Personal tools

From HEXONET Wiki

Revision as of 08:12, 2 May 2016 by WikiAdmin (Talk | contribs)

Jump to: navigation, search
New SSL API

Why use the new SSL API?

With the new SSL API you can:

  • Order SSL certificates without having to provide contact data - given the domain name, we will retrieve the required contact information from the WHOIS
  • Order SSL certificates without having to create a CSR first - we take care of this for you
  • Order SSL certificates using contact handles - just like in domain commands
  • Use advanced validation methods - instead of confirming emails, you can prove that you have control over a domain by a simple DNS or web content modification


How to use the new SSL API?

You can do that right away. Just use the new command parameters described below.



SSL certificate Type* Multi-Domain DCV**
COMODO_ESSENTIALSSL DV - EMAIL,DNSZONE,URL
COMODO_UCC DV 2-100 domains EMAIL,DNSZONE,URL
COMODO_INSTANTSSL OV - EMAIL,DNSZONE,URL
COMODO_INSTANTSSL_PRO OV - EMAIL,DNSZONE,URL
COMODO_PREMIUMSSL OV - EMAIL,DNSZONE,URL
COMODO_PREMIUMSSL_WILDCARD OV wildcard EMAIL,DNSZONE,URL
COMODO_EVSSL EV - EMAIL,DNSZONE,URL
 
GEOTRUST_QUICKSSLPREMIUM DV - EMAIL,DNSZONE,URL
GEOTRUST_RAPIDSSL DV - EMAIL,DNSZONE,URL
GEOTRUST_RAPIDSSL_WILDCARD DV wildcard EMAIL,DNSZONE,URL
 
SYMANTEC_SECURESITE OV - EMAIL
SYMANTEC_SECURESITEPRO OV - EMAIL
SYMANTEC_SECURESITEEV EV - EMAIL
SYMANTEC_SECURESITEPROEV EV - EMAIL
 
THAWTE_SSL123 DV - EMAIL,DNSZONE,URL
THAWTE_SSLWEBSERVER OV - EMAIL
THAWTE_SSLWEBSERVER_WILDCARD OV wildcard EMAIL
THAWTE_SSLWEBSERVEREV EV - EMAIL

* DV=Domain validated SSL certificate
OV=Organization validated SSL certificate
EV=Extended validation SSL certificate

** DCV=Domain Control Validation

Order certificate providing the domain name only
The contact data is looked up in the WHOIS. The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
EOF


Order certificate with your own CSR
The domain is retrieved from the provided CSR. The contact data is looked up in the WHOIS.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
csr0 = -----BEGIN CERTIFICATE REQUEST-----
csr1 = ...
...

EOF


Order certificate with contact handles
The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
EOF


Order certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
validation0=DNSZONE
EOF
[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
EOF


Order certificate and have it validated automatically
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
validation0=DNSZONE
internaldns=1
EOF
[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
PROPERTY[INTERNALDNS][0]=1
EOF


Order certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
validation0=URL
EOF
[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[VALIDATIONURL][0]=http://<DOMAIN>/abcde01234.txt
PROPERTY[VALIDATIONURLCONTENT][0]=vwxyz56789
EOF


Order certificate using EMAIL validation and specifying explicitly the validation email addresses
By default, ownercontact0email is used as validation email address. Different validation email addresses can be specified by using the command parameter validationemail[0-N]. This is particularly useful when a multi domain certificate is ordered.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = example1.com
domain1 = example2.com
[email protected]
[email protected]
EOF


Order certificate specifying explicitly what contact data to put into the CSR
The private key and CSR are created automatically using the contact data provided in csrcontact0.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
csrcontact0=<CONTACT>
EOF


Order certificate with plain contact data
This works just like for domain commands. The private key and CSR are created automatically.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0organization = <TEXT> | <NULL>
ownercontact0firstname = <TEXT> | <NULL>
ownercontact0lastname = <TEXT> | <NULL>
ownercontact0street = <TEXT> | <NULL>
ownercontact0city = <TEXT> | <NULL>
ownercontact0state = <TEXT> | <NULL>
ownercontact0zip = <TEXT> | <NULL>
ownercontact0country = <TEXT> | <NULL>
ownercontact0phone = <TEXT> | <NULL>
ownercontact0fax = <TEXT> | <NULL>
ownercontact0email = <TEXT> | <NULL>
ownercontact0title = <TEXT> | <NULL>
EOF


Order certificate with your own private key
The CSR is created automatically using the provided private key.

