Personal tools

From HEXONET Wiki

Jump to: navigation, search
 
(85 intermediate revisions by one user not shown)
Line 1: Line 1:
 
{{Sidebar}}
 
{{Sidebar}}
<div style="font-size: 150%;">'''New SSL API'''</div><br/>
+
<div style="font-size: 150%;">'''SSL API'''</div><br/>
 
<p>
 
<p>
  
  
== Why use the new SSL API? ==
+
== Features ==
  
With the new SSL API you can:
 
 
* Order SSL certificates without having to provide contact data - given the domain name, we will retrieve the required contact information from the WHOIS
 
* Order SSL certificates without having to provide contact data - given the domain name, we will retrieve the required contact information from the WHOIS
 
* Order SSL certificates without having to create a CSR first - we take care of this for you
 
* Order SSL certificates without having to create a CSR first - we take care of this for you
 
* Order SSL certificates using contact handles - just like in domain commands
 
* Order SSL certificates using contact handles - just like in domain commands
 
* Use advanced validation methods - instead of confirming emails, you can prove that you have control over a domain by a simple DNS or web content modification
 
* Use advanced validation methods - instead of confirming emails, you can prove that you have control over a domain by a simple DNS or web content modification
 +
* Have your SSL certificate orders validated automatically - using DNSZONE validation and HEXONET's DNS Services
  
  
== How to use the new SSL API? ==
+
== Using the SSL API ==
 
+
You can do that right away. Just use the new command parameters described below.
+
  
 
<br/><br/>
 
<br/><br/>
Line 21: Line 19:
 
= SSL certificates =
 
= SSL certificates =
  
{| | align="center" style="text-align:center; border-collapse: separate; border-spacing:0px 2px"
+
{| | align="center" style="border-collapse: separate; border-spacing:0px 2px"
 
!align="left" style="text-align:left"|SSL certificate
 
!align="left" style="text-align:left"|SSL certificate
 +
!Class
 
!Type*
 
!Type*
!align="center" style="text-align:center"|Multi-Domain
+
!Multi-Domain
 +
!DCV**
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|COMODO_ESSENTIALSSL
+
|align="left" style="text-align:left"|Comodo Essential SSL
 +
|COMODO_ESSENTIALSSL
 
|DV
 
|DV
|
+
|<nowiki>-</nowiki>
 +
|EMAIL,DNSZONE,URL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|COMODO_UCC
+
|align="left" style="text-align:left"|Comodo Essential SSL Wildcard
 +
|COMODO_ESSENTIALSSL_WILDCARD
 
|DV
 
|DV
|2-100 domains
+
|<nowiki>-</nowiki>
 +
|EMAIL,DNSZONE,URL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|COMODO_INSTANTSSL
+
|align="left" style="text-align:left"|Comodo EV SSL
|OV
+
|COMODO_SSL_EV
|
+
|EV
 +
|<nowiki>-</nowiki>
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|COMODO_INSTANTSSL_PRO
+
|align="left" style="text-align:left"|Comodo Instant SSL
 +
|COMODO_INSTANTSSL
 
|OV
 
|OV
|
+
|<nowiki>-</nowiki>
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|COMODO_PREMIUMSSL
+
|align="left" style="text-align:left"|Comodo Instant SSL Premium
 +
|COMODO_INSTANTSSL_PREMIUM
 
|OV
 
|OV
|
+
|<nowiki>-</nowiki>
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|COMODO_PREMIUMSSL_WILDCARD
+
|align="left" style="text-align:left"|Comodo Positive SSL
 +
|COMODO_POSITIVESSL
 +
|DV
 +
|<nowiki>-</nowiki>
 +
|EMAIL,DNSZONE,URL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|Comodo Premium SSL Wildcard
 +
|COMODO_PREMIUMSSL_WILDCARD
 
|OV
 
|OV
|Wildcard
+
|wildcard
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|COMODO_EVSSL
+
|align="left" style="text-align:left"|Comodo SSL
|EV
+
|COMODO_SSL
|
+
|DV
 +
|<nowiki>-</nowiki>
 +
|EMAIL,DNSZONE,URL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|Comodo SSL Wildcard
 +
|COMODO_SSL_WILDCARD
 +
|DV
 +
|wildcard
 +
|EMAIL,DNSZONE,URL
 
|-
 
|-
 
|&nbsp;
 
|&nbsp;
 
|
 
|
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|GEOTRUST_QUICKSSLPREMIUM
+
|align="left" style="text-align:left"|GeoTrust QuickSSL
 +
|GEOTRUST_QUICKSSL
 
|DV
 
|DV
|
+
|<nowiki>-</nowiki>
 +
|EMAIL,DNSZONE,URL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|GEOTRUST_RAPIDSSL
+
|align="left" style="text-align:left"|GeoTrust QuickSSL Premium
 +
|GEOTRUST_QUICKSSLPREMIUM
 
|DV
 
|DV
|
+
|<nowiki>-</nowiki>
 +
|EMAIL,DNSZONE,URL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|GEOTRUST_RAPIDSSL_WILDCARD
+
|align="left" style="text-align:left"|GeoTrust QuickSSL Premium SAN Package
 +
|GEOTRUST_QUICKSSLPREMIUM_SAN
 
|DV
 
|DV
|Wildcard
+
|4 subdomains
 +
|EMAIL,DNSZONE,URL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|GeoTrust Rapid SSL
 +
|GEOTRUST_RAPIDSSL
 +
|DV
 +
|<nowiki>-</nowiki>
 +
|EMAIL,DNSZONE,URL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|GeoTrust Rapid SSL Wildcard
 +
|GEOTRUST_RAPIDSSL_WILDCARD
 +
|DV
 +
|wildcard
 +
|EMAIL,DNSZONE,URL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|GeoTrust TrueBusinessID
 +
|GEOTRUST_TRUEBIZID
 +
|OV
 +
|<nowiki>-</nowiki>
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|GeoTrust TrueBusinessID SAN Package
 +
|GEOTRUST_TRUEBIZID_SAN
 +
|OV
 +
|4-100 domains
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|GeoTrust TrueBusinessID EV
 +
|GEOTRUST_TRUEBIZID_EV
 +
|EV
 +
|<nowiki>-</nowiki>
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|GeoTrust TrueBusinessID EV SAN Package
 +
|GEOTRUST_TRUEBIZID_EV_SAN
 +
|EV
 +
|4-100 domains
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|GeoTrust TrueBusinessID Wildcard
 +
|GEOTRUST_TRUEBIZID_WILDCARD
 +
|OV
 +
|wildcard
 +
|EMAIL
 
|-
 
|-
 
|&nbsp;
 
|&nbsp;
Line 73: Line 147:
 
|
 
|
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|SYMANTEC_SECURESITE
+
|align="left" style="text-align:left"|Symantec Secure Site
 +
|SYMANTEC_SECURESITE
 
|OV
 
|OV
|
+
|up to 24 domains
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|SYMANTEC_SECURESITEPRO
+
|align="left" style="text-align:left"|Symantec Secure Site EV
 +
|SYMANTEC_SECURESITE_EV
 +
|EV
 +
|up to 24 domains
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|Symantec Secure Site Pro
 +
|SYMANTEC_SECURESITE_PRO
 
|OV
 
|OV
|
+
|up to 24 domains
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|SYMANTEC_SECURESITEEV
+
|align="left" style="text-align:left"|Symantec Secure Site Pro EV
 +
|SYMANTEC_SECURESITE_PRO_EV
 
|EV
 
|EV
 +
|up to 24 domains
 +
|EMAIL
 +
|-
 +
|&nbsp;
 +
|
 
|
 
|
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|SYMANTEC_SECURESITEPROEV
+
|align="left" style="text-align:left"|thawte SSL 123
 +
|THAWTE_SSL123
 +
|DV
 +
|<nowiki>-</nowiki>
 +
|EMAIL,DNSZONE,URL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|thawte SSL Webserver
 +
|THAWTE_SSLWEBSERVER
 +
|OV
 +
|up to 24 domains
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|thawte SSL Webserver EV
 +
|THAWTE_SSLWEBSERVER_EV
 
|EV
 
|EV
|
+
|up to 24 domains
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|thawte SSL Webserver Wildcard
 +
|THAWTE_SSLWEBSERVER_WILDCARD
 +
|OV
 +
|wildcard
 +
|EMAIL
 
|-
 
|-
 
|&nbsp;
 
|&nbsp;
Line 93: Line 203:
 
|
 
|
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|THAWTE_SSL123
+
|align="left" style="text-align:left"|Trustwave Domain-vetted SSL
 +
|TRUSTWAVE_DOMAINVETTEDSSL
 
|DV
 
|DV
|
+
|<nowiki>-</nowiki>
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|THAWTE_SSLWEBSERVER
+
|align="left" style="text-align:left"|Trustwave Premium SSL
 +
|TRUSTWAVE_PREMIUMSSL
 
|OV
 
|OV
|
+
|<nowiki>-</nowiki>
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|THAWTE_SSLWEBSERVER_WILDCARD
+
|align="left" style="text-align:left"|Trustwave Premium SSL SAN Package
 +
|TRUSTWAVE_PREMIUMSSL_SAN
 
|OV
 
|OV
|Wildcard
+
|5 domains
 +
|EMAIL
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
|align="left" style="text-align:left"|THAWTE_SSLWEBSERVEREV
+
|align="left" style="text-align:left"|Trustwave Premium SSL EV
 +
|TRUSTWAVE_PREMIUMSSL_EV
 
|EV
 
|EV
|
+
|<nowiki>-</nowiki>
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|Trustwave Premium SSL EV SAN Package
 +
|TRUSTWAVE_PREMIUMSSL_EV_SAN
 +
|EV
 +
|5 domains
 +
|EMAIL
 +
|- bgcolor="#E0E0FF" style="background-color:#E0E0FF"
 +
|align="left" style="text-align:left"|Trustwave Premium SSL Wildcard
 +
|TRUSTWAVE_PREMIUMSSL_WILDCARD
 +
|OV
 +
|wildcard
 +
|EMAIL
 
|}
 
|}
<nowiki>*</nowiki> DV=Domain validated SSL certificate<br>
+
<nowiki>*</nowiki> DV=[[SSL_Certificate_Validation_Info|Domain validated SSL certificate]]<br>
OV=Organization validated SSL certificate<br>
+
OV=[[SSL_Certificate_Validation_Info|Organization validated SSL certificate]]<br>
EV=Extended validation SSL certificate
+
EV=[[SSL_Certificate_Validation_Info|Extended validation SSL certificate]]<br>
 
+
<br>
 +
<nowiki>**</nowiki> DCV=[[SSL_Certificate_Validation_Info|Domain Control Validation]]
 
= Order certificate (API) =
 
= Order certificate (API) =
'''All new parameters'''
+
'''Order certificate providing the domain name only'''
 +
<br>
 +
The contact data is [[SSL_Certificate_Contact_Data_Lookup|looked up in the WHOIS]]. The private key and CSR are [[Automatic_SSL_Certificate_CSR_Creation|created automatically]].
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
 
command = CreateSSLCert
 
command = CreateSSLCert
 
sslcertclass = <CLASS>
 
sslcertclass = <CLASS>
period = <INT>
+
domain0 = <DOMAIN>
 
+
ownercontact0 = <CONTACT>
+
admincontact0 = <CONTACT>
+
techcontact0 = <CONTACT>
+
billingcontact0 = <CONTACT>
+
csrcontact0 = <CONTACT>
+
 
+
domain# = <DOMAIN>
+
validation# = EMAIL | DNSZONE | URL
+
validationemail# = <EMAIL>
+
 
+
csr# = <TEXT>
+
pem# = <TEXT>
+
 
+
 
EOF
 
EOF
 
</pre>
 
</pre>
 +
<br>
 +
'''Order certificate with your own CSR'''
 +
<br>
 +
The domain is retrieved from the provided CSR. The contact data is [[SSL_Certificate_Contact_Data_Lookup|looked up in the WHOIS]].
 
