Difference between revisions of "New SSL API Main Page"

Revision as of 09:05, 11 April 2016

New SSL API

Why use the new SSL API?

With the new SSL API you can:

Order SSL certificates without having to provide contact data - given the domain name, we will retrieve the required contact information from the WHOIS
Order SSL certificates without having to create a CSR first - we take care of this for you
Order SSL certificates using contact handles - just like in domain commands
Use advanced validation methods - instead of confirming emails, you can prove that you have control over a domain by a simple DNS or web content modification

How to use the new SSL API?

You can do that right away. Just make use of the new command parameters described below.

SSL certificates
Order certificate (API)
Order certificate (EPP)

SSL certificate
COMODO_ESSENTIALSSL
COMODO_INSTANTSSL
COMODO_INSTANTSSL_PRO
COMODO_PREMIUMSSL
COMODO_PREMIUMSSL_WILDCARD
COMODO_EVSSL
COMODO_UCC
GEOTRUST_QUICKSSLPREMIUM
GEOTRUST_RAPIDSSL
GEOTRUST_RAPIDSSL_WILDCARD
SYMANTEC_SECURESITE
SYMANTEC_SECURESITEPRO
SYMANTEC_SECURESITEEV
SYMANTEC_SECURESITEPROEV
THAWTE_SSL123
THAWTE_SSLWEBSERVER
THAWTE_SSLWEBSERVEREV
THAWTE_SSLWEBSERVER_WILDCARD

All new parameters

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
period = <INT>

ownercontact0 = <CONTACT>
admincontact0 = <CONTACT>
techcontact0 = <CONTACT>
billingcontact0 = <CONTACT>
csrcontact0 = <CONTACT>

domain# = <DOMAIN>
validation# = EMAIL | DNSZONE | URL
validationemail# = <EMAIL>

csr# = <TEXT>
pem# = <TEXT>

EOF

[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>

Order certificate providing the domain name only
The contact data is looked up at the WHOIS. The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
EOF

Order certificate with contact handles
The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
EOF

Order certificate with your own CSR
The domain is retrieved from the provided CSR.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
csr0 = -----BEGIN CERTIFICATE REQUEST-----
csr1 = ...
...

EOF

Order certificate with your own private key
The CSR is created automatically using the provided private key.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
pem0 = -----BEGIN RSA PRIVATE KEY-----
pem1 = ...
...

EOF

Order certificate where you tell us exactly what contact data to put into the CSR
The CSR is created automatically using the contact data provided in csrcontact0.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
csrcontact0=<CONTACT>
EOF

Order certificate with plain contact data
This works just like for domains.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0organization = <TEXT> | <NULL>
ownercontact0firstname = <TEXT> | <NULL>
ownercontact0lastname = <TEXT> | <NULL>
ownercontact0street = <TEXT> | <NULL>
ownercontact0city = <TEXT> | <NULL>
ownercontact0state = <TEXT> | <NULL>
ownercontact0zip = <TEXT> | <NULL>
ownercontact0country = <TEXT> | <NULL>
ownercontact0phone = <TEXT> | <NULL>
ownercontact0fax = <TEXT> | <NULL>
ownercontact0email = <TEXT> | <NULL>
ownercontact0title = <TEXT> | <NULL>
EOF

Order certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
validation0=DNSZONE
EOF

[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
EOF

Order certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable by an HTTP request.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
validation0=DNSZONE
EOF

[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[VALIDATIONURL][0]=http://<DOMAIN>/abcde01234.txt
PROPERTY[VALIDATIONURLCONTENT][0]=vwxyz56789
EOF

Order certificate providing the domain name only
The contact data is looked up at the WHOIS. The private key and CSR are created automatically.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
      <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
      <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
      <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
      <keyvalue:kv key='VALIDATION0' value='URL' />
      </keyvalue:extension>   
   </extension>   
</epp>

Order certificate with contact handles
The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
EOF

Order certificate with your own CSR
The domain is retrieved from the provided CSR.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
csr0 = -----BEGIN CERTIFICATE REQUEST-----
csr1 = ...
...

EOF

Order certificate with your own private key
The CSR is created automatically using the provided private key.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
pem0 = -----BEGIN RSA PRIVATE KEY-----
pem1 = ...
...

EOF

Order certificate where you tell us exactly what contact data to put into the CSR
The CSR is created automatically using the contact data provided in csrcontact0.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
csrcontact0=<CONTACT>
EOF

Order certificate with plain contact data
This works just like for domains.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0organization = <TEXT> | <NULL>
ownercontact0firstname = <TEXT> | <NULL>
ownercontact0lastname = <TEXT> | <NULL>
ownercontact0street = <TEXT> | <NULL>
ownercontact0city = <TEXT> | <NULL>
ownercontact0state = <TEXT> | <NULL>
ownercontact0zip = <TEXT> | <NULL>
ownercontact0country = <TEXT> | <NULL>
ownercontact0phone = <TEXT> | <NULL>
ownercontact0fax = <TEXT> | <NULL>
ownercontact0email = <TEXT> | <NULL>
ownercontact0title = <TEXT> | <NULL>
EOF

Order certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
      <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
      <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
      <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
      <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
      </keyvalue:extension>   
   </extension>   
</epp>

[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
EOF

Order certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable by an HTTP request.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
      <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
      <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
      <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
      <keyvalue:kv key='VALIDATION0' value='URL' />
      </keyvalue:extension>   
   </extension>   
</epp>

[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[VALIDATIONURL][0]=http://<DOMAIN>/abcde01234.txt
PROPERTY[VALIDATIONURLCONTENT][0]=vwxyz56789
EOF

Personal tools

Difference between revisions of "New SSL API Main Page" - HEXONET Wiki

Search

Domains

Services

API & SDK

Modules & Tools

Control Panel & Tools

ICANN Policies

HEXONET & Partners

From HEXONET Wiki

Revision as of 09:05, 11 April 2016

Why use the new SSL API?

How to use the new SSL API?

	Disclaimers
	Mozilla Cavendish Theme based on Cavendish style by Gabriel Wicke modified by DaSch for the Web Community Wiki github Projectpage – Report Bug – Skin-Version: 1.6.4