From HEXONET Wiki
Line 230: | Line 230: | ||
</pre> | </pre> | ||
<br> | <br> | ||
− | '''Order certificate | + | '''Order certificate specifying explicitly what contact data to put into the CSR''' |
<br> | <br> | ||
The CSR is [[New_SSL_API_CSR_Creation|created automatically]] using the contact data provided in ''csrcontact0''. | The CSR is [[New_SSL_API_CSR_Creation|created automatically]] using the contact data provided in ''csrcontact0''. | ||
Line 297: | Line 297: | ||
sslcertclass = <CLASS> | sslcertclass = <CLASS> | ||
domain0 = <DOMAIN> | domain0 = <DOMAIN> | ||
− | validation0= | + | validation0=URL |
EOF | EOF | ||
</pre> | </pre> | ||
Line 680: | Line 680: | ||
</pre> | </pre> | ||
<br> | <br> | ||
− | '''Renew certificate specifying | + | '''Renew certificate specifying explicitly what contact data to put into the new CSR''' |
<br> | <br> | ||
The new CSR is [[New_SSL_API_CSR_Creation|created automatically]] using the contact data provided in ''csrcontact0''. Note that you have to set ''createprivatekey=1''. Otherwise the current CSR will still be used. | The new CSR is [[New_SSL_API_CSR_Creation|created automatically]] using the contact data provided in ''csrcontact0''. Note that you have to set ''createprivatekey=1''. Otherwise the current CSR will still be used. | ||
Line 757: | Line 757: | ||
EOF | EOF | ||
</pre> | </pre> | ||
− | = | + | = Renew certificate (EPP) = |
'''All new parameters''' | '''All new parameters''' | ||
<pre> | <pre> |
Revision as of 11:45, 18 April 2016
Why use the new SSL API?
With the new SSL API you can:
- Order SSL certificates without having to provide contact data - given the domain name, we will retrieve the required contact information from the WHOIS
- Order SSL certificates without having to create a CSR first - we take care of this for you
- Order SSL certificates using contact handles - just like in domain commands
- Use advanced validation methods - instead of confirming emails, you can prove that you have control over a domain by a simple DNS or web content modification
How to use the new SSL API?
You can do that right away. Just use the new command parameters described below.
- SSL certificates
- Order certificate (API)
- Order certificate (EPP)
- Renew certificate (API)
- Renew certificate (EPP)
SSL certificate | Type* | Multi-Domain | DCV** |
---|---|---|---|
COMODO_ESSENTIALSSL | DV | - | EMAIL,DNSZONE,URL |
COMODO_UCC | DV | 2-100 domains | EMAIL,DNSZONE,URL |
COMODO_INSTANTSSL | OV | - | EMAIL,DNSZONE,URL |
COMODO_INSTANTSSL_PRO | OV | - | EMAIL,DNSZONE,URL |
COMODO_PREMIUMSSL | OV | - | EMAIL,DNSZONE,URL |
COMODO_PREMIUMSSL_WILDCARD | OV | wildcard | EMAIL,DNSZONE,URL |
COMODO_EVSSL | EV | - | EMAIL,DNSZONE,URL |
GEOTRUST_QUICKSSLPREMIUM | DV | - | EMAIL,DNSZONE,URL |
GEOTRUST_RAPIDSSL | DV | - | EMAIL,DNSZONE,URL |
GEOTRUST_RAPIDSSL_WILDCARD | DV | wildcard | EMAIL,DNSZONE,URL |
SYMANTEC_SECURESITE | OV | - | |
SYMANTEC_SECURESITEPRO | OV | - | |
SYMANTEC_SECURESITEEV | EV | - | |
SYMANTEC_SECURESITEPROEV | EV | - | |
THAWTE_SSL123 | DV | - | EMAIL,DNSZONE,URL |
THAWTE_SSLWEBSERVER | OV | - | |
THAWTE_SSLWEBSERVER_WILDCARD | OV | wildcard | |
THAWTE_SSLWEBSERVEREV | EV | - |
* DV=Domain validated SSL certificate
OV=Organization validated SSL certificate
EV=Extended validation SSL certificate
** DCV=Domain Control Validation
All new parameters
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> period = <INT> ownercontact0 = <CONTACT> admincontact0 = <CONTACT> techcontact0 = <CONTACT> billingcontact0 = <CONTACT> csrcontact0 = <CONTACT> domain# = <DOMAIN> validation# = EMAIL | DNSZONE | URL validationemail# = <EMAIL> csr# = <TEXT> pem# = <TEXT> EOF
[RESPONSE] CODE=200 DESCRIPTION=Command completed successfully PROPERTY[SSLCERTID][0]=<SSLCERTID> PROPERTY[VALIDATIONDNSRR][0]=<TEXT> PROPERTY[VALIDATIONURL][0]=<TEXT> PROPERTY[VALIDATIONURLCONTENT][0]=<TEXT> EOF
Order certificate providing the domain name only
The contact data is looked up in the WHOIS. The private key and CSR are created automatically.