<pre>
 
<pre>
[RESPONSE]
+
[COMMAND]
CODE=200
+
command = CreateSSLCert
DESCRIPTION=Command completed successfully
+
sslcertclass = <CLASS>
PROPERTY[SSLCERTID][0]=<SSLCERTID>
+
csr0 = -----BEGIN CERTIFICATE REQUEST-----
PROPERTY[VALIDATIONDNSRR][0]=<TEXT>
+
csr1 = ...
PROPERTY[VALIDATIONURL][0]=<TEXT>
+
...
PROPERTY[VALIDATIONURLCONTENT][0]=<TEXT>
+
 
 
EOF
 
EOF
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate providing the domain name only'''
+
'''Order certificate with contact handles'''
 
<br>
 
<br>
The contact data is [[New_SSL_API_Contact_Data_Lookup|looked up in the WHOIS]]. The private key and CSR are [[New_SSL_API_CSR_Creation|created automatically]].
+
The private key and CSR are [[Automatic_SSL_Certificate_CSR_Creation|created automatically]].
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
Line 155: Line 278:
 
sslcertclass = <CLASS>
 
sslcertclass = <CLASS>
 
domain0 = <DOMAIN>
 
domain0 = <DOMAIN>
 +
ownercontact0 = <CONTACT>
 +
admincontact0 = <CONTACT>
 +
techcontact0 =< CONTACT>
 +
billingcontact0 = <CONTACT>
 
EOF
 
EOF
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate with contact handles'''
+
'''Order certificate using DNSZONE validation'''
 
<br>
 
<br>
The private key and CSR are [[New_SSL_API_CSR_Creation|created automatically]].
+
Prove domain control by setting the returned CNAME record.
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
Line 166: Line 293:
 
sslcertclass = <CLASS>
 
sslcertclass = <CLASS>
 
domain0 = <DOMAIN>
 
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
+
validation0 = DNSZONE
admincontact0=<CONTACT>
+
EOF
techcontact0=<CONTACT>
+
</pre>
billingcontact0=<CONTACT>
+
<pre>
 +
[RESPONSE]
 +
CODE = 200
 +
DESCRIPTION = Command completed successfully
 +
PROPERTY[VALIDATIONDNSRR][0] = abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
 
EOF
 
EOF
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate with your own CSR'''
+
'''Order certificate and have it validated automatically'''
 
<br>
 
<br>
The domain is retrieved from the provided CSR.
+
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
 
command = CreateSSLCert
 
command = CreateSSLCert
 
sslcertclass = <CLASS>
 
sslcertclass = <CLASS>
ownercontact0=<CONTACT>
+
domain0 = <DOMAIN>
admincontact0=<CONTACT>
+
validation0 = DNSZONE
techcontact0=<CONTACT>
+
internaldns = 1
billingcontact0=<CONTACT>
+
EOF
csr0 = -----BEGIN CERTIFICATE REQUEST-----
+
</pre>
csr1 = ...
+
<pre>
...
+
[RESPONSE]
 
+
CODE = 200
 +
DESCRIPTION = Command completed successfully
 +
PROPERTY[VALIDATIONDNSRR][0] = abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
 +
PROPERTY[INTERNALDNS][0] = 1
 
EOF
 
EOF
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate with your own private key'''
+
'''Order certificate using URL validation'''
 
<br>
 
<br>
The CSR is [[New_SSL_API_CSR_Creation|created automatically]] using the provided private key.
+
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
Line 199: Line 333:
 
sslcertclass = <CLASS>
 
sslcertclass = <CLASS>
 
domain0 = <DOMAIN>
 
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
+
validation0 = URL
admincontact0=<CONTACT>
+
EOF
techcontact0=<CONTACT>
+
</pre>
billingcontact0=<CONTACT>
+
<pre>
pem0 = -----BEGIN RSA PRIVATE KEY-----
+
[RESPONSE]
pem1 = ...
+
CODE = 200
...
+
DESCRIPTION = Command completed successfully
 
+
PROPERTY[VALIDATIONURL][0] = http://<DOMAIN>/abcde01234.txt
 +
PROPERTY[VALIDATIONURLCONTENT][0] = vwxyz56789
 
EOF
 
EOF
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate where you tell us exactly what contact data to put into the CSR'''
+
'''Order certificate using EMAIL validation and specifying explicitly the validation email addresses'''
 
<br>
 
<br>
The CSR is [[New_SSL_API_CSR_Creation|created automatically]] using the contact data provided in ''csrcontact0''.
+
By default, ''ownercontact0email'' is used as validation email address. Different validation email addresses can be specified by using the command parameter ''validationemail[0-N]''. This is particularly useful when a multi domain certificate is ordered.
 +
<pre>
 +
[COMMAND]
 +
command = CreateSSLCert
 +
sslcertclass = <CLASS>
 +
domain0 = example1.com
 +
domain1 = example2.com
 +
validationemail0 = [email protected]
 +
validationemail1 = [email protected]
 +
EOF
 +
</pre>
 +
<br>
 +
'''Order certificate specifying explicitly what contact data to put into the CSR'''
 +
<br>
 +
The private key and CSR are [[Automatic_SSL_Certificate_CSR_Creation|created automatically]] using the contact data provided in ''csrcontact0''.
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
Line 218: Line 367:
 
sslcertclass = <CLASS>
 
sslcertclass = <CLASS>
 
domain0 = <DOMAIN>
 
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
+
ownercontact0 = <CONTACT>
admincontact0=<CONTACT>
+
admincontact0 = <CONTACT>
techcontact0=<CONTACT>
+
techcontact0 = <CONTACT>
billingcontact0=<CONTACT>
+
billingcontact0 = <CONTACT>
csrcontact0=<CONTACT>
+
csrcontact0 = <CONTACT>
 
EOF
 
EOF
 
</pre>
 
</pre>
Line 228: Line 377:
 
'''Order certificate with plain contact data'''
 
'''Order certificate with plain contact data'''
 
<br>
 
<br>
This works just like for domain commands.
+
This works just like for domain commands. The private key and CSR are [[Automatic_SSL_Certificate_CSR_Creation|created automatically]].
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
Line 249: Line 398:
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate using DNSZONE validation'''
+
'''Order certificate with your own private key'''
 
<br>
 
<br>
Prove domain control by setting the returned CNAME record.
+
The CSR is [[Automatic_SSL_Certificate_CSR_Creation|created automatically]] using the provided private key.
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
Line 257: Line 406:
 
sslcertclass = <CLASS>
 
sslcertclass = <CLASS>
 
domain0 = <DOMAIN>
 
domain0 = <DOMAIN>
validation0=DNSZONE
+
ownercontact0 = <CONTACT>
EOF
+
admincontact0 = <CONTACT>
</pre>
+
techcontact0 = <CONTACT>
<pre>
+
billingcontact0 = <CONTACT>
[RESPONSE]
+
pem0 = -----BEGIN RSA PRIVATE KEY-----
CODE=200
+
pem1 = ...
DESCRIPTION=Command completed successfully
+
...
PROPERTY[SSLCERTID][0]=<SSLCERTID>
+
 
PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
+
 
EOF
 
EOF
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate using URL validation'''
+
'''All parameters'''
<br>
+
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
+
 
<pre>
 
<pre>
 
[COMMAND]
 
[COMMAND]
 
command = CreateSSLCert
 
command = CreateSSLCert
 
sslcertclass = <CLASS>
 
sslcertclass = <CLASS>
domain0 = <DOMAIN>
+
period = <INT>
validation0=DNSZONE
+
 
 +
domain# = <DOMAIN>
 +
validation# = EMAIL | DNSZONE | URL
 +
validationemail# = <EMAIL>
 +
 
 +
internaldns = 0 | 1
 +
 
 +
csr# = <TEXT>
 +
pem# = <TEXT>
 +
 
 +
keylength = <INT>
 +
 
 +
ownercontact0 = <CONTACT>
 +
ownercontact0organization = <TEXT>
 +
ownercontact0firstname = <TEXT>
 +
ownercontact0lastname = <TEXT>
 +
ownercontact0street = <TEXT>
 +
ownercontact0city = <TEXT>
 +
ownercontact0state = <TEXT>
 +
ownercontact0zip = <TEXT>
 +
ownercontact0country = <TEXT>
 +
ownercontact0phone = <TEXT>
 +
ownercontact0fax = <TEXT>
 +
ownercontact0email = <TEXT>
 +
ownercontact0title = <TEXT>
 +
 
 +
admincontact0 = <CONTACT>
 +
admincontact0organization = <TEXT>
 +
admincontact0firstname = <TEXT>
 +
admincontact0lastname = <TEXT>
 +
admincontact0street = <TEXT>
 +
admincontact0city = <TEXT>
 +
admincontact0state = <TEXT>
 +
admincontact0zip = <TEXT>
 +
admincontact0country = <TEXT>
 +
admincontact0phone = <TEXT>
 +
admincontact0fax = <TEXT>
 +
admincontact0email = <TEXT>
 +
admincontact0title = <TEXT>
 +
 
 +
techcontact0 = <CONTACT>
 +
techcontact0organization = <TEXT>
 +
techcontact0firstname = <TEXT>
 +
techcontact0lastname = <TEXT>
 +
techcontact0street = <TEXT>
 +
techcontact0city = <TEXT>
 +
techcontact0state = <TEXT>
 +
techcontact0zip = <TEXT>
 +
techcontact0country = <TEXT>
 +
techcontact0phone = <TEXT>
 +
techcontact0fax = <TEXT>
 +
techcontact0email = <TEXT>
 +
techcontact0title = <TEXT>
 +
 
 +
billingcontact0 = <CONTACT>
 +
billingcontact0organization = <TEXT>
 +
billingcontact0firstname = <TEXT>
 +
billingcontact0lastname = <TEXT>
 +
billingcontact0street = <TEXT>
 +
billingcontact0city = <TEXT>
 +
billingcontact0state = <TEXT>
 +
billingcontact0zip = <TEXT>
 +
billingcontact0country = <TEXT>
 +
billingcontact0phone = <TEXT>
 +
billingcontact0fax = <TEXT>
 +
billingcontact0email = <TEXT>
 +
billingcontact0title = <TEXT>
 +
 
 +
csrcontact0 = <CONTACT>
 +
csrcontact0organization = <TEXT>
 +
csrcontact0firstname = <TEXT>
 +
csrcontact0lastname = <TEXT>
 +
csrcontact0street = <TEXT>
 +
csrcontact0city = <TEXT>
 +
csrcontact0state = <TEXT>
 +
csrcontact0zip = <TEXT>
 +
csrcontact0country = <TEXT>
 +
csrcontact0phone = <TEXT>
 +
csrcontact0fax = <TEXT>
 +
csrcontact0email = <TEXT>
 +
csrcontact0title = <TEXT>
 +
 
 
EOF
 
EOF
 
</pre>
 
</pre>
 
<pre>
 
<pre>
 
[RESPONSE]
 
[RESPONSE]
CODE=200
+
CODE = 200
DESCRIPTION=Command completed successfully
+
DESCRIPTION = Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
+
PROPERTY[SSLCERTID][0] = <SSLCERTID>
PROPERTY[VALIDATIONURL][0]=http://<DOMAIN>/abcde01234.txt
+
PROPERTY[SSLCERTCLASS][0] = <CLASS>
PROPERTY[VALIDATIONURLCONTENT][0]=vwxyz56789
+
PROPERTY[STATUS][0] = REQUESTEDCREATE
 +
PROPERTY[CREATEDDATE][0] = <DATE>
 +
PROPERTY[REGISTRATIONEXPIRATIONDATE][0] = <DATE>
 +
 
 +
PROPERTY[DOMAIN][0] = <DOMAIN>
 +
PROPERTY[DOMAIN][1] = <DOMAIN>
 +
...
 +
 
 +
PROPERTY[VALIDATION][0] = EMAIL|DNSZONE|URL
 +
PROPERTY[VALIDATION][1] = EMAIL|DNSZONE|URL
 +
...
 +
 
 +
PROPERTY[VALIDATIONEMAIL][0] = <EMAIL>
 +
PROPERTY[VALIDATIONEMAIL][1] = <EMAIL>
 +
...
 +
 
 +
PROPERTY[VALIDATIONDNSRR][0] = <TEXT>
 +
PROPERTY[VALIDATIONDNSRR][1] = <TEXT>
 +
...
 +
 
 +
PROPERTY[VALIDATIONURL][0] = <TEXT>
 +
PROPERTY[VALIDATIONURL][1] = <TEXT>
 +
...
 +
 
 +
PROPERTY[VALIDATIONURLCONTENT][0] = <TEXT>
 +
PROPERTY[VALIDATIONURLCONTENT][1] = <TEXT>
 +
...
 +
 
 +
PROPERTY[INTERNALDNS][0] = 0 | 1
 +
 
 +
PROPERTY[CSR][0] = -----BEGIN CERTIFICATE REQUEST-----
 +
PROPERTY[CSR][1] = ...
 +
...
 +
 
 +
PROPERTY[PEM][0] = -----BEGIN RSA PRIVATE KEY-----
 +
PROPERTY[PEM][1] = ...
 +
...
 +
 
 +
PROPERTY[KEYLENGTH][0] = <INT>
 +
 
 +
PROPERTY[OWNERCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0TITLE][0] = <TEXT>
 +
 
 +
PROPERTY[ADMINCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0TITLE][0] = <TEXT>
 +
 
 +
PROPERTY[TECHCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0TITLE][0] = <TEXT>
 +
 
 +
PROPERTY[BILLINGCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0TITLE][0] = <TEXT>
 +
 
 +
PROPERTY[CSRCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0TITLE][0] = <TEXT>
 +
 
 
EOF
 
EOF
 
</pre>
 
</pre>
 +
<br>
 
= Order certificate (EPP) =
 
= Order certificate (EPP) =
'''All new parameters'''
+
'''Order certificate providing the domain name only'''
 +
<br>
 +
The contact data is [[SSL_Certificate_Contact_Data_Lookup|looked up in the WHOIS]]. The private key and CSR are [[Automatic_SSL_Certificate_CSR_Creation|created automatically]].
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> 
 +
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate with your own CSR'''
 +
<br>
 +
The domain is retrieved from the provided CSR. The contact data is [[SSL_Certificate_Contact_Data_Lookup|looked up in the WHOIS]].
 
