate_mailer.rb
@@ -0,0 +1,8 @@
+class CertificateMailer < ApplicationMailer
+ def new_certificate_signing_request(email:, api_user:, csr:)
+ @certificate = csr
+ @api_user = api_user
+ subject = 'New Certificate Signing Request Received'
+ mail(to: email, subject: subject)
+ end
+end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index d7b2496f2..8ccb0d18f 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -30,6 +30,7 @@ class Ability
billing
can :manage, ApiUser
can :manage, WhiteIp
+ can :create, Certificate
end
def epp # Registrar/api_user dynamic role
diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index 085b4deff..e5214fdc8 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -36,6 +36,8 @@ class Certificate < ApplicationRecord
validate :assign_metadata, on: :create
def assign_metadata
+ return if errors.any?
+
origin = crt ? parsed_crt : parsed_csr
parse_metadata(origin)
rescue NoMethodError
diff --git a/app/views/mailers/certificate_mailer/new_certificate_signing_request.html.erb b/app/views/mailers/certificate_mailer/new_certificate_signing_request.html.erb
new file mode 100644
index 000000000..9661fe030
--- /dev/null
+++ b/app/views/mailers/certificate_mailer/new_certificate_signing_request.html.erb
@@ -0,0 +1,11 @@
+New certificate signing request (CSR) has been received. Please review the details below:
+
+ CSR Details:
+
+ - Subject: <%= link_to(@certificate.parsed_csr.try(:subject),
+ admin_api_user_certificate_url(@api_user, @certificate)) %>
+ - Requested By: <%= @certificate.creator_str %>
+ - Requested Date: <%= l(@certificate.created_at) %>
+
+
+ Please take the necessary steps to process the certificate signing request.
diff --git a/app/views/mailers/certificate_mailer/new_certificate_signing_request.text.erb b/app/views/mailers/certificate_mailer/new_certificate_signing_request.text.erb
new file mode 100644
index 000000000..f16d441a9
--- /dev/null
+++ b/app/views/mailers/certificate_mailer/new_certificate_signing_request.text.erb
@@ -0,0 +1,10 @@
+New certificate signing request (CSR) has been received. Please review the details below:
+
+CSR Details:
+
+Subject: <%= link_to(@certificate.parsed_csr.try(:subject),
+ admin_api_user_certificate_url(@api_user, @certificate)) %>
+Requested By: <%= @certificate.creator_str %>
+Requested Date: <%= l(@certificate.created_at) %>
+
+Please take the necessary steps to process the certificate signing request.
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 32028d33b..34144d6ad 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -110,6 +110,7 @@ Rails.application.routes.draw do
end
resources :api_users, only: %i[index show update create destroy]
resources :white_ips, only: %i[index show update create destroy]
+ resources :certificates, only: %i[create]
namespace :registrar do
resources :notifications, only: %i[index show update] do
collection do