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> domain0 = <DOMAIN> EOF
Order certificate with contact handles
The private key and CSR are created automatically.
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> domain0 = <DOMAIN> ownercontact0=<CONTACT> admincontact0=<CONTACT> techcontact0=<CONTACT> billingcontact0=<CONTACT> EOF
Order certificate with your own CSR
The domain is retrieved from the provided CSR.
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> ownercontact0=<CONTACT> admincontact0=<CONTACT> techcontact0=<CONTACT> billingcontact0=<CONTACT> csr0 = -----BEGIN CERTIFICATE REQUEST----- csr1 = ... ... EOF
Order certificate with your own private key
The CSR is created automatically using the provided private key.
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> domain0 = <DOMAIN> ownercontact0=<CONTACT> admincontact0=<CONTACT> techcontact0=<CONTACT> billingcontact0=<CONTACT> pem0 = -----BEGIN RSA PRIVATE KEY----- pem1 = ... ... EOF
Order certificate specifying explicitly what contact data to put into the CSR
The CSR is created automatically using the contact data provided in csrcontact0.
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> domain0 = <DOMAIN> ownercontact0=<CONTACT> admincontact0=<CONTACT> techcontact0=<CONTACT> billingcontact0=<CONTACT> csrcontact0=<CONTACT> EOF
Order certificate with plain contact data
This works just like for domain commands.
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> domain0 = <DOMAIN> ownercontact0organization = <TEXT> | <NULL> ownercontact0firstname = <TEXT> | <NULL> ownercontact0lastname = <TEXT> | <NULL> ownercontact0street = <TEXT> | <NULL> ownercontact0city = <TEXT> | <NULL> ownercontact0state = <TEXT> | <NULL> ownercontact0zip = <TEXT> | <NULL> ownercontact0country = <TEXT> | <NULL> ownercontact0phone = <TEXT> | <NULL> ownercontact0fax = <TEXT> | <NULL> ownercontact0email = <TEXT> | <NULL> ownercontact0title = <TEXT> | <NULL> EOF
Order certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> domain0 = <DOMAIN> validation0=DNSZONE EOF
[RESPONSE] CODE=200 DESCRIPTION=Command completed successfully PROPERTY[SSLCERTID][0]=<SSLCERTID> PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>. EOF
Order certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
[COMMAND] command = CreateSSLCert sslcertclass = <CLASS> domain0 = <DOMAIN> validation0=URL EOF
[RESPONSE] CODE=200 DESCRIPTION=Command completed successfully PROPERTY[SSLCERTID][0]=<SSLCERTID> PROPERTY[VALIDATIONURL][0]=http://<DOMAIN>/abcde01234.txt PROPERTY[VALIDATIONURLCONTENT][0]=vwxyz56789 EOF
All new parameters
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='PERIOD' value='<INT>' /> <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' /> <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' /> ... <keyvalue:kv key='VALIDATION0' value='EMAIL | DNSZONE | URL' /> <keyvalue:kv key='VALIDATION1' value='EMAIL | DNSZONE | URL' /> ... <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' /> <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' /> ... <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' /> ... <keyvalue:kv key='CSR18' value='-----END CERTIFICATE REQUEST-----' /> <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' /> ... <keyvalue:kv key='PEM27' value='-----END RSA PRIVATE KEY-----' /> </keyvalue:extension> </extension> </epp>
RESPONSE:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <response> <result code="1001"> <msg>Command completed successfully; action pending</msg> <extValue> <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"> <epp:undef/> </value> <reason>200 Command completed successfully</reason> </extValue> </result> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/> <keyvalue:kv key="VALIDATIONDNSRR" value="<TEXT>"/> <keyvalue:kv key="VALIDATIONURL" value="<TEXT>"/> <keyvalue:kv key="VALIDATIONURLCONTENT" value="<TEXT>"/> </keyvalue:extension> </extension> <trID> <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID> </trID> </response> </epp>
Order certificate providing the domain name only
The contact data is looked up in the WHOIS. The private key and CSR are created automatically.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' /> </keyvalue:extension> </extension> </epp>