<pre>
 
<pre>
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
Line 296: Line 646:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
 
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
 
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
 
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
 
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='PERIOD' value='<INT>' />
+
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
 +
        <keyvalue:kv key='CSR1' value='...' />
 +
        ...
 +
      </keyvalue:extension>
 +
  </extension>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate with contact handles'''
 +
<br>
 +
The private key and CSR are [[Automatic_SSL_Certificate_CSR_Creation|created automatically]].
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
 +
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 +
        <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
 +
        <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
 +
        <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
 +
        <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
 +
      </keyvalue:extension>
 +
  </extension>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate using DNSZONE validation'''
 +
<br>
 +
Prove domain control by setting the returned CNAME record.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> 
 +
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 +
        <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
RESPONSE:
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
<response>
 +
  <result code="1001">
 +
    <msg>Command completed successfully; action pending</msg>
 +
    <extValue>
 +
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
 +
        <epp:undef/>
 +
      </value>
 +
      <reason>200 Command completed successfully</reason>
 +
    </extValue>
 +
  </result>
 +
  <extension>
 +
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
 +
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
 +
    </keyvalue:extension>
 +
  </extension>
 +
  <trID>
 +
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
 +
  </trID>
 +
</response>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate and have it validated automatically'''
 +
<br>
 +
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> 
 +
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 +
        <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
 +
        <keyvalue:kv key='INTERNALDNS' value='1' />
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
RESPONSE:
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
<response>
 +
  <result code="1001">
 +
    <msg>Command completed successfully; action pending</msg>
 +
    <extValue>
 +
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
 +
        <epp:undef/>
 +
      </value>
 +
      <reason>200 Command completed successfully</reason>
 +
    </extValue>
 +
  </result>
 +
  <extension>
 +
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
 +
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
 +
      <keyvalue:kv key="INTERNALDNS" value="1"/>
 +
    </keyvalue:extension>
 +
  </extension>
 +
  <trID>
 +
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
 +
  </trID>
 +
</response>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate using URL validation'''
 +
<br>
 +
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> 
 +
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 +
        <keyvalue:kv key='VALIDATION0' value='URL' />
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
RESPONSE:
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
<response>
 +
  <result code="1001">
 +
    <msg>Command completed successfully; action pending</msg>
 +
    <extValue>
 +
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
 +
        <epp:undef/>
 +
      </value>
 +
      <reason>200 Command completed successfully</reason>
 +
    </extValue>
 +
  </result>
 +
  <extension>
 +
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
 +
      <keyvalue:kv key="VALIDATIONURL" value="http://<DOMAIN>/abcde01234.txt"/>
 +
      <keyvalue:kv key="VALIDATIONURLCONTENT" value="vwxyz56789"/>
 +
    </keyvalue:extension>
 +
  </extension>
 +
  <trID>
 +
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
 +
  </trID>
 +
</response>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate using EMAIL validation and specifying explicitly the validation email addresses'''
 +
<br>
 +
By default, ''ownercontact0email'' is used as validation email address. Different validation email addresses can be specified by using the command parameter ''validationemail[0-N]''. This is particularly useful when a multi domain certificate is ordered.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> 
 +
        <keyvalue:kv key='DOMAIN0' value='example1.com' />
 +
        <keyvalue:kv key='DOMAIN1' value='example2.com' />
 +
        <keyvalue:kv key='VALIDATIONEMAIL0' value='[email protected]' />
 +
        <keyvalue:kv key='VALIDATIONEMAIL1' value='[email protected]' />
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate specifying explicitly what contact data to put into the CSR'''
 +
<br>
 +
The private key and CSR are [[Automatic_SSL_Certificate_CSR_Creation|created automatically]] using the contact data provided in ''csrcontact0''.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
 +
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
Line 305: Line 840:
 
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' />
 +
      </keyvalue:extension>
 +
  </extension>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate with plain contact data'''
 +
<br>
 +
This works just like for domain commands. The private key and CSR are [[Automatic_SSL_Certificate_CSR_Creation|created automatically]].
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
 +
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 +
        <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' />
 +
        <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' />
 +
        <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' />
 +
        <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' />
 +
        <keyvalue:kv key='OWNERCONTACT0CITY' value='City' />
 +
        <keyvalue:kv key='OWNERCONTACT0STATE' value='State' />
 +
        <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' />
 +
        <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' />
 +
        <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' />
 +
        <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' />
 +
        <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' />
 +
        <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' />
 +
      </keyvalue:extension>
 +
  </extension>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Order certificate with your own private key'''
 +
<br>
 +
The CSR is [[Automatic_SSL_Certificate_CSR_Creation|created automatically]] using the provided private key.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
 +
        <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
 +
        <keyvalue:kv key='PEM1' value='...' />
 +
        ...
 +
      </keyvalue:extension>
 +
  </extension>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''All parameters'''
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
 +
        <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
 +
        <keyvalue:kv key='PERIOD' value='<INT>' />
  
 
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
Line 317: Line 913:
 
         <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
 
         <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
 
         ...
 
         ...
 +
 +
        <keyvalue:kv key='INTERNALDNS' value='0 | 1' />
 +
  
 
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
 
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
 +
        <keyvalue:kv key='CSR1' value='...' />
 
         ...
 
         ...
        <keyvalue:kv key='CSR18' value='-----END CERTIFICATE REQUEST-----' />
 
  
 
         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
 
         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
 +
        <keyvalue:kv key='PEM1' value='...' />
 
         ...
 
         ...
         <keyvalue:kv key='PEM27' value='-----END RSA PRIVATE KEY-----' />
+
 
 +
         <keyvalue:kv key='KEYLENGTH' value='<INT>' />
 +
 
 +
        <keyvalue:kv key='ownercontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='ownercontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0title' value='<TEXT>' />
 +
 
 +
        <keyvalue:kv key='admincontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='admincontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0title' value='<TEXT>' />
 +
 
 +
        <keyvalue:kv key='techcontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='techcontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0title' value='<TEXT>' />
 +
 
 +
        <keyvalue:kv key='billingcontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='billingcontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0title' value='<TEXT>' />
 +
 
 +
        <keyvalue:kv key='csrcontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='csrcontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0title' value='<TEXT>' />
  
 
       </keyvalue:extension>
 
       </keyvalue:extension>
Line 346: Line 1,017:
 
   <extension>
 
   <extension>
 
     <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
 
     <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
 +
 
       <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
 
       <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
       <keyvalue:kv key="VALIDATIONDNSRR" value="<TEXT>"/>
+
       <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
       <keyvalue:kv key="VALIDATIONURL" value="<TEXT>"/>
+
      <keyvalue:kv key='STATUS' value='REQUESTEDCREATE' />
       <keyvalue:kv key="VALIDATIONURLCONTENT" value="<TEXT>"/>
+
      <keyvalue:kv key='CREATEDDATE' value='<DATE>' />
 +
      <keyvalue:kv key='REGISTRATIONEXPIRATIONDATE' value='<DATE>' />
 +
 
 +
      <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />
 +
      <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
 +
      ...
 +
 
 +
      <keyvalue:kv key='VALIDATION' value='EMAIL|DNSZONE|URL' />
 +
      <keyvalue:kv key='VALIDATION1' value='EMAIL|DNSZONE|URL' />
 +
      ...
 +
 
 +
      <keyvalue:kv key='VALIDATIONEMAIL' value='<EMAIL>' />
 +
      <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
 +
      ...
 +
 
 +
      <keyvalue:kv key='VALIDATIONDNSRR' value='<TEXT>' />
 +
       <keyvalue:kv key='VALIDATIONDNSRR1' value='<TEXT>' />
 +
      ...
 +
 
 +
      <keyvalue:kv key='VALIDATIONURL' value='<TEXT>' />
 +
       <keyvalue:kv key='VALIDATIONURL1' value='<TEXT>' />
 +
      ...
 +
 
 +
      <keyvalue:kv key='VALIDATIONURLCONTENT' value='<TEXT>' />
 +
      <keyvalue:kv key='VALIDATIONURLCONTENT1' value='<TEXT>' />
 +
      ...
 +
 
 +
      <keyvalue:kv key='INTERNALDNS' value='0 | 1' />
 +
 
 +
      <keyvalue:kv key='CSR' value='-----BEGIN CERTIFICATE REQUEST-----' />
 +
      <keyvalue:kv key='CSR1' value='...' />
 +
      ...
 +
 
 +
      <keyvalue:kv key='PEM' value='-----BEGIN RSA PRIVATE KEY-----' />
 +
      <keyvalue:kv key='PEM1' value='...' />
 +
      ...
 +
 
 +
      <keyvalue:kv key='KEYLENGTH' value='<INT>' />
 +
 
 +
      <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0TITLE' value='<TEXT>' />
 +
 
 +
      <keyvalue:kv key='ADMINCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0TITLE' value='<TEXT>' />
 +
 
 +
      <keyvalue:kv key='TECHCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0TITLE' value='<TEXT>' />
 +
 
 +
      <keyvalue:kv key='BILLINGCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0TITLE' value='<TEXT>' />
 +
 
 +
      <keyvalue:kv key='CSRCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0TITLE' value='<TEXT>' />
 +
 
 
     </keyvalue:extension>
 
     </keyvalue:extension>
 
   </extension>
 
   </extension>
Line 358: Line 1,133:
 
</epp>
 
</epp>
 
</pre>
 
</pre>
 +
= Renew certificate (API) =
 +
'''Renew certificate'''
 
<br>
 
<br>
'''Order certificate providing the domain name only'''
+
When no additional command parameters are provided, the current data is used for the certificate renewal: CSR, contact information, validation methods, validation email addresses, internaldns
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate with new contact data'''
 +
<br>
 +
When new contact data is provided, it will be used for the certificate renewal. Note that you have to provide all contact data for all contacts, not just the data that has changed. Also note that the current CSR will be re-used even if contact data has changed that is part of the CSR. See below to learn how to have a new CSR created.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
ownercontact0 = <CONTACT>
 +
admincontact0 = <CONTACT>
 +
techcontact0 = <CONTACT>
 +
billingcontact0 = <CONTACT>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate with new contact data and a newly created CSR (current private key)'''
 +
<br>
 +
In order have a [[Automatic_SSL_Certificate_CSR_Creation|new CSR created]], use the command parameter ''createcsr=1''. The current private key associated with the certificate is used for this (unless a new one is created or provided, see below). If no private key is associated with the certificate, the command will fail. Also be reminded that if the certificate is associated with a ''csrcontact0'', its contact data is the relevant data for the CSR creation and must also be updated.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
ownercontact0 = <CONTACT>
 +
admincontact0 = <CONTACT>
 +
techcontact0 = <CONTACT>
 +
billingcontact0 = <CONTACT>
 +
createcsr = 1
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate with new contact data and a newly created CSR (newly created private key)'''
 +
<br>
 +
In order have a [[Automatic_SSL_Certificate_CSR_Creation|new private key and a new CSR created]], use the command parameter ''createprivatekey=1''.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
ownercontact0 = <CONTACT>
 +
admincontact0 = <CONTACT>
 +
techcontact0 = <CONTACT>
 +
billingcontact0 = <CONTACT>
 +
createprivatekey = 1
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate with new contact data and a newly created CSR (provided private key)'''
 +
<br>
 +
This will [[Automatic_SSL_Certificate_CSR_Creation|create a new CSR]] using the provided private key.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
ownercontact0 = <CONTACT>
 +
admincontact0 = <CONTACT>
 +
techcontact0 = <CONTACT>
 +
billingcontact0 = <CONTACT>
 +
pem0 = -----BEGIN RSA PRIVATE KEY-----
 +
pem1 = ...
 +
...
 +
 
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate with your own new CSR'''
 +
<br>
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
csr0 = -----BEGIN CERTIFICATE REQUEST-----
 +
csr1 = ...
 +
...
 +
 
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate choosing a different validation method'''
 +
<br>
 +
By default, the validation method chosen previously (when the certificate was created or renewed last time) will be used for the renewal. In order to specify a different validation method, the command parameter ''validation0'' must be used.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
validation0 = EMAIL
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate using DNSZONE validation'''
 +
<br>
 +
Prove domain control by setting the returned CNAME record.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
validation0 = DNSZONE
 +
EOF
 +
</pre>
 +
<pre>
 +
[RESPONSE]
 +
CODE = 200
 +
DESCRIPTION = Command completed successfully
 +
PROPERTY[SSLCERTID][0] = <SSLCERTID>
 +
PROPERTY[VALIDATIONDNSRR][0] = abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate and have it validated automatically'''
 +
<br>
 +
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
validation0 = DNSZONE
 +
internaldns = 1
 +
EOF
 +
</pre>
 +
<pre>
 +
[RESPONSE]
 +
CODE = 200
 +
DESCRIPTION = Command completed successfully
 +
PROPERTY[SSLCERTID][0] = <SSLCERTID>
 +
PROPERTY[VALIDATIONDNSRR][0] = abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
 +
PROPERTY[INTERNALDNS][0] = 1
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate using URL validation'''
 +
<br>
 +
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
validation0 = URL
 +
EOF
 +
</pre>
 +
<pre>
 +
[RESPONSE]
 +
CODE = 200
 +
DESCRIPTION = Command completed successfully
 +
PROPERTY[SSLCERTID][0] = <SSLCERTID>
 +
PROPERTY[VALIDATIONURL][0] = http://<DOMAIN>/abcde01234.txt
 +
PROPERTY[VALIDATIONURLCONTENT][0] = vwxyz56789
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate using EMAIL validation and specifying explicitly the validation email address'''
 +
<br>
 +
If a specific validation email address (different from ''ownercontact0email'') was used previously (when the certificate was created or renewed last time) it will be used again for the certificate renewal. In order to choose a different email address, the command parameter ''validationemail0'' must be used.
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
validation0 = EMAIL
 +
validationemail0 = <EMAIL>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Renew certificate with new plain contact data'''
 +
<br>
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
ownercontact0organization = <TEXT> | <NULL>
 +
ownercontact0firstname = <TEXT> | <NULL>
 +
ownercontact0lastname = <TEXT> | <NULL>
 +
ownercontact0street = <TEXT> | <NULL>
 +
ownercontact0city = <TEXT> | <NULL>
 +
ownercontact0state = <TEXT> | <NULL>
 +
ownercontact0zip = <TEXT> | <NULL>
 +
ownercontact0country = <TEXT> | <NULL>
 +
ownercontact0phone = <TEXT> | <NULL>
 +
ownercontact0fax = <TEXT> | <NULL>
 +
ownercontact0email = <TEXT> | <NULL>
 +
ownercontact0title = <TEXT> | <NULL>
 +
EOF
 +
</pre>
 +
<br>
 +
'''All parameters'''
 +
<pre>
 +
[COMMAND]
 +
command = RenewSSLCert
 +
sslcertid = <SSLCERTID>
 +
period = <INT>
 +
 
 +
domain# = <DOMAIN>
 +
validation# = EMAIL | DNSZONE | URL
 +
validationemail# = <EMAIL>
 +
 