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
domain0 = <DOMAIN>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
pem0 = -----BEGIN RSA PRIVATE KEY-----
pem1 = ...
...

EOF


All parameters

[COMMAND]
command = CreateSSLCert
sslcertclass = <CLASS>
period = <INT>

domain# = <DOMAIN>
validation# = EMAIL | DNSZONE | URL
validationemail# = <EMAIL>

internaldns = 0 | 1

csr# = <TEXT>
pem# = <TEXT>

serversoftware = APACHESSL | APACHESSLEAY | APACHE2 | IIS

ownercontact0 = <CONTACT>
ownercontact0organization = <TEXT>
ownercontact0firstname = <TEXT>
ownercontact0lastname = <TEXT>
ownercontact0street = <TEXT>
ownercontact0city = <TEXT>
ownercontact0state = <TEXT>
ownercontact0zip = <TEXT>
ownercontact0country = <TEXT>
ownercontact0phone = <TEXT>
ownercontact0fax = <TEXT>
ownercontact0email = <TEXT>
ownercontact0title = <TEXT>

admincontact0 = <CONTACT>
admincontact0organization = <TEXT>
admincontact0firstname = <TEXT>
admincontact0lastname = <TEXT>
admincontact0street = <TEXT>
admincontact0city = <TEXT>
admincontact0state = <TEXT>
admincontact0zip = <TEXT>
admincontact0country = <TEXT>
admincontact0phone = <TEXT>
admincontact0fax = <TEXT>
admincontact0email = <TEXT>
admincontact0title = <TEXT>

techcontact0 = <CONTACT>
techcontact0organization = <TEXT>
techcontact0firstname = <TEXT>
techcontact0lastname = <TEXT>
techcontact0street = <TEXT>
techcontact0city = <TEXT>
techcontact0state = <TEXT>
techcontact0zip = <TEXT>
techcontact0country = <TEXT>
techcontact0phone = <TEXT>
techcontact0fax = <TEXT>
techcontact0email = <TEXT>
techcontact0title = <TEXT>

billingcontact0 = <CONTACT>
billingcontact0organization = <TEXT>
billingcontact0firstname = <TEXT>
billingcontact0lastname = <TEXT>
billingcontact0street = <TEXT>
billingcontact0city = <TEXT>
billingcontact0state = <TEXT>
billingcontact0zip = <TEXT>
billingcontact0country = <TEXT>
billingcontact0phone = <TEXT>
billingcontact0fax = <TEXT>
billingcontact0email = <TEXT>
billingcontact0title = <TEXT>

csrcontact0 = <CONTACT>
csrcontact0organization = <TEXT>
csrcontact0firstname = <TEXT>
csrcontact0lastname = <TEXT>
csrcontact0street = <TEXT>
csrcontact0city = <TEXT>
csrcontact0state = <TEXT>
csrcontact0zip = <TEXT>
csrcontact0country = <TEXT>
csrcontact0phone = <TEXT>
csrcontact0fax = <TEXT>
csrcontact0email = <TEXT>
csrcontact0title = <TEXT>

EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[SSLCERTCLASS][0] = <CLASS>
PROPERTY[STATUS][0] = REQUESTEDCREATE
PROPERTY[CREATEDDATE][0] = <DATE>
PROPERTY[REGISTRATIONEXPIRATIONDATE][0] = <DATE>

PROPERTY[DOMAIN][0] = <DOMAIN>
PROPERTY[DOMAIN][1] = <DOMAIN>
...

PROPERTY[VALIDATION][0] = EMAIL|DNSZONE|URL
PROPERTY[VALIDATION][1] = EMAIL|DNSZONE|URL
...

PROPERTY[VALIDATIONEMAIL][0] = <EMAIL>
PROPERTY[VALIDATIONEMAIL][1] = <EMAIL>
...

PROPERTY[VALIDATIONDNSRR][0] = <TEXT>
PROPERTY[VALIDATIONDNSRR][1] = <TEXT>
...