Order certificate with contact handles
The private key and CSR are created automatically.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' /> <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' /> </keyvalue:extension> </extension> </epp>
Order certificate with your own CSR
The domain is retrieved from the provided CSR.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' /> ... <keyvalue:kv key='CSR18' value='-----END CERTIFICATE REQUEST-----' /> </keyvalue:extension> </extension> </epp>
Order certificate with your own private key
The CSR is created automatically using the provided private key.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' /> ... <keyvalue:kv key='PEM27' value='-----END RSA PRIVATE KEY-----' /> </keyvalue:extension> </extension> </epp>
Order certificate where you tell us exactly what contact data to put into the CSR
The CSR is created automatically using the contact data provided in csrcontact0.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' /> <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' /> </keyvalue:extension> </extension> </epp>
Order certificate with plain contact data
This works just like for domain commands.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' /> <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' /> <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' /> <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' /> <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' /> <keyvalue:kv key='OWNERCONTACT0CITY' value='City' /> <keyvalue:kv key='OWNERCONTACT0STATE' value='State' /> <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' /> <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' /> <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' /> <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' /> <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' /> <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' /> </keyvalue:extension> </extension> </epp>
Order certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' /> <keyvalue:kv key='VALIDATION0' value='DNSZONE' /> </keyvalue:extension> </extension> </epp>
RESPONSE:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <response> <result code="1001"> <msg>Command completed successfully; action pending</msg> <extValue> <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"> <epp:undef/> </value> <reason>200 Command completed successfully</reason> </extValue> </result> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/> <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/> </keyvalue:extension> </extension> <trID> <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID> </trID> </response> </epp>
Order certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' /> <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' /> <keyvalue:kv key='VALIDATION0' value='URL' /> </keyvalue:extension> </extension> </epp>
RESPONSE:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <response> <result code="1001"> <msg>Command completed successfully; action pending</msg> <extValue> <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"> <epp:undef/> </value> <reason>200 Command completed successfully</reason> </extValue> </result> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/> <keyvalue:kv key="VALIDATIONURL" value="http://<DOMAIN>/abcde01234.txt"/> <keyvalue:kv key="VALIDATIONURLCONTENT" value="vwxyz56789"/> </keyvalue:extension> </extension> <trID> <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID> </trID> </response> </epp>
All new parameters
[COMMAND] command = CreateSSLCert sslcertid = <SSLCERTID> period = <INT> ownercontact0 = <CONTACT> admincontact0 = <CONTACT> techcontact0 = <CONTACT> billingcontact0 = <CONTACT> csrcontact0 = <CONTACT> validation# = EMAIL | DNSZONE | URL validationemail# = <EMAIL> csr# = <TEXT> pem# = <TEXT> createprivatekey = 0 | 1 EOF
[RESPONSE] CODE=200 DESCRIPTION=Command completed successfully PROPERTY[SSLCERTID][0]=<SSLCERTID> PROPERTY[VALIDATIONDNSRR][0]=<TEXT> PROPERTY[VALIDATIONURL][0]=<TEXT> PROPERTY[VALIDATIONURLCONTENT][0]=<TEXT> EOF
Renew certificate
When no additional command parameters are provided, the current data (CSR, contact information, validation methods, validation email addresses) is used for the certificate renewal.