 +
internaldns = 0 | 1
 +
 
 +
csr# = <TEXT>
 +
createcsr = 0 | 1
 +
 
 +
pem# = <TEXT>
 +
createprivatekey = 0 | 1
 +
 
 +
keylength = <INT>
 +
 
 +
ownercontact0 = <CONTACT>
 +
ownercontact0organization = <TEXT>
 +
ownercontact0firstname = <TEXT>
 +
ownercontact0lastname = <TEXT>
 +
ownercontact0street = <TEXT>
 +
ownercontact0city = <TEXT>
 +
ownercontact0state = <TEXT>
 +
ownercontact0zip = <TEXT>
 +
ownercontact0country = <TEXT>
 +
ownercontact0phone = <TEXT>
 +
ownercontact0fax = <TEXT>
 +
ownercontact0email = <TEXT>
 +
ownercontact0title = <TEXT>
 +
 
 +
admincontact0 = <CONTACT>
 +
admincontact0organization = <TEXT>
 +
admincontact0firstname = <TEXT>
 +
admincontact0lastname = <TEXT>
 +
admincontact0street = <TEXT>
 +
admincontact0city = <TEXT>
 +
admincontact0state = <TEXT>
 +
admincontact0zip = <TEXT>
 +
admincontact0country = <TEXT>
 +
admincontact0phone = <TEXT>
 +
admincontact0fax = <TEXT>
 +
admincontact0email = <TEXT>
 +
admincontact0title = <TEXT>
 +
 
 +
techcontact0 = <CONTACT>
 +
techcontact0organization = <TEXT>
 +
techcontact0firstname = <TEXT>
 +
techcontact0lastname = <TEXT>
 +
techcontact0street = <TEXT>
 +
techcontact0city = <TEXT>
 +
techcontact0state = <TEXT>
 +
techcontact0zip = <TEXT>
 +
techcontact0country = <TEXT>
 +
techcontact0phone = <TEXT>
 +
techcontact0fax = <TEXT>
 +
techcontact0email = <TEXT>
 +
techcontact0title = <TEXT>
 +
 
 +
billingcontact0 = <CONTACT>
 +
billingcontact0organization = <TEXT>
 +
billingcontact0firstname = <TEXT>
 +
billingcontact0lastname = <TEXT>
 +
billingcontact0street = <TEXT>
 +
billingcontact0city = <TEXT>
 +
billingcontact0state = <TEXT>
 +
billingcontact0zip = <TEXT>
 +
billingcontact0country = <TEXT>
 +
billingcontact0phone = <TEXT>
 +
billingcontact0fax = <TEXT>
 +
billingcontact0email = <TEXT>
 +
billingcontact0title = <TEXT>
 +
 
 +
csrcontact0 = <CONTACT>
 +
csrcontact0organization = <TEXT>
 +
csrcontact0firstname = <TEXT>
 +
csrcontact0lastname = <TEXT>
 +
csrcontact0street = <TEXT>
 +
csrcontact0city = <TEXT>
 +
csrcontact0state = <TEXT>
 +
csrcontact0zip = <TEXT>
 +
csrcontact0country = <TEXT>
 +
csrcontact0phone = <TEXT>
 +
csrcontact0fax = <TEXT>
 +
csrcontact0email = <TEXT>
 +
csrcontact0title = <TEXT>
 +
 
 +
EOF
 +
</pre>
 +
<pre>
 +
[RESPONSE]
 +
CODE = 200
 +
DESCRIPTION = Command completed successfully
 +
PROPERTY[SSLCERTID][0] = <SSLCERTID>
 +
PROPERTY[SSLCERTCLASS][0] = <CLASS>
 +
PROPERTY[STATUS][0] = REQUESTEDCREATE
 +
PROPERTY[CREATEDDATE][0] = <DATE>
 +
PROPERTY[REGISTRATIONEXPIRATIONDATE][0] = <DATE>
 +
 
 +
PROPERTY[DOMAIN][0] = <DOMAIN>
 +
PROPERTY[DOMAIN][1] = <DOMAIN>
 +
...
 +
 
 +
PROPERTY[VALIDATION][0] = EMAIL|DNSZONE|URL
 +
PROPERTY[VALIDATION][1] = EMAIL|DNSZONE|URL
 +
...
 +
 
 +
PROPERTY[VALIDATIONEMAIL][0] = <EMAIL>
 +
PROPERTY[VALIDATIONEMAIL][1] = <EMAIL>
 +
...
 +
 
 +
PROPERTY[VALIDATIONDNSRR][0] = <TEXT>
 +
PROPERTY[VALIDATIONDNSRR][1] = <TEXT>
 +
...
 +
 
 +
PROPERTY[VALIDATIONURL][0] = <TEXT>
 +
PROPERTY[VALIDATIONURL][1] = <TEXT>
 +
...
 +
 
 +
PROPERTY[VALIDATIONURLCONTENT][0] = <TEXT>
 +
PROPERTY[VALIDATIONURLCONTENT][1] = <TEXT>
 +
...
 +
 
 +
PROPERTY[INTERNALDNS][0] = 0 | 1
 +
 
 +
PROPERTY[CSR][0] = -----BEGIN CERTIFICATE REQUEST-----
 +
PROPERTY[CSR][1] = ...
 +
...
 +
 
 +
PROPERTY[PEM][0] = -----BEGIN RSA PRIVATE KEY-----
 +
PROPERTY[PEM][1] = ...
 +
...
 +
 
 +
PROPERTY[KEYLENGTH][0] = <INT>
 +
 
 +
PROPERTY[OWNERCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[OWNERCONTACT0TITLE][0] = <TEXT>
 +
 
 +
PROPERTY[ADMINCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[ADMINCONTACT0TITLE][0] = <TEXT>
 +
 
 +
PROPERTY[TECHCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[TECHCONTACT0TITLE][0] = <TEXT>
 +
 
 +
PROPERTY[BILLINGCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[BILLINGCONTACT0TITLE][0] = <TEXT>
 +
 
 +
PROPERTY[CSRCONTACT0ORGANIZATION][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0FIRSTNAME][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0LASTNAME][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0STREET][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0CITY][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0STATE][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0ZIP][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0COUNTRY][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0PHONE][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0FAX][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0EMAIL][0] = <TEXT>
 +
PROPERTY[CSRCONTACT0TITLE][0] = <TEXT>
 +
 
 +
EOF
 +
</pre>
 +
<br>
 +
= Renew certificate (EPP) =
 +
'''Renew certificate'''
 
<br>
 
<br>
The contact data is [[New_SSL_API_Contact_Data_Lookup|looked up in the WHOIS]]. The private key and CSR are [[New_SSL_API_CSR_Creation|created automatically]].
+
When no additional command parameters are provided, the current data is used for the certificate renewal: CSR, contact information, validation methods, validation email addresses, internaldns
 
<pre>
 
<pre>
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
Line 367: Line 1,539:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
+
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
+
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
+
 
       </keyvalue:extension>   
 
       </keyvalue:extension>   
 
   </extension>   
 
   </extension>   
Line 375: Line 1,546:
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate with contact handles'''
+
'''Renew certificate with new contact data'''
 
<br>
 
<br>
The private key and CSR are [[New_SSL_API_CSR_Creation|created automatically]].
+
When new contact data is provided, it will be used for the certificate renewal. Note that you have to provide all contact data for all contacts, not just the data that has changed. Also note that the current CSR will be re-used even if contact data has changed that is part of the CSR. See below to learn how to have a new CSR created.
 
<pre>
 
<pre>
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
Line 383: Line 1,554:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
+
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
+
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
+
 
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
Line 395: Line 1,565:
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate with your own CSR'''
+
'''Renew certificate with new contact data and a newly created CSR (current private key)'''
 
<br>
 
<br>
The domain is retrieved from the provided CSR.
+
In order have a [[Automatic_SSL_Certificate_CSR_Creation|new CSR created]], use the command parameter ''createcsr=1''. The current private key associated with the certificate is used for this (unless a new one is created or provided, see below). If no private key is associated with the certificate, the command will fail. Also be reminded that if the certificate is associated with a ''csrcontact0'', its contact data is the relevant data for the CSR creation and must also be updated.
 
<pre>
 
<pre>
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
Line 403: Line 1,573:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
+
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
+
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
+
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         ...
+
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='CSR18' value='-----END CERTIFICATE REQUEST-----' />
+
        <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
 +
        <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
 +
         <keyvalue:kv key='CREATECSR' value='1' />
 
       </keyvalue:extension>
 
       </keyvalue:extension>
 
   </extension>
 
   </extension>
Line 413: Line 1,585:
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate with your own private key'''
+
'''Renew certificate with new contact data and a newly created CSR (newly created private key)'''
 
<br>
 
<br>
The CSR is [[New_SSL_API_CSR_Creation|created automatically]] using the provided private key.
+
In order have a [[Automatic_SSL_Certificate_CSR_Creation|new private key and a new CSR created]], use the command parameter ''createprivatekey=1''.
 
<pre>
 
<pre>
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
Line 421: Line 1,593:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
+
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
+
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
+
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         ...
+
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='PEM27' value='-----END RSA PRIVATE KEY-----' />
+
        <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
 +
        <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
 +
         <keyvalue:kv key='CREATEPRIVATEKEY' value='1' />
 
       </keyvalue:extension>
 
       </keyvalue:extension>
 
   </extension>
 
   </extension>
Line 431: Line 1,605:
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate where you tell us exactly what contact data to put into the CSR'''
+
'''Renew certificate with new contact data and a newly created CSR (provided private key)'''
 
<br>
 
<br>
The CSR is [[New_SSL_API_CSR_Creation|created automatically]] using the contact data provided in ''csrcontact0''.
+
This will [[Automatic_SSL_Certificate_CSR_Creation|create a new CSR]] using the provided private key.
 
<pre>
 
<pre>
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
Line 439: Line 1,613:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
+
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
+
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
+
 
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
 
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' />
+
         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
 +
        <keyvalue:kv key='PEM1' value='...' />
 +
        ...
 
       </keyvalue:extension>
 
       </keyvalue:extension>
 
   </extension>
 
   </extension>
Line 452: Line 1,627:
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate with plain contact data'''
+
'''Renew certificate with your own new CSR'''
 
<br>
 
<br>
This works just like for domain commands.
 
 
<pre>
 
<pre>
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
Line 460: Line 1,634:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
+
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
+
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
+
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' />
+
         <keyvalue:kv key='CSR1' value='...' />
         <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' />
+
         ...
        <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' />
+
        <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' />
+
        <keyvalue:kv key='OWNERCONTACT0CITY' value='City' />
+
        <keyvalue:kv key='OWNERCONTACT0STATE' value='State' />
+
        <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' />
+
        <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' />
+
        <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' />
+
        <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' />
+
        <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' />
+
        <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' />
+
 
       </keyvalue:extension>
 
       </keyvalue:extension>
 
   </extension>
 
   </extension>
Line 480: Line 1,644:
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate using DNSZONE validation'''
+
'''Renew certificate choosing a different validation method'''
 +
<br>
 +
By default, the validation method chosen previously (when the certificate was created or renewed last time) will be used for the renewal. In order to specify a different validation method, the command parameter ''validation0'' must be used.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> 
 +
        <keyvalue:kv key='VALIDATION0' value='EMAIL' />
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Renew certificate using DNSZONE validation'''
 
<br>
 
<br>
 
Prove domain control by setting the returned CNAME record.
 
Prove domain control by setting the returned CNAME record.
Line 488: Line 1,668:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
+
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
+
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
+
 
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
 
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
 
       </keyvalue:extension>   
 
       </keyvalue:extension>   
Line 523: Line 1,702:
 
</pre>
 
</pre>
 
<br>
 
<br>
'''Order certificate using URL validation'''
+
'''Renew certificate and have it validated automatically'''
 +
<br>
 +
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> 
 +
        <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
 +
        <keyvalue:kv key='INTERNALDNS' value='1' />
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
RESPONSE:
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
<response>
 +
  <result code="1001">
 +
    <msg>Command completed successfully; action pending</msg>
 +
    <extValue>
 +
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
 +
        <epp:undef/>
 +
      </value>
 +
      <reason>200 Command completed successfully</reason>
 +
    </extValue>
 +
  </result>
 +
  <extension>
 +
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
 +
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
 +
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
 +
    </keyvalue:extension>
 +
  </extension>
 +
  <trID>
 +
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
 +
  </trID>
 +
</response>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Renew certificate using URL validation'''
 
<br>
 
<br>
 
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
 
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
Line 531: Line 1,753:
 
   <extension>   
 
   <extension>   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
 
       <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
+
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
+
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
+
 
         <keyvalue:kv key='VALIDATION0' value='URL' />
 
         <keyvalue:kv key='VALIDATION0' value='URL' />
 
       </keyvalue:extension>   
 
       </keyvalue:extension>   
Line 566: Line 1,787:
 
