digicert

If the Reseller is selling Digital Certificates

Enroll

Description

Enrolls for the Certificate for the specified Order Id.

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key or auth-password String Required Authentication Parameter
order-id Integer Required The Order Id for which you want to enroll for a Certificate.
attr-name Map[name] Required

Mapping key of the enrollment details. Refer the description of attr-value.

Following is the list of the expected Atrribute Names:

  • org_name: Organisation Name

  • org_street1: Organization address

  • org_city: Organization city

  • org_state: Organization state

  • org_postalcode: Organization Postal code

  • org_country: Organization two letter ISO-3166 country identifier i.e. country code. (eg. US for United States, IN for India)

  • org_phone: Organization contact Phone number including international country code. (eg. 001 415 12345678)

  • org_fax: Organization contact Fax number including international country code. (eg. 001 415 12345678)

  • admin_firstname: First name of the Admin contact person

  • admin_lastname: Last name of the Admin contact person

  • admin_jobtitle: Admin contact job title

  • admin_telephone: Admin contact telephone number including international country code. (eg 001 415 12345678)

  • admin_email: Admin Contact email address

  • tech_firstname: First name of the technical contact person

  • tech_lastname: Last name of the technical contact person

  • tech_jobtitle: Technical contact job title

  • tech_telephone: Technical contact telephone number including international country code. (eg 001 415 12345678)

  • tech_email: Technical Contact email address

  • approveremail: The approverEmail value (e.g. ssladmin@domainname.com).

    Valid approverEmail values are:

  • software: Web Server software identifier for which the certificate is purchased.
    Valid Web Server software identifiers are:

    • IIS

    • Other

  • csrString: Base64 encoded CSR string complete with the begin and end markers.

    Example:


    -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIBwzCCASwCAQAwgYIxCzAJBgNVBAYTAklOMRQwEgYDVQQIEwtNYWhhcmFzaHRyYTEPMA0GA1UE
    BxMGTXVtYmFpMRcwFQYDVQQKEw5NYWhlc2ggUHZ0IEx0ZDEYMBYGA1UECxMPUHJpdmF0ZSBDb21w
    YW55MRkwFwYDVQQDExB2ZXJpZW5yb2xsMDEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
    gQCMSw8CmFebNAiyvwG7HJ/bGBqgqZvkNpzQtmtd79id+LcAXbCx5+TDdoTeGhQ33dUC2c2g5dxx
    N2hqRlR1H+vFR/FeYXC41abfPm5jS3OTQ4J1H/HM6lm4MVVEIQLwjzUxPtsUML5QtBjkolob2VB7
    8A9QdDvSEkS+COaMXRSUqQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEACCpjqsN2ZRjGtPTWp1G+
    jHTrgAamxSDrHAddw9mi1IDk1N3ZXgp5gHBZ4L5av+4E6GUhTE5FCLylNxojxMjHnssALFjabqed
    ufJIj0ay8YSS6fBhXQeVE4oGP96djeheLLigCEAufzWjprr6oA6YRXmwAAdokmpkjyxwrtlNV0I=
    -----END NEW CERTIFICATE REQUEST-----

attr-value Map[value] Required

Mapping value of of the enrollment details. This together with attr-name shall contain of the enrollment details.

Example:

attr-name1=org_name&attr-value1=The organisation Name&attr-name2=org_street1&attr-value2=Organization address

HTTP Method

POST

Example Test URL Request


https://test.httpapi.com/api/digitalcertificate/enroll-for-thawtecertificate.xml?auth-userid=0&api-key=key&order-id=0&attr-name1=org_name&attr-value1=name&attr-name2=org_street1&attr-value2=Organizationaddress

Response

Returns a map of the result of the enrollment action.

Add

Note

The Digital Certificate calls are deprecated. You need to use calls available at SSL Certificates for new orders

Description

Places a Digital Certificate Order for the specified domain name.

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key or auth-password String Required Authentication Parameter
domain-name String Required The domain name for which the Order is placed.
customer-id Integer Required The customer under whom the Orders should be added.
years Integer Required The number of years for which the Order is placed.
additional-licenses Integer Required The number of Additional Licenses for the Order.
cert-key String Required Specifies the type of Digital Certificate. Values can be:
  • sgc

  • ssl

  • fssl

  • wild

invoice-option String Required This parameter will decide how the Customer Invoices will be handled. Values can be:
  • NoInvoice

  • PayInvoice

  • KeepInvoice

  • OnlyAdd

HTTP Method

POST

Example Test URL Request

https://test.httpapi.com/api/digitalcertificate/add.xml?auth-userid=0&api-key=key&domain-name=domainname&customer-id=0&years=0&additional-licenses=0&cert-key=wild&invoice-option=NoInvoice

Response

Returns a map with the result of Order addition.

Generate a Private Key and Certificate Signature Request (CSR) from your Web Server

Note

Prior to enrolling/reissuing/renewing a Certificate, you must generate a minimum of 2048-bit Private Key and CSR pair from your web server.