[COMMAND] command = RenewSSLCert sslcertid = <SSLCERTID> EOF
Renew certificate with new contact data
When new contact data is provided, it will be used for the certificate renewal. Note that you have to set createprivatekey=1 if you want to have the private key and CSR created automatically using the new contact data. Otherwise the current CSR will be re-used.
[COMMAND] command = RenewSSLCert sslcertid = <SSLCERTID> ownercontact0=<CONTACT> admincontact0=<CONTACT> techcontact0=<CONTACT> billingcontact0=<CONTACT> createprivatekey=1 EOF
Renew certificate with your own new CSR
[COMMAND] command = RenewSSLCert sslcertid = <SSLCERTID> ownercontact0=<CONTACT> admincontact0=<CONTACT> techcontact0=<CONTACT> billingcontact0=<CONTACT> csr0 = -----BEGIN CERTIFICATE REQUEST----- csr1 = ... ... EOF
Renew certificate with your own new private key
The CSR is created automatically using the provided private key.
[COMMAND] command = RenewSSLCert sslcertid = <SSLCERTID> ownercontact0=<CONTACT> admincontact0=<CONTACT> techcontact0=<CONTACT> billingcontact0=<CONTACT> pem0 = -----BEGIN RSA PRIVATE KEY----- pem1 = ... ... EOF
Renew certificate specifying explicitly what contact data to put into the new CSR
The new CSR is created automatically using the contact data provided in csrcontact0. Note that you have to set createprivatekey=1. Otherwise the current CSR will still be used.
[COMMAND] command = RenewSSLCert sslcertid = <SSLCERTID> ownercontact0=<CONTACT> admincontact0=<CONTACT> techcontact0=<CONTACT> billingcontact0=<CONTACT> csrcontact0=<CONTACT> createprivatekey=1 EOF
Renew certificate with new plain contact data
This works just like for domain commands.
[COMMAND] command = RenewSSLCert sslcertid = <SSLCERTID> ownercontact0organization = <TEXT> | <NULL> ownercontact0firstname = <TEXT> | <NULL> ownercontact0lastname = <TEXT> | <NULL> ownercontact0street = <TEXT> | <NULL> ownercontact0city = <TEXT> | <NULL> ownercontact0state = <TEXT> | <NULL> ownercontact0zip = <TEXT> | <NULL> ownercontact0country = <TEXT> | <NULL> ownercontact0phone = <TEXT> | <NULL> ownercontact0fax = <TEXT> | <NULL> ownercontact0email = <TEXT> | <NULL> ownercontact0title = <TEXT> | <NULL> createprivatekey=1 EOF
Renew certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.