</epp>
 
</epp>
 
</pre>
 
</pre>
 +
<br>
 +
'''Renew certificate using EMAIL validation and specifying explicitly the validation email address'''
 +
<br>
 +
If a specific validation email address (different from ''ownercontact0email'') was used previously (when the certificate was created or renewed last time) it will be used again for the certificate renewal. In order to choose a different email address, the command parameter ''validationemail0'' must be used.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> 
 +
        <keyvalue:kv key='VALIDATION0' value='EMAIL' />
 +
        <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' />
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Renew certificate with new plain contact data'''
 +
<br>
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
 +
        <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' />
 +
        <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' />
 +
        <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' />
 +
        <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' />
 +
        <keyvalue:kv key='OWNERCONTACT0CITY' value='City' />
 +
        <keyvalue:kv key='OWNERCONTACT0STATE' value='State' />
 +
        <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' />
 +
        <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' />
 +
        <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' />
 +
        <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' />
 +
        <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' />
 +
        <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' />
 +
      </keyvalue:extension>
 +
  </extension>
 +
</epp>
 +
</pre>
 +
<br>
 +
'''All parameters'''
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
 +
        <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
 +
        <keyvalue:kv key='PERIOD' value='<INT>' />
 +
 +
        <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
 +
        <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
 +
        ...
 +
 +
        <keyvalue:kv key='VALIDATION0' value='EMAIL | DNSZONE | URL' />
 +
        <keyvalue:kv key='VALIDATION1' value='EMAIL | DNSZONE | URL' />
 +
        ...
 +
 +
        <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' />
 +
        <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
 +
        ...
 +
 +
        <keyvalue:kv key='INTERNALDNS' value='0 | 1' />
 +
 +
        <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
 +
        <keyvalue:kv key='CSR1' value='...' />
 +
        ...
 +
 +
        <keyvalue:kv key='CREATECSR' value='0 | 1' />
 +
 +
        <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
 +
        <keyvalue:kv key='PEM1' value='...' />
 +
        ...
 +
 +
        <keyvalue:kv key='CREATEPRIVATEKEY' value='0 | 1' />
 +
 +
        <keyvalue:kv key='KEYLENGTH' value='<INT>' />
 +
 +
        <keyvalue:kv key='ownercontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='ownercontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='ownercontact0title' value='<TEXT>' />
 +
 +
        <keyvalue:kv key='admincontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='admincontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='admincontact0title' value='<TEXT>' />
 +
 +
        <keyvalue:kv key='techcontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='techcontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='techcontact0title' value='<TEXT>' />
 +
 +
        <keyvalue:kv key='billingcontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='billingcontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='billingcontact0title' value='<TEXT>' />
 +
 +
        <keyvalue:kv key='csrcontact0' value='<CONTACT>' />
 +
        <keyvalue:kv key='csrcontact0organization' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0firstname' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0lastname' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0street' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0city' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0state' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0zip' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0country' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0phone' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0fax' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0email' value='<TEXT>' />
 +
        <keyvalue:kv key='csrcontact0title' value='<TEXT>' />
 +
 +
      </keyvalue:extension>
 +
  </extension>
 +
</epp>
 +
</pre>
 +
RESPONSE:
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
<response>
 +
  <result code="1001">
 +
    <msg>Command completed successfully; action pending</msg>
 +
    <extValue>
 +
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
 +
        <epp:undef/>
 +
      </value>
 +
      <reason>200 Command completed successfully</reason>
 +
    </extValue>
 +
  </result>
 +
  <extension>
 +
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
 +
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
 +
      <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
 +
      <keyvalue:kv key='STATUS' value='REQUESTEDCREATE' />
 +
      <keyvalue:kv key='CREATEDDATE' value='<DATE>' />
 +
      <keyvalue:kv key='REGISTRATIONEXPIRATIONDATE' value='<DATE>' />
 +
 +
      <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />
 +
      <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
 +
      ...
 +
 +
      <keyvalue:kv key='VALIDATION' value='EMAIL|DNSZONE|URL' />
 +
      <keyvalue:kv key='VALIDATION1' value='EMAIL|DNSZONE|URL' />
 +
      ...
 +
 +
      <keyvalue:kv key='VALIDATIONEMAIL' value='<EMAIL>' />
 +
      <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
 +
      ...
 +
 +
      <keyvalue:kv key='VALIDATIONDNSRR' value='<TEXT>' />
 +
      <keyvalue:kv key='VALIDATIONDNSRR1' value='<TEXT>' />
 +
      ...
 +
 +
      <keyvalue:kv key='VALIDATIONURL' value='<TEXT>' />
 +
      <keyvalue:kv key='VALIDATIONURL1' value='<TEXT>' />
 +
      ...
 +
 +
      <keyvalue:kv key='VALIDATIONURLCONTENT' value='<TEXT>' />
 +
      <keyvalue:kv key='VALIDATIONURLCONTENT1' value='<TEXT>' />
 +
      ...
 +
 +
      <keyvalue:kv key='INTERNALDNS' value='0 | 1' />
 +
 +
      <keyvalue:kv key='CSR' value='-----BEGIN CERTIFICATE REQUEST-----' />
 +
      <keyvalue:kv key='CSR1' value='...' />
 +
      ...
 +
 +
      <keyvalue:kv key='PEM' value='-----BEGIN RSA PRIVATE KEY-----' />
 +
      <keyvalue:kv key='PEM1' value='...' />
 +
      ...
 +
 +
      <keyvalue:kv key='KEYLENGTH' value='<INT>' />
 +
 +
      <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='OWNERCONTACT0TITLE' value='<TEXT>' />
 +
 +
      <keyvalue:kv key='ADMINCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='ADMINCONTACT0TITLE' value='<TEXT>' />
 +
 +
      <keyvalue:kv key='TECHCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='TECHCONTACT0TITLE' value='<TEXT>' />
 +
 +
      <keyvalue:kv key='BILLINGCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='BILLINGCONTACT0TITLE' value='<TEXT>' />
 +
 +
      <keyvalue:kv key='CSRCONTACT0ORGANIZATION' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0FIRSTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0LASTNAME' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0STREET' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0CITY' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0STATE' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0ZIP' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0COUNTRY' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0PHONE' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0FAX' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0EMAIL' value='<TEXT>' />
 +
      <keyvalue:kv key='CSRCONTACT0TITLE' value='<TEXT>' />
 +
 +
    </keyvalue:extension>
 +
  </extension>
 +
  <trID>
 +
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
 +
  </trID>
 +
</response>
 +
</epp>
 +
</pre>
 +
= Other commands (API) =
 +
'''Parse CSR'''
 +
<br>
 +
Have a CSR checked.
 +
<pre>
 +
[COMMAND]
 +
command = ParseSSLCertCSR
 +
csr# = <TEXT>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Resend validation email'''
 +
<br>
 +
Have another validation email send to the validation email address.
 +
<pre>
 +
[COMMAND]
 +
command = ResendSSLCertEmail
 +
sslcertid = <SSLCERTID>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Request list of possible validation email addresses'''
 +
<br>
 +
Find out all possible validation email addresses for a certain certificate class and a certain domain name.
 +
<pre>
 +
[COMMAND]
 +
command = QuerySSLCertDCVEMailAddressList
 +
sslcertclass = <CLASS>
 +
domain = <DOMAIN>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Reissue SSL certificate'''
 +
<br>
 +
With this command you request to have an existing certificate replaced with a new one. This is useful when your private key got compromised, for example. A Reissue is free of charge, but note that you have to go through a validation process again.
 +
<pre>
 +
[COMMAND]
 +
command = ReissueSSLCert
 +
sslcertid = <SSLCERTID>
 +
csr# = <TEXT>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Revoke SSL certificate'''
 +
<br>
 +
With this command you request that your certificate is being nullified. This is appropriate when your private key got compromised.
 +
<pre>
 +
[COMMAND]
 +
command = RevokeSSLCert
 +
sslcertid = <SSLCERTID>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Get status of SSL certificate order'''
 +
<br>
 +
<pre>
 +
[COMMAND]
 +
command = StatusSSLCert
 +
sslcertid = <SSLCERTID>
 +
EOF
 +
</pre>
 +
<br>
 +
'''Status values:'''<br>
 +
<br>
 +
'''ACTIVE''' - certificate successfully issued
 +
 +
'''REQUESTED / REQUESTEDCREATE''' - certificate has been requested at the certificate supplier
 +
 +
'''PENDING / PENDINGCREATE''' - certificate order has been successfully transmitted to the certificate supplier
 +
 +
'''FAILED''' - certificate order has failed
 +
 +
'''REPLACED''' - certificate has been replaced by a new certificate
 +
 +
'''REVOKED''' - certificate has been revoked
 +
 +
'''REQUESTEDRENEW''' - certificate renewal has been requested at the certificate supplier
 +
 +
'''PENDINGRENEW''' - certificate renewal request has been successfully transmitted to the certificate supplier
 +
 +
'''REQUESTEDREISSUE''' - re-issue has been requested at the certificate supplier
 +
 +
'''PENDINGREISSUE''' - re-issue request has been successfully transmitted to the certificate supplier
 +
 +
= Other commands (EPP) =
 +
'''Parse CSR'''
 +
<br>
 +
Have a CSR checked.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='ParseSSLCertCSR' /> 
 +
        <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
 +
        <keyvalue:kv key='CSR1' value='...' />
 +
        ...
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Resend validation email'''
 +
<br>
 +
Have another validation email send to the validation email address.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='ResendSSLCertEmail' /> 
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> 
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Request list of possible validation email addresses'''
 +
<br>
 +
Find out all possible validation email addresses for a certain certificate class and a certain domain name.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='QuerySSLCertDCVEMailAddressList' /> 
 +
        <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> 
 +
        <keyvalue:kv key='DOMAIN' value='<DOMAIN>' /> 
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Reissue SSL certificate'''
 +
<br>
 +
With this command you request to have an existing certificate replaced with a new one. This is useful when your private key got compromised, for example. A Reissue is free of charge, but note that you have to go through a validation process again.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='ReissueSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> 
 +
        <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
 +
        <keyvalue:kv key='CSR1' value='...' />
 +
        ...
 +
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Revoke SSL certificate'''
 +
<br>
 +
With this command you request that your certificate is being nullified. This is appropriate when your private key got compromised.
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='RevokeSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> 
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Get status of SSL certificate order'''
 +
<br>
 +
<pre>
 +
<?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 +
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
 +
  <extension> 
 +
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> 
 +
        <keyvalue:kv key='COMMAND' value='StatusSSLCert' /> 
 +
        <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> 
 +
      </keyvalue:extension> 
 +
  </extension> 
 +
</epp>
 +
</pre>
 +
<br>
 +
'''Status values:'''<br>
 +
<br>
 +
'''ACTIVE''' - certificate successfully issued
 +
 +
'''REQUESTED / REQUESTEDCREATE''' - certificate has been requested at the certificate supplier
 +
 +
'''PENDING / PENDINGCREATE''' - certificate order has been successfully transmitted to the certificate supplier
 +
 +
'''FAILED''' - certificate order has failed
 +
 +
'''REPLACED''' - certificate has been replaced by a new certificate
 +
 +
'''REVOKED''' - certificate has been revoked
 +
 +
'''REQUESTEDRENEW''' - certificate renewal has been requested at the certificate supplier
 +
 +
'''PENDINGRENEW''' - certificate renewal request has been successfully transmitted to the certificate supplier
 +
 +
'''REQUESTEDREISSUE''' - re-issue has been requested at the certificate supplier
 +
 +
'''PENDINGREISSUE''' - re-issue request has been successfully transmitted to the certificate supplier
 
<headertabs/>
 
<headertabs/>
 +
 +
== Additional information ==
 +
[[How_to_create_a_CSR-file|How to create a CSR file]]<br>
 +
[[How_to_install_an_SSL_certificate|How to install an SSL certificate]]

Latest revision as of 15:55, 19 March 2018

SSL API

[edit] Features

  • Order SSL certificates without having to provide contact data - given the domain name, we will retrieve the required contact information from the WHOIS
  • Order SSL certificates without having to create a CSR first - we take care of this for you
  • Order SSL certificates using contact handles - just like in domain commands
  • Use advanced validation methods - instead of confirming emails, you can prove that you have control over a domain by a simple DNS or web content modification
  • Have your SSL certificate orders validated automatically - using DNSZONE validation and HEXONET's DNS Services


[edit] Using the SSL API



SSL certificate Class Type* Multi-Domain DCV**
Comodo Essential SSL COMODO_ESSENTIALSSL DV - EMAIL,DNSZONE,URL
Comodo Essential SSL Wildcard COMODO_ESSENTIALSSL_WILDCARD DV - EMAIL,DNSZONE,URL
Comodo EV SSL COMODO_SSL_EV EV - EMAIL
Comodo Instant SSL COMODO_INSTANTSSL OV - EMAIL
Comodo Instant SSL Premium COMODO_INSTANTSSL_PREMIUM OV - EMAIL
Comodo Positive SSL COMODO_POSITIVESSL DV - EMAIL,DNSZONE,URL
Comodo Premium SSL Wildcard COMODO_PREMIUMSSL_WILDCARD OV wildcard EMAIL
Comodo SSL COMODO_SSL DV - EMAIL,DNSZONE,URL
Comodo SSL Wildcard COMODO_SSL_WILDCARD DV wildcard EMAIL,DNSZONE,URL
 
GeoTrust QuickSSL GEOTRUST_QUICKSSL DV - EMAIL,DNSZONE,URL
GeoTrust QuickSSL Premium GEOTRUST_QUICKSSLPREMIUM DV - EMAIL,DNSZONE,URL
GeoTrust QuickSSL Premium SAN Package GEOTRUST_QUICKSSLPREMIUM_SAN DV 4 subdomains EMAIL,DNSZONE,URL
GeoTrust Rapid SSL GEOTRUST_RAPIDSSL DV - EMAIL,DNSZONE,URL
GeoTrust Rapid SSL Wildcard GEOTRUST_RAPIDSSL_WILDCARD DV wildcard EMAIL,DNSZONE,URL
GeoTrust TrueBusinessID GEOTRUST_TRUEBIZID OV - EMAIL
GeoTrust TrueBusinessID SAN Package GEOTRUST_TRUEBIZID_SAN OV 4-100 domains EMAIL
GeoTrust TrueBusinessID EV GEOTRUST_TRUEBIZID_EV EV - EMAIL
GeoTrust TrueBusinessID EV SAN Package GEOTRUST_TRUEBIZID_EV_SAN EV 4-100 domains EMAIL
GeoTrust TrueBusinessID Wildcard GEOTRUST_TRUEBIZID_WILDCARD OV wildcard EMAIL
 