PROPERTY[VALIDATIONURL][0] = <TEXT>
PROPERTY[VALIDATIONURL][1] = <TEXT>
...

PROPERTY[VALIDATIONURLCONTENT][0] = <TEXT>
PROPERTY[VALIDATIONURLCONTENT][1] = <TEXT>
...

PROPERTY[INTERNALDNS][0] = 0 | 1

PROPERTY[CSR][0]=-----BEGIN CERTIFICATE REQUEST-----
PROPERTY[CSR][1]=...
...

PROPERTY[PEM][0]=-----BEGIN RSA PRIVATE KEY-----
PROPERTY[PEM][1]=...
...

PROPERTY[SERVERSOFTWARE][0] = APACHESSL | APACHESSLEAY | APACHE2 | IIS

PROPERTY[OWNERCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[OWNERCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[OWNERCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[OWNERCONTACT0STREET][0] = <TEXT>
PROPERTY[OWNERCONTACT0CITY][0] = <TEXT>
PROPERTY[OWNERCONTACT0STATE][0] = <TEXT>
PROPERTY[OWNERCONTACT0ZIP][0] = <TEXT>
PROPERTY[OWNERCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[OWNERCONTACT0PHONE][0] = <TEXT>
PROPERTY[OWNERCONTACT0FAX][0] = <TEXT>
PROPERTY[OWNERCONTACT0EMAIL][0] = <TEXT>
PROPERTY[OWNERCONTACT0TITLE][0] = <TEXT>

PROPERTY[ADMINCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[ADMINCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[ADMINCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[ADMINCONTACT0STREET][0] = <TEXT>
PROPERTY[ADMINCONTACT0CITY][0] = <TEXT>
PROPERTY[ADMINCONTACT0STATE][0] = <TEXT>
PROPERTY[ADMINCONTACT0ZIP][0] = <TEXT>
PROPERTY[ADMINCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[ADMINCONTACT0PHONE][0] = <TEXT>
PROPERTY[ADMINCONTACT0FAX][0] = <TEXT>
PROPERTY[ADMINCONTACT0EMAIL][0] = <TEXT>
PROPERTY[ADMINCONTACT0TITLE][0] = <TEXT>

PROPERTY[TECHCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[TECHCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[TECHCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[TECHCONTACT0STREET][0] = <TEXT>
PROPERTY[TECHCONTACT0CITY][0] = <TEXT>
PROPERTY[TECHCONTACT0STATE][0] = <TEXT>
PROPERTY[TECHCONTACT0ZIP][0] = <TEXT>
PROPERTY[TECHCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[TECHCONTACT0PHONE][0] = <TEXT>
PROPERTY[TECHCONTACT0FAX][0] = <TEXT>
PROPERTY[TECHCONTACT0EMAIL][0] = <TEXT>
PROPERTY[TECHCONTACT0TITLE][0] = <TEXT>

PROPERTY[BILLINGCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[BILLINGCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[BILLINGCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[BILLINGCONTACT0STREET][0] = <TEXT>
PROPERTY[BILLINGCONTACT0CITY][0] = <TEXT>
PROPERTY[BILLINGCONTACT0STATE][0] = <TEXT>
PROPERTY[BILLINGCONTACT0ZIP][0] = <TEXT>
PROPERTY[BILLINGCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[BILLINGCONTACT0PHONE][0] = <TEXT>
PROPERTY[BILLINGCONTACT0FAX][0] = <TEXT>
PROPERTY[BILLINGCONTACT0EMAIL][0] = <TEXT>
PROPERTY[BILLINGCONTACT0TITLE][0] = <TEXT>

PROPERTY[CSRCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[CSRCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[CSRCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[CSRCONTACT0STREET][0] = <TEXT>
PROPERTY[CSRCONTACT0CITY][0] = <TEXT>
PROPERTY[CSRCONTACT0STATE][0] = <TEXT>
PROPERTY[CSRCONTACT0ZIP][0] = <TEXT>
PROPERTY[CSRCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[CSRCONTACT0PHONE][0] = <TEXT>
PROPERTY[CSRCONTACT0FAX][0] = <TEXT>
PROPERTY[CSRCONTACT0EMAIL][0] = <TEXT>
PROPERTY[CSRCONTACT0TITLE][0] = <TEXT>