[COMMAND] command = RenewSSLCert sslcertid = <SSLCERTID> validation0=DNSZONE EOF
[RESPONSE] CODE=200 DESCRIPTION=Command completed successfully PROPERTY[SSLCERTID][0]=<SSLCERTID> PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>. EOF
Renew certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
[COMMAND] command = RenewSSLCert sslcertid = <SSLCERTID> validation0=URL EOF
[RESPONSE] CODE=200 DESCRIPTION=Command completed successfully PROPERTY[SSLCERTID][0]=<SSLCERTID> PROPERTY[VALIDATIONURL][0]=http://<DOMAIN>/abcde01234.txt PROPERTY[VALIDATIONURLCONTENT][0]=vwxyz56789 EOF
All new parameters
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> <keyvalue:kv key='PERIOD' value='<INT>' /> <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' /> <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' /> ... <keyvalue:kv key='VALIDATION0' value='EMAIL | DNSZONE | URL' /> <keyvalue:kv key='VALIDATION1' value='EMAIL | DNSZONE | URL' /> ... <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' /> <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' /> ... <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' /> ... <keyvalue:kv key='CSR18' value='-----END CERTIFICATE REQUEST-----' /> <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' /> ... <keyvalue:kv key='PEM27' value='-----END RSA PRIVATE KEY-----' /> <keyvalue:kv key='CREATEPRIVATEKEY' value='0 | 1' /> </keyvalue:extension> </extension> </epp>
RESPONSE:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <response> <result code="1001"> <msg>Command completed successfully; action pending</msg> <extValue> <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"> <epp:undef/> </value> <reason>200 Command completed successfully</reason> </extValue> </result> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/> <keyvalue:kv key="VALIDATIONDNSRR" value="<TEXT>"/> <keyvalue:kv key="VALIDATIONURL" value="<TEXT>"/> <keyvalue:kv key="VALIDATIONURLCONTENT" value="<TEXT>"/> </keyvalue:extension> </extension> <trID> <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID> </trID> </response> </epp>
Renew certificate
When no additional command parameters are provided, the current data (CSR, contact information, validation methods, validation email addresses) is used for the certificate renewal.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> </keyvalue:extension> </extension> </epp>
Renew certificate with new contact data
When new contact data is provided, it will be used for the certificate renewal. Note that you have to set createprivatekey=1 if you want to have the private key and CSR created automatically using the new contact data. Otherwise the current CSR will be re-used.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='CREATEPRIVATEKEY' value='1' /> </keyvalue:extension> </extension> </epp>
Renew certificate with your own new CSR
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='CreateSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' /> ... <keyvalue:kv key='CSR18' value='-----END CERTIFICATE REQUEST-----' /> </keyvalue:extension> </extension> </epp>
Renew certificate with your own new private key
The CSR is created automatically using the provided private key.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' /> ... <keyvalue:kv key='PEM27' value='-----END RSA PRIVATE KEY-----' /> </keyvalue:extension> </extension> </epp>
Renew certificate specifying explicitely what contact data to put into the new CSR
The new CSR is created automatically using the contact data provided in csrcontact0. Note that you have to set createprivatekey=1. Otherwise the current CSR will still be used.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' /> <keyvalue:kv key='CREATEPRIVATEKEY' value='1' /> </keyvalue:extension> </extension> </epp>
Renew certificate with new plain contact data
This works just like for domain commands.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' /> <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' /> <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' /> <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' /> <keyvalue:kv key='OWNERCONTACT0CITY' value='City' /> <keyvalue:kv key='OWNERCONTACT0STATE' value='State' /> <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' /> <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' /> <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' /> <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' /> <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' /> <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' /> <keyvalue:kv key='CREATEPRIVATEKEY' value='1' /> </keyvalue:extension> </extension> </epp>
Renew certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> <keyvalue:kv key='VALIDATION0' value='DNSZONE' /> </keyvalue:extension> </extension> </epp>
RESPONSE:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <response> <result code="1001"> <msg>Command completed successfully; action pending</msg> <extValue> <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"> <epp:undef/> </value> <reason>200 Command completed successfully</reason> </extValue> </result> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/> <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/> </keyvalue:extension> </extension> <trID> <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID> </trID> </response> </epp>
Renew certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key='COMMAND' value='RenewSSLCert' /> <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' /> <keyvalue:kv key='VALIDATION0' value='URL' /> </keyvalue:extension> </extension> </epp>
RESPONSE:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"> <response> <result code="1001"> <msg>Command completed successfully; action pending</msg> <extValue> <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"> <epp:undef/> </value> <reason>200 Command completed successfully</reason> </extValue> </result> <extension> <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd"> <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/> <keyvalue:kv key="VALIDATIONURL" value="http://<DOMAIN>/abcde01234.txt"/> <keyvalue:kv key="VALIDATIONURLCONTENT" value="vwxyz56789"/> </keyvalue:extension> </extension> <trID> <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID> </trID> </response> </epp>