Symantec Secure Site SYMANTEC_SECURESITE OV up to 24 domains EMAIL
Symantec Secure Site EV SYMANTEC_SECURESITE_EV EV up to 24 domains EMAIL
Symantec Secure Site Pro SYMANTEC_SECURESITE_PRO OV up to 24 domains EMAIL
Symantec Secure Site Pro EV SYMANTEC_SECURESITE_PRO_EV EV up to 24 domains EMAIL
 
thawte SSL 123 THAWTE_SSL123 DV - EMAIL,DNSZONE,URL
thawte SSL Webserver THAWTE_SSLWEBSERVER OV up to 24 domains EMAIL
thawte SSL Webserver EV THAWTE_SSLWEBSERVER_EV EV up to 24 domains EMAIL
thawte SSL Webserver Wildcard THAWTE_SSLWEBSERVER_WILDCARD OV wildcard EMAIL
 
Trustwave Domain-vetted SSL TRUSTWAVE_DOMAINVETTEDSSL DV - EMAIL
Trustwave Premium SSL TRUSTWAVE_PREMIUMSSL OV - EMAIL
Trustwave Premium SSL SAN Package TRUSTWAVE_PREMIUMSSL_SAN OV 5 domains EMAIL
Trustwave Premium SSL EV TRUSTWAVE_PREMIUMSSL_EV EV - EMAIL
Trustwave Premium SSL EV SAN Package TRUSTWAVE_PREMIUMSSL_EV_SAN EV 5 domains EMAIL
Trustwave Premium SSL Wildcard TRUSTWAVE_PREMIUMSSL_WILDCARD OV wildcard EMAIL

* DV=Domain validated SSL certificate
OV=Organization validated SSL certificate
EV=Extended validation SSL certificate

** DCV=Domain Control Validation

Order certificate providing the domain name only
The contact data is looked up in the WHOIS. The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
EOF


Order certificate with your own CSR
The domain is retrieved from the provided CSR. The contact data is looked up in the WHOIS.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
csr0 = -----BEGIN CERTIFICATE REQUEST-----
csr1 = ...
...

EOF


Order certificate with contact handles
The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0 = <CONTACT>
admincontact0 = <CONTACT>
techcontact0 =< CONTACT>
billingcontact0 = <CONTACT>
EOF


Order certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
validation0 = DNSZONE
EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[VALIDATIONDNSRR][0] = abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
EOF


Order certificate and have it validated automatically
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
validation0 = DNSZONE
internaldns = 1
EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[VALIDATIONDNSRR][0] = abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
PROPERTY[INTERNALDNS][0] = 1
EOF


Order certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
validation0 = URL
EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[VALIDATIONURL][0] = http://<DOMAIN>/abcde01234.txt
PROPERTY[VALIDATIONURLCONTENT][0] = vwxyz56789
EOF


Order certificate using EMAIL validation and specifying explicitly the validation email addresses
By default, ownercontact0email is used as validation email address. Different validation email addresses can be specified by using the command parameter validationemail[0-N]. This is particularly useful when a multi domain certificate is ordered.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = example1.com
domain1 = example2.com
validationemail0 = [email protected]
validationemail1 = [email protected]
EOF


Order certificate specifying explicitly what contact data to put into the CSR
The private key and CSR are created automatically using the contact data provided in csrcontact0.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0 = <CONTACT>
admincontact0 = <CONTACT>
techcontact0 = <CONTACT>
billingcontact0 = <CONTACT>
csrcontact0 = <CONTACT>
EOF


Order certificate with plain contact data
This works just like for domain commands. The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0organization = <TEXT> | <NULL>
ownercontact0firstname = <TEXT> | <NULL>
ownercontact0lastname = <TEXT> | <NULL>
ownercontact0street = <TEXT> | <NULL>
ownercontact0city = <TEXT> | <NULL>
ownercontact0state = <TEXT> | <NULL>
ownercontact0zip = <TEXT> | <NULL>
ownercontact0country = <TEXT> | <NULL>
ownercontact0phone = <TEXT> | <NULL>
ownercontact0fax = <TEXT> | <NULL>
ownercontact0email = <TEXT> | <NULL>
ownercontact0title = <TEXT> | <NULL>
EOF


Order certificate with your own private key
The CSR is created automatically using the provided private key.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0 = <CONTACT>
admincontact0 = <CONTACT>
techcontact0 = <CONTACT>
billingcontact0 = <CONTACT>
pem0 = -----BEGIN RSA PRIVATE KEY-----
pem1 = ...
...

EOF


All parameters

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
period = <INT>

domain# = <DOMAIN>
validation# = EMAIL | DNSZONE | URL
validationemail# = <EMAIL>

internaldns = 0 | 1

csr# = <TEXT>
pem# = <TEXT>

keylength = <INT>

ownercontact0 = <CONTACT>
ownercontact0organization = <TEXT>
ownercontact0firstname = <TEXT>
ownercontact0lastname = <TEXT>
ownercontact0street = <TEXT>
ownercontact0city = <TEXT>
ownercontact0state = <TEXT>
ownercontact0zip = <TEXT>
ownercontact0country = <TEXT>
ownercontact0phone = <TEXT>
ownercontact0fax = <TEXT>
ownercontact0email = <TEXT>
ownercontact0title = <TEXT>

admincontact0 = <CONTACT>
admincontact0organization = <TEXT>
admincontact0firstname = <TEXT>
admincontact0lastname = <TEXT>
admincontact0street = <TEXT>
admincontact0city = <TEXT>
admincontact0state = <TEXT>
admincontact0zip = <TEXT>
admincontact0country = <TEXT>
admincontact0phone = <TEXT>
admincontact0fax = <TEXT>
admincontact0email = <TEXT>
admincontact0title = <TEXT>

techcontact0 = <CONTACT>
techcontact0organization = <TEXT>
techcontact0firstname = <TEXT>
techcontact0lastname = <TEXT>
techcontact0street = <TEXT>
techcontact0city = <TEXT>
techcontact0state = <TEXT>
techcontact0zip = <TEXT>
techcontact0country = <TEXT>
techcontact0phone = <TEXT>
techcontact0fax = <TEXT>
techcontact0email = <TEXT>
techcontact0title = <TEXT>

billingcontact0 = <CONTACT>
billingcontact0organization = <TEXT>
billingcontact0firstname = <TEXT>
billingcontact0lastname = <TEXT>
billingcontact0street = <TEXT>
billingcontact0city = <TEXT>
billingcontact0state = <TEXT>
billingcontact0zip = <TEXT>
billingcontact0country = <TEXT>
billingcontact0phone = <TEXT>
billingcontact0fax = <TEXT>
billingcontact0email = <TEXT>
billingcontact0title = <TEXT>

csrcontact0 = <CONTACT>
csrcontact0organization = <TEXT>
csrcontact0firstname = <TEXT>
csrcontact0lastname = <TEXT>
csrcontact0street = <TEXT>
csrcontact0city = <TEXT>
csrcontact0state = <TEXT>
csrcontact0zip = <TEXT>
csrcontact0country = <TEXT>
csrcontact0phone = <TEXT>
csrcontact0fax = <TEXT>
csrcontact0email = <TEXT>
csrcontact0title = <TEXT>

EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[SSLCERTID][0] = <SSLCERTID>
PROPERTY[SSLCERTCLASS][0] = <CLASS>
PROPERTY[STATUS][0] = REQUESTEDCREATE
PROPERTY[CREATEDDATE][0] = <DATE>
PROPERTY[REGISTRATIONEXPIRATIONDATE][0] = <DATE>

PROPERTY[DOMAIN][0] = <DOMAIN>
PROPERTY[DOMAIN][1] = <DOMAIN>
...

PROPERTY[VALIDATION][0] = EMAIL|DNSZONE|URL
PROPERTY[VALIDATION][1] = EMAIL|DNSZONE|URL
...

PROPERTY[VALIDATIONEMAIL][0] = <EMAIL>
PROPERTY[VALIDATIONEMAIL][1] = <EMAIL>
...

PROPERTY[VALIDATIONDNSRR][0] = <TEXT>
PROPERTY[VALIDATIONDNSRR][1] = <TEXT>
...

PROPERTY[VALIDATIONURL][0] = <TEXT>
PROPERTY[VALIDATIONURL][1] = <TEXT>
...

PROPERTY[VALIDATIONURLCONTENT][0] = <TEXT>
PROPERTY[VALIDATIONURLCONTENT][1] = <TEXT>
...

PROPERTY[INTERNALDNS][0] = 0 | 1

PROPERTY[CSR][0] = -----BEGIN CERTIFICATE REQUEST-----
PROPERTY[CSR][1] = ...
...

PROPERTY[PEM][0] = -----BEGIN RSA PRIVATE KEY-----
PROPERTY[PEM][1] = ...
...

PROPERTY[KEYLENGTH][0] = <INT>

PROPERTY[OWNERCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[OWNERCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[OWNERCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[OWNERCONTACT0STREET][0] = <TEXT>
PROPERTY[OWNERCONTACT0CITY][0] = <TEXT>
PROPERTY[OWNERCONTACT0STATE][0] = <TEXT>
PROPERTY[OWNERCONTACT0ZIP][0] = <TEXT>
PROPERTY[OWNERCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[OWNERCONTACT0PHONE][0] = <TEXT>
PROPERTY[OWNERCONTACT0FAX][0] = <TEXT>
PROPERTY[OWNERCONTACT0EMAIL][0] = <TEXT>
PROPERTY[OWNERCONTACT0TITLE][0] = <TEXT>

PROPERTY[ADMINCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[ADMINCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[ADMINCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[ADMINCONTACT0STREET][0] = <TEXT>
PROPERTY[ADMINCONTACT0CITY][0] = <TEXT>
PROPERTY[ADMINCONTACT0STATE][0] = <TEXT>
PROPERTY[ADMINCONTACT0ZIP][0] = <TEXT>
PROPERTY[ADMINCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[ADMINCONTACT0PHONE][0] = <TEXT>
PROPERTY[ADMINCONTACT0FAX][0] = <TEXT>
PROPERTY[ADMINCONTACT0EMAIL][0] = <TEXT>
PROPERTY[ADMINCONTACT0TITLE][0] = <TEXT>

PROPERTY[TECHCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[TECHCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[TECHCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[TECHCONTACT0STREET][0] = <TEXT>
PROPERTY[TECHCONTACT0CITY][0] = <TEXT>
PROPERTY[TECHCONTACT0STATE][0] = <TEXT>
PROPERTY[TECHCONTACT0ZIP][0] = <TEXT>
PROPERTY[TECHCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[TECHCONTACT0PHONE][0] = <TEXT>
PROPERTY[TECHCONTACT0FAX][0] = <TEXT>
PROPERTY[TECHCONTACT0EMAIL][0] = <TEXT>
PROPERTY[TECHCONTACT0TITLE][0] = <TEXT>

PROPERTY[BILLINGCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[BILLINGCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[BILLINGCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[BILLINGCONTACT0STREET][0] = <TEXT>
PROPERTY[BILLINGCONTACT0CITY][0] = <TEXT>
PROPERTY[BILLINGCONTACT0STATE][0] = <TEXT>
PROPERTY[BILLINGCONTACT0ZIP][0] = <TEXT>
PROPERTY[BILLINGCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[BILLINGCONTACT0PHONE][0] = <TEXT>
PROPERTY[BILLINGCONTACT0FAX][0] = <TEXT>
PROPERTY[BILLINGCONTACT0EMAIL][0] = <TEXT>
PROPERTY[BILLINGCONTACT0TITLE][0] = <TEXT>

PROPERTY[CSRCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[CSRCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[CSRCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[CSRCONTACT0STREET][0] = <TEXT>
PROPERTY[CSRCONTACT0CITY][0] = <TEXT>
PROPERTY[CSRCONTACT0STATE][0] = <TEXT>
PROPERTY[CSRCONTACT0ZIP][0] = <TEXT>
PROPERTY[CSRCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[CSRCONTACT0PHONE][0] = <TEXT>
PROPERTY[CSRCONTACT0FAX][0] = <TEXT>
PROPERTY[CSRCONTACT0EMAIL][0] = <TEXT>
PROPERTY[CSRCONTACT0TITLE][0] = <TEXT>

EOF


Order certificate providing the domain name only
The contact data is looked up in the WHOIS. The private key and CSR are created automatically.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
      </keyvalue:extension>   
   </extension>   
</epp>


Order certificate with your own CSR
The domain is retrieved from the provided CSR. The contact data is looked up in the WHOIS.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...
      </keyvalue:extension>
   </extension>
</epp>


Order certificate with contact handles
The private key and CSR are created automatically.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
      </keyvalue:extension>
   </extension>
</epp>


Order certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Order certificate and have it validated automatically
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
         <keyvalue:kv key='INTERNALDNS' value='1' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
      <keyvalue:kv key="INTERNALDNS" value="1"/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Order certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='VALIDATION0' value='URL' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="VALIDATIONURL" value="http://<DOMAIN>/abcde01234.txt"/>
      <keyvalue:kv key="VALIDATIONURLCONTENT" value="vwxyz56789"/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Order certificate using EMAIL validation and specifying explicitly the validation email addresses
By default, ownercontact0email is used as validation email address. Different validation email addresses can be specified by using the command parameter validationemail[0-N]. This is particularly useful when a multi domain certificate is ordered.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='example1.com' />
         <keyvalue:kv key='DOMAIN1' value='example2.com' />
         <keyvalue:kv key='VALIDATIONEMAIL0' value='[email protected]' />
         <keyvalue:kv key='VALIDATIONEMAIL1' value='[email protected]' />
      </keyvalue:extension>   
   </extension>   
</epp>


Order certificate specifying explicitly what contact data to put into the CSR
The private key and CSR are created automatically using the contact data provided in csrcontact0.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' />
      </keyvalue:extension>
   </extension>
</epp>


Order certificate with plain contact data
This works just like for domain commands. The private key and CSR are created automatically.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' />
         <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' />
         <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' />
         <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' />
         <keyvalue:kv key='OWNERCONTACT0CITY' value='City' />
         <keyvalue:kv key='OWNERCONTACT0STATE' value='State' />
         <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' />
         <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' />
         <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' />
         <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' />
         <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' />
         <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' />
      </keyvalue:extension>
   </extension>
</epp>


Order certificate with your own private key
The CSR is created automatically using the provided private key.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
         <keyvalue:kv key='PEM1' value='...' />
         ...
      </keyvalue:extension>
   </extension>
</epp>


All parameters

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   

         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='PERIOD' value='<INT>' />

         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
         ...