EOF


Order certificate providing the domain name only
The contact data is looked up in the WHOIS. The private key and CSR are created automatically.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
      </keyvalue:extension>   
   </extension>   
</epp>


Order certificate with your own CSR
The domain is retrieved from the provided CSR. The contact data is looked up in the WHOIS.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...
      </keyvalue:extension>
   </extension>
</epp>


Order certificate with contact handles
The private key and CSR are created automatically.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
      </keyvalue:extension>
   </extension>
</epp>


Order certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Order certificate and have it validated automatically
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
         <keyvalue:kv key='INTERNALDNS' value='1' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
      <keyvalue:kv key="INTERNALDNS" value="1"/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Order certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='VALIDATION0' value='URL' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="VALIDATIONURL" value="http://<DOMAIN>/abcde01234.txt"/>
      <keyvalue:kv key="VALIDATIONURLCONTENT" value="vwxyz56789"/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Order certificate using EMAIL validation and specifying explicitly the validation email addresses
By default, ownercontact0email is used as validation email address. Different validation email addresses can be specified by using the command parameter validationemail[0-N]. This is particularly useful when a multi domain certificate is ordered.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />   
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />   
         <keyvalue:kv key='DOMAIN0' value='example1.com' />
         <keyvalue:kv key='DOMAIN1' value='example2.com' />
         <keyvalue:kv key='VALIDATIONEMAIL0' value='[email protected]' />
         <keyvalue:kv key='VALIDATIONEMAIL1' value='[email protected]' />
      </keyvalue:extension>   
   </extension>   
</epp>


Order certificate specifying explicitly what contact data to put into the CSR
The private key and CSR are created automatically using the contact data provided in csrcontact0.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='CSRCONTACT0' value='<CONTACT>' />
      </keyvalue:extension>
   </extension>
</epp>


Order certificate with plain contact data
This works just like for domain commands. The private key and CSR are created automatically.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' />
         <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' />
         <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' />
         <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' />
         <keyvalue:kv key='OWNERCONTACT0CITY' value='City' />
         <keyvalue:kv key='OWNERCONTACT0STATE' value='State' />
         <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' />
         <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' />
         <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' />
         <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' />
         <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' />
         <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' />
      </keyvalue:extension>
   </extension>
</epp>


Order certificate with your own private key
The CSR is created automatically using the provided private key.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
         <keyvalue:kv key='PEM1' value='...' />
         ...
      </keyvalue:extension>
   </extension>
</epp>


All parameters

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   

         <keyvalue:kv key='COMMAND' value='CreateSSLCert' />
         <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
         <keyvalue:kv key='PERIOD' value='<INT>' />

         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
         ...

         <keyvalue:kv key='VALIDATION0' value='EMAIL | DNSZONE | URL' />
         <keyvalue:kv key='VALIDATION1' value='EMAIL | DNSZONE | URL' />
         ...

         <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' />
         <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
         ...

         <keyvalue:kv key='INTERNALDNS' value='0 | 1' />


         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...

         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
         <keyvalue:kv key='PEM1' value='...' />
         ...

         <keyvalue:kv key='SERVERSOFTWARE' value='APACHESSL | APACHESSLEAY | APACHE2 | IIS' />

         <keyvalue:kv key='ownercontact0' value='<CONTACT>' />
         <keyvalue:kv key='ownercontact0organization' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0street' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0city' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0state' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0zip' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0country' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0phone' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0fax' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0email' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0title' value='<TEXT>' />

         <keyvalue:kv key='admincontact0' value='<CONTACT>' />
         <keyvalue:kv key='admincontact0organization' value='<TEXT>' />
         <keyvalue:kv key='admincontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='admincontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='admincontact0street' value='<TEXT>' />
         <keyvalue:kv key='admincontact0city' value='<TEXT>' />
         <keyvalue:kv key='admincontact0state' value='<TEXT>' />
         <keyvalue:kv key='admincontact0zip' value='<TEXT>' />
         <keyvalue:kv key='admincontact0country' value='<TEXT>' />
         <keyvalue:kv key='admincontact0phone' value='<TEXT>' />
         <keyvalue:kv key='admincontact0fax' value='<TEXT>' />
         <keyvalue:kv key='admincontact0email' value='<TEXT>' />
         <keyvalue:kv key='admincontact0title' value='<TEXT>' />