Digital IDs make use of a technology called Public Key Cryptography, which uses Public and Private Key files.

The Public Key, also known as a Certificate Signature Request (CSR), is the key that will be sent to thawte. The Public Key is generated on your server and
validates the computer-specific information about your web server and Organization when you request a Certificate from thawte.

The Private Key will remain on the server and should never be released into the public. thawte does not have access to your Private Key. It is generated locally on your server
and is never transmitted to thawte. The integrity of your Digital ID depends on your Private Key being controlled exclusively by you.

A CSR can not be generated without generating a Private Key file. Similarly the Private Key file can not be generated without generating a CSR file. In certain web server software
platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.

Typically, you will be prompted to enter the following information about your Organization in order to generate the Private Key and CSR (Public Key) pair from the web server:

  • Organization Name

  • Organizational unit: This maybe either a Sole Proprietorship, Trading As, University Department, University Administration, Government Department,
    Doing Business As, University Faculty, Public (Listed) Company, Private (Unlisted) Company, Registered Non Profit Organization, Non-Government Organization, Interest Group,
    Registered Charity.

  • Country Code

  • State or Province

  • Locality

  • Common Name: This is the name that distinguishes the Certificate best, and ties it to your Organization. Here you need to
    enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your Organization.

    Example:

    • If you wish to secure www.yourdomain.com, then you need to enter www.yourdomain.com as the Common Name. If you just enter yourdomain.com as
      the Common Name (without the host www), then the Certificate will only get issued to yourdomain.com. Similarly, if you need to secure pay.yourdomain.com, then you
      need to mention the Common Name as pay.yourdomain.com.

    • If you are buying a Wildcard Server Certificate for securing all sub-domains of your domain name yourdomain.com, then you need to enter the
      Common Name as *.yourdomain.com; otherwise you will get an error while submitting your CSR.

You need to get in touch with your Web Hosting provider and request them to generate a CSR for your business after supplying them the above mentioned
information. If you have bought Web Hosting for this domain name with , then you may generate a CSR
yourself from your own Control Panel.

Attention
  • While generating a Certificate Signature Request (CSR) for a domain name hosted on a Windows server, you need to set a Password that contains only alphanumeric characters.
    If non alphanumeric characters are included, you will encounter the below error message while enrolling/reissuing/renewing your Digital certificate:

    CSR contains unsupported extensions

  • You need to use a valid 2-letter country code while generating a Certificate Signature Request (CSR).

    Additional Information

    List of
    valid Country Codes

    Otherwise, you will encounter the below error message while enrolling/reissuing/renewing your Digital certificate:

    CSR contains an invalid 2-letter country code

    This message is also encountered if your generate a Certificate Signature Request (CSR) on an IIS Server, using the Renew Certificate option. Hence, this option is not
    to be selected while generating the CSR.

Digital Certificates (Deprecated)

Note

The Digital Certificate calls are deprecated. You need to use calls available at SSL Certificates for new orders

Add

Places a Digital Certificate Order for the specified domain name.

Details

Gets digital certificate order details depending upon various option values.

Delete

Deletes the specified order.

Cancel

Cancels the specified order.

Check Status

Checks certificate status for the Certificate Order Number which is associated with the specified orderid.

Get OrderID

Returns digital certificate orderid which is associated with the domain name.

Enroll For Thawte Certificate

Enrolls for the certificate for specified orderid.

Reissue

Reissues an existing Digital Certificate.

Renew

Renews an existing Digital Certificate.

Digital Certificate Setup Guide

As a Reseller, you need to take the following steps in order to start selling Digital Certificate Product to your Customers and Sub-Resellers.

  • Signup for the Digital Certificate Product. See details

  • Set your Selling Price for the Digital Certificate Product for your Customers and Sub-Resellers. See details

  • Understanding Tax and how you may use the Tax Engine to collect it from your Customers and Sub-Resellers. See details

Suspending, UnSuspending, Deleting a Digital Certificate

Note

The Suspend/Unsuspend feature is only available to Resellers.

Suspending / Unsuspending your Digital Certificate

Note
  • If you Suspend an unissued Digital Certificate, then the process of issuing that particular Digital Certificate halts until the Certificate is Unsuspended.

  • If you Suspend an issued Digital Certificate and your Customer has already installed that Certificate on his/her Web Server, then Suspending the Certificate would not hamper the
    working of this Digital Certificate. However, your Customer will not be able to manage his Certificate from his Control Panel until this Suspension is removed.

To Suspend / Unsuspend your Digital Certificate

  1. Login to your Control Panel. See details

  2. Search for the Digital Certificate and proceed to the Order Information
    view. See details

  3. Click the Suspend/Unsuspend link.

  4. Here,

    • To Suspend: Select the checkbox and enter the Reason for Suspension.

    • To Unsuspend: Deselect this checkbox.

  5. Click the Update button.