         <keyvalue:kv key='VALIDATION0' value='EMAIL | DNSZONE | URL' />
         <keyvalue:kv key='VALIDATION1' value='EMAIL | DNSZONE | URL' />
         ...

         <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' />
         <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
         ...

         <keyvalue:kv key='INTERNALDNS' value='0 | 1' />


         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...

         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
         <keyvalue:kv key='PEM1' value='...' />
         ...

         <keyvalue:kv key='KEYLENGTH' value='<INT>' />

         <keyvalue:kv key='ownercontact0' value='<CONTACT>' />
         <keyvalue:kv key='ownercontact0organization' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0street' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0city' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0state' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0zip' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0country' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0phone' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0fax' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0email' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0title' value='<TEXT>' />

         <keyvalue:kv key='admincontact0' value='<CONTACT>' />
         <keyvalue:kv key='admincontact0organization' value='<TEXT>' />
         <keyvalue:kv key='admincontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='admincontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='admincontact0street' value='<TEXT>' />
         <keyvalue:kv key='admincontact0city' value='<TEXT>' />
         <keyvalue:kv key='admincontact0state' value='<TEXT>' />
         <keyvalue:kv key='admincontact0zip' value='<TEXT>' />
         <keyvalue:kv key='admincontact0country' value='<TEXT>' />
         <keyvalue:kv key='admincontact0phone' value='<TEXT>' />
         <keyvalue:kv key='admincontact0fax' value='<TEXT>' />
         <keyvalue:kv key='admincontact0email' value='<TEXT>' />
         <keyvalue:kv key='admincontact0title' value='<TEXT>' />

         <keyvalue:kv key='techcontact0' value='<CONTACT>' />
         <keyvalue:kv key='techcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='techcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='techcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='techcontact0street' value='<TEXT>' />
         <keyvalue:kv key='techcontact0city' value='<TEXT>' />
         <keyvalue:kv key='techcontact0state' value='<TEXT>' />
         <keyvalue:kv key='techcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='techcontact0country' value='<TEXT>' />
         <keyvalue:kv key='techcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='techcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='techcontact0email' value='<TEXT>' />
         <keyvalue:kv key='techcontact0title' value='<TEXT>' />

         <keyvalue:kv key='billingcontact0' value='<CONTACT>' />
         <keyvalue:kv key='billingcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0street' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0city' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0state' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0country' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0email' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0title' value='<TEXT>' />

         <keyvalue:kv key='csrcontact0' value='<CONTACT>' />
         <keyvalue:kv key='csrcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0street' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0city' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0state' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0country' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0email' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0title' value='<TEXT>' />

      </keyvalue:extension>
   </extension>
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">

      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
      <keyvalue:kv key='STATUS' value='REQUESTEDCREATE' />
      <keyvalue:kv key='CREATEDDATE' value='<DATE>' />
      <keyvalue:kv key='REGISTRATIONEXPIRATIONDATE' value='<DATE>' />

      <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />
      <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
      ...

      <keyvalue:kv key='VALIDATION' value='EMAIL|DNSZONE|URL' />
      <keyvalue:kv key='VALIDATION1' value='EMAIL|DNSZONE|URL' />
      ...

      <keyvalue:kv key='VALIDATIONEMAIL' value='<EMAIL>' />
      <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
      ...

      <keyvalue:kv key='VALIDATIONDNSRR' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONDNSRR1' value='<TEXT>' />
      ...

      <keyvalue:kv key='VALIDATIONURL' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONURL1' value='<TEXT>' />
      ...

      <keyvalue:kv key='VALIDATIONURLCONTENT' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONURLCONTENT1' value='<TEXT>' />
      ...

      <keyvalue:kv key='INTERNALDNS' value='0 | 1' />

      <keyvalue:kv key='CSR' value='-----BEGIN CERTIFICATE REQUEST-----' />
      <keyvalue:kv key='CSR1' value='...' />
      ...

      <keyvalue:kv key='PEM' value='-----BEGIN RSA PRIVATE KEY-----' />
      <keyvalue:kv key='PEM1' value='...' />
      ...

      <keyvalue:kv key='KEYLENGTH' value='<INT>' />

      <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='ADMINCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='TECHCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='BILLINGCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='CSRCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0TITLE' value='<TEXT>' />

    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>

Renew certificate
When no additional command parameters are provided, the current data is used for the certificate renewal: CSR, contact information, validation methods, validation email addresses, internaldns

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
EOF


Renew certificate with new contact data
When new contact data is provided, it will be used for the certificate renewal. Note that you have to provide all contact data for all contacts, not just the data that has changed. Also note that the current CSR will be re-used even if contact data has changed that is part of the CSR. See below to learn how to have a new CSR created.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0 = <CONTACT>
admincontact0 = <CONTACT>
techcontact0 = <CONTACT>
billingcontact0 = <CONTACT>
EOF


Renew certificate with new contact data and a newly created CSR (current private key)
In order have a new CSR created, use the command parameter createcsr=1. The current private key associated with the certificate is used for this (unless a new one is created or provided, see below). If no private key is associated with the certificate, the command will fail. Also be reminded that if the certificate is associated with a csrcontact0, its contact data is the relevant data for the CSR creation and must also be updated.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0 = <CONTACT>
admincontact0 = <CONTACT>
techcontact0 = <CONTACT>
billingcontact0 = <CONTACT>
createcsr = 1
EOF


Renew certificate with new contact data and a newly created CSR (newly created private key)
In order have a new private key and a new CSR created, use the command parameter createprivatekey=1.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0 = <CONTACT>
admincontact0 = <CONTACT>
techcontact0 = <CONTACT>
billingcontact0 = <CONTACT>
createprivatekey = 1
EOF


Renew certificate with new contact data and a newly created CSR (provided private key)
This will create a new CSR using the provided private key.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0 = <CONTACT>
admincontact0 = <CONTACT>
techcontact0 = <CONTACT>
billingcontact0 = <CONTACT>
pem0 = -----BEGIN RSA PRIVATE KEY-----
pem1 = ...
...

EOF


Renew certificate with your own new CSR

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
csr0 = -----BEGIN CERTIFICATE REQUEST-----
csr1 = ...
...

EOF


Renew certificate choosing a different validation method
By default, the validation method chosen previously (when the certificate was created or renewed last time) will be used for the renewal. In order to specify a different validation method, the command parameter validation0 must be used.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
validation0 = EMAIL
EOF


Renew certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
validation0 = DNSZONE
EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[SSLCERTID][0] = <SSLCERTID>
PROPERTY[VALIDATIONDNSRR][0] = abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
EOF


Renew certificate and have it validated automatically
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
validation0 = DNSZONE
internaldns = 1
EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[SSLCERTID][0] = <SSLCERTID>
PROPERTY[VALIDATIONDNSRR][0] = abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
PROPERTY[INTERNALDNS][0] = 1
EOF


Renew certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
validation0 = URL
EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[SSLCERTID][0] = <SSLCERTID>
PROPERTY[VALIDATIONURL][0] = http://<DOMAIN>/abcde01234.txt
PROPERTY[VALIDATIONURLCONTENT][0] = vwxyz56789
EOF


Renew certificate using EMAIL validation and specifying explicitly the validation email address
If a specific validation email address (different from ownercontact0email) was used previously (when the certificate was created or renewed last time) it will be used again for the certificate renewal. In order to choose a different email address, the command parameter validationemail0 must be used.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
validation0 = EMAIL
validationemail0 = <EMAIL>
EOF


Renew certificate with new plain contact data

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0organization = <TEXT> | <NULL>
ownercontact0firstname = <TEXT> | <NULL>
ownercontact0lastname = <TEXT> | <NULL>
ownercontact0street = <TEXT> | <NULL>
ownercontact0city = <TEXT> | <NULL>
ownercontact0state = <TEXT> | <NULL>
ownercontact0zip = <TEXT> | <NULL>
ownercontact0country = <TEXT> | <NULL>
ownercontact0phone = <TEXT> | <NULL>
ownercontact0fax = <TEXT> | <NULL>
ownercontact0email = <TEXT> | <NULL>
ownercontact0title = <TEXT> | <NULL>
EOF


All parameters

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
period = <INT>

domain# = <DOMAIN>
validation# = EMAIL | DNSZONE | URL
validationemail# = <EMAIL>

internaldns = 0 | 1

csr# = <TEXT>
createcsr = 0 | 1

pem# = <TEXT>
createprivatekey = 0 | 1

keylength = <INT>

ownercontact0 = <CONTACT>
ownercontact0organization = <TEXT>
ownercontact0firstname = <TEXT>
ownercontact0lastname = <TEXT>
ownercontact0street = <TEXT>
ownercontact0city = <TEXT>
ownercontact0state = <TEXT>
ownercontact0zip = <TEXT>
ownercontact0country = <TEXT>
ownercontact0phone = <TEXT>
ownercontact0fax = <TEXT>
ownercontact0email = <TEXT>
ownercontact0title = <TEXT>

admincontact0 = <CONTACT>
admincontact0organization = <TEXT>
admincontact0firstname = <TEXT>
admincontact0lastname = <TEXT>
admincontact0street = <TEXT>
admincontact0city = <TEXT>
admincontact0state = <TEXT>
admincontact0zip = <TEXT>
admincontact0country = <TEXT>
admincontact0phone = <TEXT>
admincontact0fax = <TEXT>
admincontact0email = <TEXT>
admincontact0title = <TEXT>

techcontact0 = <CONTACT>
techcontact0organization = <TEXT>
techcontact0firstname = <TEXT>
techcontact0lastname = <TEXT>
techcontact0street = <TEXT>
techcontact0city = <TEXT>
techcontact0state = <TEXT>
techcontact0zip = <TEXT>
techcontact0country = <TEXT>
techcontact0phone = <TEXT>
techcontact0fax = <TEXT>
techcontact0email = <TEXT>
techcontact0title = <TEXT>

billingcontact0 = <CONTACT>
billingcontact0organization = <TEXT>
billingcontact0firstname = <TEXT>
billingcontact0lastname = <TEXT>
billingcontact0street = <TEXT>
billingcontact0city = <TEXT>
billingcontact0state = <TEXT>
billingcontact0zip = <TEXT>
billingcontact0country = <TEXT>
billingcontact0phone = <TEXT>
billingcontact0fax = <TEXT>
billingcontact0email = <TEXT>
billingcontact0title = <TEXT>

csrcontact0 = <CONTACT>
csrcontact0organization = <TEXT>
csrcontact0firstname = <TEXT>
csrcontact0lastname = <TEXT>
csrcontact0street = <TEXT>
csrcontact0city = <TEXT>
csrcontact0state = <TEXT>
csrcontact0zip = <TEXT>
csrcontact0country = <TEXT>
csrcontact0phone = <TEXT>
csrcontact0fax = <TEXT>
csrcontact0email = <TEXT>
csrcontact0title = <TEXT>

EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[SSLCERTID][0] = <SSLCERTID>
PROPERTY[SSLCERTCLASS][0] = <CLASS>
PROPERTY[STATUS][0] = REQUESTEDCREATE
PROPERTY[CREATEDDATE][0] = <DATE>
PROPERTY[REGISTRATIONEXPIRATIONDATE][0] = <DATE>

PROPERTY[DOMAIN][0] = <DOMAIN>
PROPERTY[DOMAIN][1] = <DOMAIN>
...

PROPERTY[VALIDATION][0] = EMAIL|DNSZONE|URL
PROPERTY[VALIDATION][1] = EMAIL|DNSZONE|URL
...

PROPERTY[VALIDATIONEMAIL][0] = <EMAIL>
PROPERTY[VALIDATIONEMAIL][1] = <EMAIL>
...

PROPERTY[VALIDATIONDNSRR][0] = <TEXT>
PROPERTY[VALIDATIONDNSRR][1] = <TEXT>
...

PROPERTY[VALIDATIONURL][0] = <TEXT>
PROPERTY[VALIDATIONURL][1] = <TEXT>
...

PROPERTY[VALIDATIONURLCONTENT][0] = <TEXT>
PROPERTY[VALIDATIONURLCONTENT][1] = <TEXT>
...

PROPERTY[INTERNALDNS][0] = 0 | 1

PROPERTY[CSR][0] = -----BEGIN CERTIFICATE REQUEST-----
PROPERTY[CSR][1] = ...
...

PROPERTY[PEM][0] = -----BEGIN RSA PRIVATE KEY-----
PROPERTY[PEM][1] = ...
...