         <keyvalue:kv key='techcontact0' value='<CONTACT>' />
         <keyvalue:kv key='techcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='techcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='techcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='techcontact0street' value='<TEXT>' />
         <keyvalue:kv key='techcontact0city' value='<TEXT>' />
         <keyvalue:kv key='techcontact0state' value='<TEXT>' />
         <keyvalue:kv key='techcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='techcontact0country' value='<TEXT>' />
         <keyvalue:kv key='techcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='techcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='techcontact0email' value='<TEXT>' />
         <keyvalue:kv key='techcontact0title' value='<TEXT>' />

         <keyvalue:kv key='billingcontact0' value='<CONTACT>' />
         <keyvalue:kv key='billingcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0street' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0city' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0state' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0country' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0email' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0title' value='<TEXT>' />

         <keyvalue:kv key='csrcontact0' value='<CONTACT>' />
         <keyvalue:kv key='csrcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0street' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0city' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0state' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0country' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0email' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0title' value='<TEXT>' />

      </keyvalue:extension>
   </extension>
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">

      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
      <keyvalue:kv key='STATUS' value='REQUESTEDCREATE' />
      <keyvalue:kv key='CREATEDDATE' value='<DATE>' />
      <keyvalue:kv key='REGISTRATIONEXPIRATIONDATE' value='<DATE>' />

      <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />
      <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />
      ...

      <keyvalue:kv key='VALIDATION' value='EMAIL|DNSZONE|URL' />
      <keyvalue:kv key='VALIDATION' value='EMAIL|DNSZONE|URL' />
      ...

      <keyvalue:kv key='VALIDATIONEMAIL' value='<EMAIL>' />
      <keyvalue:kv key='VALIDATIONEMAIL' value='<EMAIL>' />
      ...

      <keyvalue:kv key='VALIDATIONDNSRR' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONDNSRR' value='<TEXT>' />
      ...

      <keyvalue:kv key='VALIDATIONURL' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONURL' value='<TEXT>' />
      ...

      <keyvalue:kv key='VALIDATIONURLCONTENT' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONURLCONTENT' value='<TEXT>' />
      ...

      <keyvalue:kv key='INTERNALDNS' value='0 | 1' />

      <keyvalue:kv key='CSR' value='-----BEGIN CERTIFICATE REQUEST-----' />
      <keyvalue:kv key='CSR' value='...' />
      ...

      <keyvalue:kv key='PEM' value='-----BEGIN RSA PRIVATE KEY-----' />
      <keyvalue:kv key='PEM' value='...' />
      ...

      <keyvalue:kv key='SERVERSOFTWARE' value='APACHESSL | APACHESSLEAY | APACHE2 | IIS' />

      <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='ADMINCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='TECHCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='BILLINGCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='CSRCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0TITLE' value='<TEXT>' />

    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>

Renew certificate
When no additional command parameters are provided, the current data is used for the certificate renewal: CSR, contact information, validation methods, validation email addresses, internaldns

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
EOF


Renew certificate with new contact data
When new contact data is provided, it will be used for the certificate renewal. Note that you have to provide all contact data for all contacts, not just the data that has changed. Also note that the current CSR will be re-used even if contact data has changed that is part of the CSR. See below to learn how to have a new CSR created.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
EOF


Renew certificate with new contact data and a newly created CSR (current private key)
In order have a new CSR created, use the command parameter createcsr=1. The current private key associated with the certificate is used for this (unless a new one is created or provided, see below). If no private key is associated with the certificate, the command will fail. Also be reminded that if the certificate is associated with a csrcontact0, its contact data is the relevant data for the CSR creation and must also be updated.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
createcsr=1
EOF


Renew certificate with new contact data and a newly created CSR (newly created private key)
In order have a new private key and a new CSR created, use the command parameter createprivatekey=1.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
createprivatekey=1
EOF


Renew certificate with new contact data and a newly created CSR (provided private key)
This will create a new CSR using the provided private key.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0=<CONTACT>
admincontact0=<CONTACT>
techcontact0=<CONTACT>
billingcontact0=<CONTACT>
pem0 = -----BEGIN RSA PRIVATE KEY-----
pem1 = ...
...

