From HEXONET Wiki
(Created page with "{{Sidebar}} <div style="font-size: 150%;">'''New SSL API - CSR creation'''</div><br/> <p> = Why create a CSR? = A CSR is required whenever you order an SSL certificate. You...") |
m (WikiAdmin moved page New SSL API CSR Creation to Automatic SSL Certificate CSR Creation without leaving a redirect) |
||
(6 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
{{Sidebar}} | {{Sidebar}} | ||
− | <div style="font-size: 150%;">''' | + | <div style="font-size: 150%;">'''Automatic SSL Certificate CSR creation'''</div><br/> |
<p> | <p> | ||
− | = Why create a CSR? = | + | == Why create a CSR? == |
A CSR is required whenever you order an SSL certificate. You may create a CSR yourself and submit it in your order or leave this to us. | A CSR is required whenever you order an SSL certificate. You may create a CSR yourself and submit it in your order or leave this to us. | ||
− | = How does the automatic CSR creation work? = | + | == How does the automatic CSR creation work? == |
− | When you submit a ''CreateSSLCert'' command without providing a CSR (parameter CSR[0-N]), we will try to create the CSR for you. For this we require: | + | When you submit a ''CreateSSLCert'' command without providing a CSR (parameter ''CSR[0-N]''), we will try to create the CSR for you. For this we require: |
* private key | * private key | ||
* domain | * domain | ||
* contact information | * contact information | ||
− | + | <br> | |
− | + | '''Private key''' | |
− | + | <br> | |
− | Unless you provide your own private key (parameter PEM[0-N]), we will create a new private key for you and use it to create the CSR. Of course, you will be able to download the private key later as you will need it in order to use the certificate. | + | Unless you provide your own private key (parameter ''PEM[0-N]''), we will create a new private key for you and use it to create the CSR. Of course, you will be able to download the private key later as you will need it in order to use the certificate. |
− | + | <br> | |
− | + | <br> | |
− | + | '''Domain''' | |
− | The domain that is supposed to be the Common Name (CN) of the CSR needs to be provided (parameter DOMAIN0). If you provide further domains (DOMAIN1, DOMAIN2, ...), they will be placed into the Subject Alternative Name (SAN) extension of the CSR. | + | <br> |
− | + | The domain that is supposed to be the Common Name (CN) of the CSR needs to be provided (parameter ''DOMAIN0''). If you provide further domains (''DOMAIN1, DOMAIN2, ...''), they will be placed into the Subject Alternative Name (SAN) extension of the CSR. | |
− | + | <br> | |
− | + | <br> | |
+ | '''Contact information''' | ||
+ | <br> | ||
If available, we will put the following contact information into the CSR: | If available, we will put the following contact information into the CSR: | ||
* organization name | * organization name | ||
Line 32: | Line 34: | ||
* country | * country | ||
* email | * email | ||
+ | The data of ''OWNERCONTACT0'' will be used by default. If you want to put different contact information into the CSR, you may do so by using the parameter ''CSRCONTACT0''. | ||
+ | |||
+ | == CSR creation and certificate renewal == | ||
− | + | When you submit a ''RenewSSLCert'' command, you must explicitly specify that you want to have a new CSR created. This is done by using the following command parameters: | |
+ | * ''createcsr=1'': create a new CSR using the current private key, domain(s), contact information | ||
+ | * ''createprivatekey=1'': create a new CSR using a newly created private key and the current domain(s), contact information |
Latest revision as of 09:24, 6 November 2017
[edit] Why create a CSR?
A CSR is required whenever you order an SSL certificate. You may create a CSR yourself and submit it in your order or leave this to us.
[edit] How does the automatic CSR creation work?
When you submit a CreateSSLCert command without providing a CSR (parameter CSR[0-N]), we will try to create the CSR for you. For this we require:
- private key
- domain
- contact information
Private key
Unless you provide your own private key (parameter PEM[0-N]), we will create a new private key for you and use it to create the CSR. Of course, you will be able to download the private key later as you will need it in order to use the certificate.
Domain
The domain that is supposed to be the Common Name (CN) of the CSR needs to be provided (parameter DOMAIN0). If you provide further domains (DOMAIN1, DOMAIN2, ...), they will be placed into the Subject Alternative Name (SAN) extension of the CSR.
Contact information
If available, we will put the following contact information into the CSR:
- organization name
- street
- city
- state
- country
The data of OWNERCONTACT0 will be used by default. If you want to put different contact information into the CSR, you may do so by using the parameter CSRCONTACT0.
[edit] CSR creation and certificate renewal
When you submit a RenewSSLCert command, you must explicitly specify that you want to have a new CSR created. This is done by using the following command parameters:
- createcsr=1: create a new CSR using the current private key, domain(s), contact information
- createprivatekey=1: create a new CSR using a newly created private key and the current domain(s), contact information