PROPERTY[KEYLENGTH][0] = <INT>

PROPERTY[OWNERCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[OWNERCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[OWNERCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[OWNERCONTACT0STREET][0] = <TEXT>
PROPERTY[OWNERCONTACT0CITY][0] = <TEXT>
PROPERTY[OWNERCONTACT0STATE][0] = <TEXT>
PROPERTY[OWNERCONTACT0ZIP][0] = <TEXT>
PROPERTY[OWNERCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[OWNERCONTACT0PHONE][0] = <TEXT>
PROPERTY[OWNERCONTACT0FAX][0] = <TEXT>
PROPERTY[OWNERCONTACT0EMAIL][0] = <TEXT>
PROPERTY[OWNERCONTACT0TITLE][0] = <TEXT>

PROPERTY[ADMINCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[ADMINCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[ADMINCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[ADMINCONTACT0STREET][0] = <TEXT>
PROPERTY[ADMINCONTACT0CITY][0] = <TEXT>
PROPERTY[ADMINCONTACT0STATE][0] = <TEXT>
PROPERTY[ADMINCONTACT0ZIP][0] = <TEXT>
PROPERTY[ADMINCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[ADMINCONTACT0PHONE][0] = <TEXT>
PROPERTY[ADMINCONTACT0FAX][0] = <TEXT>
PROPERTY[ADMINCONTACT0EMAIL][0] = <TEXT>
PROPERTY[ADMINCONTACT0TITLE][0] = <TEXT>

PROPERTY[TECHCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[TECHCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[TECHCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[TECHCONTACT0STREET][0] = <TEXT>
PROPERTY[TECHCONTACT0CITY][0] = <TEXT>
PROPERTY[TECHCONTACT0STATE][0] = <TEXT>
PROPERTY[TECHCONTACT0ZIP][0] = <TEXT>
PROPERTY[TECHCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[TECHCONTACT0PHONE][0] = <TEXT>
PROPERTY[TECHCONTACT0FAX][0] = <TEXT>
PROPERTY[TECHCONTACT0EMAIL][0] = <TEXT>
PROPERTY[TECHCONTACT0TITLE][0] = <TEXT>

PROPERTY[BILLINGCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[BILLINGCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[BILLINGCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[BILLINGCONTACT0STREET][0] = <TEXT>
PROPERTY[BILLINGCONTACT0CITY][0] = <TEXT>
PROPERTY[BILLINGCONTACT0STATE][0] = <TEXT>
PROPERTY[BILLINGCONTACT0ZIP][0] = <TEXT>
PROPERTY[BILLINGCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[BILLINGCONTACT0PHONE][0] = <TEXT>
PROPERTY[BILLINGCONTACT0FAX][0] = <TEXT>
PROPERTY[BILLINGCONTACT0EMAIL][0] = <TEXT>
PROPERTY[BILLINGCONTACT0TITLE][0] = <TEXT>

PROPERTY[CSRCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[CSRCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[CSRCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[CSRCONTACT0STREET][0] = <TEXT>
PROPERTY[CSRCONTACT0CITY][0] = <TEXT>
PROPERTY[CSRCONTACT0STATE][0] = <TEXT>
PROPERTY[CSRCONTACT0ZIP][0] = <TEXT>
PROPERTY[CSRCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[CSRCONTACT0PHONE][0] = <TEXT>
PROPERTY[CSRCONTACT0FAX][0] = <TEXT>
PROPERTY[CSRCONTACT0EMAIL][0] = <TEXT>
PROPERTY[CSRCONTACT0TITLE][0] = <TEXT>

EOF


Renew certificate
When no additional command parameters are provided, the current data is used for the certificate renewal: CSR, contact information, validation methods, validation email addresses, internaldns

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
      </keyvalue:extension>   
   </extension>   
</epp>


Renew certificate with new contact data
When new contact data is provided, it will be used for the certificate renewal. Note that you have to provide all contact data for all contacts, not just the data that has changed. Also note that the current CSR will be re-used even if contact data has changed that is part of the CSR. See below to learn how to have a new CSR created.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate with new contact data and a newly created CSR (current private key)
In order have a new CSR created, use the command parameter createcsr=1. The current private key associated with the certificate is used for this (unless a new one is created or provided, see below). If no private key is associated with the certificate, the command will fail. Also be reminded that if the certificate is associated with a csrcontact0, its contact data is the relevant data for the CSR creation and must also be updated.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='CREATECSR' value='1' />
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate with new contact data and a newly created CSR (newly created private key)
In order have a new private key and a new CSR created, use the command parameter createprivatekey=1.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='CREATEPRIVATEKEY' value='1' />
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate with new contact data and a newly created CSR (provided private key)
This will create a new CSR using the provided private key.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
         <keyvalue:kv key='PEM1' value='...' />
         ...
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate with your own new CSR

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate choosing a different validation method
By default, the validation method chosen previously (when the certificate was created or renewed last time) will be used for the renewal. In order to specify a different validation method, the command parameter validation0 must be used.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='VALIDATION0' value='EMAIL' />
      </keyvalue:extension>   
   </extension>   
</epp>


Renew certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Renew certificate and have it validated automatically
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
         <keyvalue:kv key='INTERNALDNS' value='1' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Renew certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='VALIDATION0' value='URL' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key="VALIDATIONURL" value="http://<DOMAIN>/abcde01234.txt"/>
      <keyvalue:kv key="VALIDATIONURLCONTENT" value="vwxyz56789"/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Renew certificate using EMAIL validation and specifying explicitly the validation email address
If a specific validation email address (different from ownercontact0email) was used previously (when the certificate was created or renewed last time) it will be used again for the certificate renewal. In order to choose a different email address, the command parameter validationemail0 must be used.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='VALIDATION0' value='EMAIL' />
         <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' />
      </keyvalue:extension>   
   </extension>   
</epp>


Renew certificate with new plain contact data

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' />
         <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' />
         <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' />
         <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' />
         <keyvalue:kv key='OWNERCONTACT0CITY' value='City' />
         <keyvalue:kv key='OWNERCONTACT0STATE' value='State' />
         <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' />
         <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' />
         <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' />
         <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' />
         <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' />
         <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' />
      </keyvalue:extension>
   </extension>
</epp>


All parameters

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   

         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='PERIOD' value='<INT>' />

         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
         ...

         <keyvalue:kv key='VALIDATION0' value='EMAIL | DNSZONE | URL' />
         <keyvalue:kv key='VALIDATION1' value='EMAIL | DNSZONE | URL' />
         ...

         <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' />
         <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
         ...

         <keyvalue:kv key='INTERNALDNS' value='0 | 1' />

         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...

         <keyvalue:kv key='CREATECSR' value='0 | 1' />

         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
         <keyvalue:kv key='PEM1' value='...' />
         ...

         <keyvalue:kv key='CREATEPRIVATEKEY' value='0 | 1' />

         <keyvalue:kv key='KEYLENGTH' value='<INT>' />

         <keyvalue:kv key='ownercontact0' value='<CONTACT>' />
         <keyvalue:kv key='ownercontact0organization' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0street' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0city' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0state' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0zip' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0country' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0phone' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0fax' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0email' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0title' value='<TEXT>' />

         <keyvalue:kv key='admincontact0' value='<CONTACT>' />
         <keyvalue:kv key='admincontact0organization' value='<TEXT>' />
         <keyvalue:kv key='admincontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='admincontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='admincontact0street' value='<TEXT>' />
         <keyvalue:kv key='admincontact0city' value='<TEXT>' />
         <keyvalue:kv key='admincontact0state' value='<TEXT>' />
         <keyvalue:kv key='admincontact0zip' value='<TEXT>' />
         <keyvalue:kv key='admincontact0country' value='<TEXT>' />
         <keyvalue:kv key='admincontact0phone' value='<TEXT>' />
         <keyvalue:kv key='admincontact0fax' value='<TEXT>' />
         <keyvalue:kv key='admincontact0email' value='<TEXT>' />
         <keyvalue:kv key='admincontact0title' value='<TEXT>' />

         <keyvalue:kv key='techcontact0' value='<CONTACT>' />
         <keyvalue:kv key='techcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='techcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='techcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='techcontact0street' value='<TEXT>' />
         <keyvalue:kv key='techcontact0city' value='<TEXT>' />
         <keyvalue:kv key='techcontact0state' value='<TEXT>' />
         <keyvalue:kv key='techcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='techcontact0country' value='<TEXT>' />
         <keyvalue:kv key='techcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='techcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='techcontact0email' value='<TEXT>' />
         <keyvalue:kv key='techcontact0title' value='<TEXT>' />

         <keyvalue:kv key='billingcontact0' value='<CONTACT>' />
         <keyvalue:kv key='billingcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0street' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0city' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0state' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0country' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0email' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0title' value='<TEXT>' />

         <keyvalue:kv key='csrcontact0' value='<CONTACT>' />
         <keyvalue:kv key='csrcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0street' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0city' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0state' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0country' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0email' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0title' value='<TEXT>' />

      </keyvalue:extension>
   </extension>
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
      <keyvalue:kv key='STATUS' value='REQUESTEDCREATE' />
      <keyvalue:kv key='CREATEDDATE' value='<DATE>' />
      <keyvalue:kv key='REGISTRATIONEXPIRATIONDATE' value='<DATE>' />

      <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />
      <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
      ...

      <keyvalue:kv key='VALIDATION' value='EMAIL|DNSZONE|URL' />
      <keyvalue:kv key='VALIDATION1' value='EMAIL|DNSZONE|URL' />
      ...

      <keyvalue:kv key='VALIDATIONEMAIL' value='<EMAIL>' />
      <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
      ...

      <keyvalue:kv key='VALIDATIONDNSRR' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONDNSRR1' value='<TEXT>' />
      ...

      <keyvalue:kv key='VALIDATIONURL' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONURL1' value='<TEXT>' />
      ...

      <keyvalue:kv key='VALIDATIONURLCONTENT' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONURLCONTENT1' value='<TEXT>' />
      ...

      <keyvalue:kv key='INTERNALDNS' value='0 | 1' />

      <keyvalue:kv key='CSR' value='-----BEGIN CERTIFICATE REQUEST-----' />
      <keyvalue:kv key='CSR1' value='...' />
      ...

      <keyvalue:kv key='PEM' value='-----BEGIN RSA PRIVATE KEY-----' />
      <keyvalue:kv key='PEM1' value='...' />
      ...

      <keyvalue:kv key='KEYLENGTH' value='<INT>' />

      <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='ADMINCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='TECHCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='BILLINGCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='CSRCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0TITLE' value='<TEXT>' />

    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>

Parse CSR
Have a CSR checked.

[COMMAND]
command = ParseSSLCertCSR
csr# = <TEXT>
EOF


Resend validation email
Have another validation email send to the validation email address.

[COMMAND]
command = ResendSSLCertEmail
sslcertid = <SSLCERTID>
EOF


Request list of possible validation email addresses
Find out all possible validation email addresses for a certain certificate class and a certain domain name.

[COMMAND]
command = QuerySSLCertDCVEMailAddressList
sslcertclass = <CLASS>
domain = <DOMAIN>
EOF


Reissue SSL certificate
With this command you request to have an existing certificate replaced with a new one. This is useful when your private key got compromised, for example. A Reissue is free of charge, but note that you have to go through a validation process again.

[COMMAND]
command = ReissueSSLCert
sslcertid = <SSLCERTID>
csr# = <TEXT>
EOF


Revoke SSL certificate
With this command you request that your certificate is being nullified. This is appropriate when your private key got compromised.

[COMMAND]
command = RevokeSSLCert
sslcertid = <SSLCERTID>
EOF


Get status of SSL certificate order

[COMMAND]
command = StatusSSLCert
sslcertid = <SSLCERTID>
EOF


Status values:

ACTIVE - certificate successfully issued

REQUESTED / REQUESTEDCREATE - certificate has been requested at the certificate supplier

PENDING / PENDINGCREATE - certificate order has been successfully transmitted to the certificate supplier

FAILED - certificate order has failed

REPLACED - certificate has been replaced by a new certificate

REVOKED - certificate has been revoked

REQUESTEDRENEW - certificate renewal has been requested at the certificate supplier

PENDINGRENEW - certificate renewal request has been successfully transmitted to the certificate supplier

REQUESTEDREISSUE - re-issue has been requested at the certificate supplier

PENDINGREISSUE - re-issue request has been successfully transmitted to the certificate supplier

Parse CSR
Have a CSR checked.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='ParseSSLCertCSR' />   
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...
      </keyvalue:extension>   
   </extension>   
</epp>


Resend validation email
Have another validation email send to the validation email address.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='ResendSSLCertEmail' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
      </keyvalue:extension>   
   </extension>   
</epp>


Request list of possible validation email addresses
Find out all possible validation email addresses for a certain certificate class and a certain domain name.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='QuerySSLCertDCVEMailAddressList' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />   
      </keyvalue:extension>   
   </extension>   
</epp>


Reissue SSL certificate
With this command you request to have an existing certificate replaced with a new one. This is useful when your private key got compromised, for example. A Reissue is free of charge, but note that you have to go through a validation process again.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='ReissueSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...

      </keyvalue:extension>   
   </extension>   
</epp>


Revoke SSL certificate
With this command you request that your certificate is being nullified. This is appropriate when your private key got compromised.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RevokeSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
      </keyvalue:extension>   
   </extension>   
</epp>


Get status of SSL certificate order

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='StatusSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
      </keyvalue:extension>   
   </extension>   
</epp>


Status values:

ACTIVE - certificate successfully issued

REQUESTED / REQUESTEDCREATE - certificate has been requested at the certificate supplier

PENDING / PENDINGCREATE - certificate order has been successfully transmitted to the certificate supplier

FAILED - certificate order has failed

REPLACED - certificate has been replaced by a new certificate

REVOKED - certificate has been revoked

REQUESTEDRENEW - certificate renewal has been requested at the certificate supplier

PENDINGRENEW - certificate renewal request has been successfully transmitted to the certificate supplier

REQUESTEDREISSUE - re-issue has been requested at the certificate supplier

PENDINGREISSUE - re-issue request has been successfully transmitted to the certificate supplier

[edit] Additional information

How to create a CSR file

How to install an SSL certificate