EOF


Renew certificate with your own new CSR

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
csr0 = -----BEGIN CERTIFICATE REQUEST-----
csr1 = ...
...

EOF


Renew certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
validation0=DNSZONE
EOF
[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
EOF


Renew certificate and have it validated automatically
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
validation0=DNSZONE
internaldns=1
EOF
[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[VALIDATIONDNSRR][0]=abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>.
PROPERTY[INTERNALDNS][0]=1
EOF


Renew certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
validation0=URL
EOF
[RESPONSE]
CODE=200
DESCRIPTION=Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[VALIDATIONURL][0]=http://<DOMAIN>/abcde01234.txt
PROPERTY[VALIDATIONURLCONTENT][0]=vwxyz56789
EOF


Renew certificate with new plain contact data

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
ownercontact0organization = <TEXT> | <NULL>
ownercontact0firstname = <TEXT> | <NULL>
ownercontact0lastname = <TEXT> | <NULL>
ownercontact0street = <TEXT> | <NULL>
ownercontact0city = <TEXT> | <NULL>
ownercontact0state = <TEXT> | <NULL>
ownercontact0zip = <TEXT> | <NULL>
ownercontact0country = <TEXT> | <NULL>
ownercontact0phone = <TEXT> | <NULL>
ownercontact0fax = <TEXT> | <NULL>
ownercontact0email = <TEXT> | <NULL>
ownercontact0title = <TEXT> | <NULL>
EOF


All parameters

[COMMAND]
command = RenewSSLCert
sslcertid = <SSLCERTID>
period = <INT>

domain# = <DOMAIN>
validation# = EMAIL | DNSZONE | URL
validationemail# = <EMAIL>

internaldns = 0 | 1

csr# = <TEXT>
createcsr = 0 | 1

pem# = <TEXT>
createprivatekey = 0 | 1

serversoftware = APACHESSL | APACHESSLEAY | APACHE2 | IIS

ownercontact0 = <CONTACT>
ownercontact0organization = <TEXT>
ownercontact0firstname = <TEXT>
ownercontact0lastname = <TEXT>
ownercontact0street = <TEXT>
ownercontact0city = <TEXT>
ownercontact0state = <TEXT>
ownercontact0zip = <TEXT>
ownercontact0country = <TEXT>
ownercontact0phone = <TEXT>
ownercontact0fax = <TEXT>
ownercontact0email = <TEXT>
ownercontact0title = <TEXT>

admincontact0 = <CONTACT>
admincontact0organization = <TEXT>
admincontact0firstname = <TEXT>
admincontact0lastname = <TEXT>
admincontact0street = <TEXT>
admincontact0city = <TEXT>
admincontact0state = <TEXT>
admincontact0zip = <TEXT>
admincontact0country = <TEXT>
admincontact0phone = <TEXT>
admincontact0fax = <TEXT>
admincontact0email = <TEXT>
admincontact0title = <TEXT>

techcontact0 = <CONTACT>
techcontact0organization = <TEXT>
techcontact0firstname = <TEXT>
techcontact0lastname = <TEXT>
techcontact0street = <TEXT>
techcontact0city = <TEXT>
techcontact0state = <TEXT>
techcontact0zip = <TEXT>
techcontact0country = <TEXT>
techcontact0phone = <TEXT>
techcontact0fax = <TEXT>
techcontact0email = <TEXT>
techcontact0title = <TEXT>

billingcontact0 = <CONTACT>
billingcontact0organization = <TEXT>
billingcontact0firstname = <TEXT>
billingcontact0lastname = <TEXT>
billingcontact0street = <TEXT>
billingcontact0city = <TEXT>
billingcontact0state = <TEXT>
billingcontact0zip = <TEXT>
billingcontact0country = <TEXT>
billingcontact0phone = <TEXT>
billingcontact0fax = <TEXT>
billingcontact0email = <TEXT>
billingcontact0title = <TEXT>

csrcontact0 = <CONTACT>
csrcontact0organization = <TEXT>
csrcontact0firstname = <TEXT>
csrcontact0lastname = <TEXT>
csrcontact0street = <TEXT>
csrcontact0city = <TEXT>
csrcontact0state = <TEXT>
csrcontact0zip = <TEXT>
csrcontact0country = <TEXT>
csrcontact0phone = <TEXT>
csrcontact0fax = <TEXT>
csrcontact0email = <TEXT>
csrcontact0title = <TEXT>

EOF
[RESPONSE]
CODE = 200
DESCRIPTION = Command completed successfully
PROPERTY[SSLCERTID][0]=<SSLCERTID>
PROPERTY[SSLCERTCLASS][0] = <CLASS>
PROPERTY[STATUS][0] = REQUESTEDCREATE
PROPERTY[CREATEDDATE][0] = <DATE>
PROPERTY[REGISTRATIONEXPIRATIONDATE][0] = <DATE>

PROPERTY[DOMAIN][0] = <DOMAIN>
PROPERTY[DOMAIN][1] = <DOMAIN>
...

PROPERTY[VALIDATION][0] = EMAIL|DNSZONE|URL
PROPERTY[VALIDATION][1] = EMAIL|DNSZONE|URL
...

PROPERTY[VALIDATIONEMAIL][0] = <EMAIL>
PROPERTY[VALIDATIONEMAIL][1] = <EMAIL>
...

PROPERTY[VALIDATIONDNSRR][0] = <TEXT>
PROPERTY[VALIDATIONDNSRR][1] = <TEXT>
...

PROPERTY[VALIDATIONURL][0] = <TEXT>
PROPERTY[VALIDATIONURL][1] = <TEXT>
...

PROPERTY[VALIDATIONURLCONTENT][0] = <TEXT>
PROPERTY[VALIDATIONURLCONTENT][1] = <TEXT>
...

PROPERTY[INTERNALDNS][0] = 0 | 1

PROPERTY[CSR][0] = -----BEGIN CERTIFICATE REQUEST-----
PROPERTY[CSR][1] = ...
...

PROPERTY[PEM][0] = -----BEGIN RSA PRIVATE KEY-----
PROPERTY[PEM][1] = ...
...

PROPERTY[SERVERSOFTWARE][0] = APACHESSL | APACHESSLEAY | APACHE2 | IIS

PROPERTY[OWNERCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[OWNERCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[OWNERCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[OWNERCONTACT0STREET][0] = <TEXT>
PROPERTY[OWNERCONTACT0CITY][0] = <TEXT>
PROPERTY[OWNERCONTACT0STATE][0] = <TEXT>
PROPERTY[OWNERCONTACT0ZIP][0] = <TEXT>
PROPERTY[OWNERCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[OWNERCONTACT0PHONE][0] = <TEXT>
PROPERTY[OWNERCONTACT0FAX][0] = <TEXT>
PROPERTY[OWNERCONTACT0EMAIL][0] = <TEXT>
PROPERTY[OWNERCONTACT0TITLE][0] = <TEXT>

PROPERTY[ADMINCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[ADMINCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[ADMINCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[ADMINCONTACT0STREET][0] = <TEXT>
PROPERTY[ADMINCONTACT0CITY][0] = <TEXT>
PROPERTY[ADMINCONTACT0STATE][0] = <TEXT>
PROPERTY[ADMINCONTACT0ZIP][0] = <TEXT>
PROPERTY[ADMINCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[ADMINCONTACT0PHONE][0] = <TEXT>
PROPERTY[ADMINCONTACT0FAX][0] = <TEXT>
PROPERTY[ADMINCONTACT0EMAIL][0] = <TEXT>
PROPERTY[ADMINCONTACT0TITLE][0] = <TEXT>

PROPERTY[TECHCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[TECHCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[TECHCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[TECHCONTACT0STREET][0] = <TEXT>
PROPERTY[TECHCONTACT0CITY][0] = <TEXT>
PROPERTY[TECHCONTACT0STATE][0] = <TEXT>
PROPERTY[TECHCONTACT0ZIP][0] = <TEXT>
PROPERTY[TECHCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[TECHCONTACT0PHONE][0] = <TEXT>
PROPERTY[TECHCONTACT0FAX][0] = <TEXT>
PROPERTY[TECHCONTACT0EMAIL][0] = <TEXT>
PROPERTY[TECHCONTACT0TITLE][0] = <TEXT>

PROPERTY[BILLINGCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[BILLINGCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[BILLINGCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[BILLINGCONTACT0STREET][0] = <TEXT>
PROPERTY[BILLINGCONTACT0CITY][0] = <TEXT>
PROPERTY[BILLINGCONTACT0STATE][0] = <TEXT>
PROPERTY[BILLINGCONTACT0ZIP][0] = <TEXT>
PROPERTY[BILLINGCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[BILLINGCONTACT0PHONE][0] = <TEXT>
PROPERTY[BILLINGCONTACT0FAX][0] = <TEXT>
PROPERTY[BILLINGCONTACT0EMAIL][0] = <TEXT>
PROPERTY[BILLINGCONTACT0TITLE][0] = <TEXT>

PROPERTY[CSRCONTACT0ORGANIZATION][0] = <TEXT>
PROPERTY[CSRCONTACT0FIRSTNAME][0] = <TEXT>
PROPERTY[CSRCONTACT0LASTNAME][0] = <TEXT>
PROPERTY[CSRCONTACT0STREET][0] = <TEXT>
PROPERTY[CSRCONTACT0CITY][0] = <TEXT>
PROPERTY[CSRCONTACT0STATE][0] = <TEXT>
PROPERTY[CSRCONTACT0ZIP][0] = <TEXT>
PROPERTY[CSRCONTACT0COUNTRY][0] = <TEXT>
PROPERTY[CSRCONTACT0PHONE][0] = <TEXT>
PROPERTY[CSRCONTACT0FAX][0] = <TEXT>
PROPERTY[CSRCONTACT0EMAIL][0] = <TEXT>
PROPERTY[CSRCONTACT0TITLE][0] = <TEXT>

EOF


Renew certificate
When no additional command parameters are provided, the current data is used for the certificate renewal: CSR, contact information, validation methods, validation email addresses, internaldns

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
      </keyvalue:extension>   
   </extension>   
</epp>


Renew certificate with new contact data
When new contact data is provided, it will be used for the certificate renewal. Note that you have to provide all contact data for all contacts, not just the data that has changed. Also note that the current CSR will be re-used even if contact data has changed that is part of the CSR. See below to learn how to have a new CSR created.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate with new contact data and a newly created CSR (current private key)
In order have a new CSR created, use the command parameter createcsr=1. The current private key associated with the certificate is used for this (unless a new one is created or provided, see below). If no private key is associated with the certificate, the command will fail. Also be reminded that if the certificate is associated with a csrcontact0, its contact data is the relevant data for the CSR creation and must also be updated.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='CREATECSR' value='1' />
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate with new contact data and a newly created CSR (newly created private key)
In order have a new private key and a new CSR created, use the command parameter createprivatekey=1.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='CREATEPRIVATEKEY' value='1' />
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate with new contact data and a newly created CSR (provided private key)
This will create a new CSR using the provided private key.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='ADMINCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='TECHCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='BILLINGCONTACT0' value='<CONTACT>' />
         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
         <keyvalue:kv key='PEM1' value='...' />
         ...
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate with your own new CSR

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...
      </keyvalue:extension>
   </extension>
</epp>


Renew certificate using DNSZONE validation
Prove domain control by setting the returned CNAME record.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Renew certificate and have it validated automatically
This only works with the validation method DNSZONE and if HEXONET's DNS Services are used for the domain. Set INTERNALDNS=1 in order to have the returned CNAME record inserted into the DNS zone file automatically. Note that it will not be removed automatically after successful validation.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='VALIDATION0' value='DNSZONE' />
         <keyvalue:kv key='INTERNALDNS' value='1' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key="VALIDATIONDNSRR" value="abcde01234.<DOMAIN>. CNAME vwxyz56789.<DOMAIN>."/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Renew certificate using URL validation
Prove domain control by placing a file with a certain content at the root of the domain. The name and content of the file to be used are returned by the command. The file must be readable via an HTTP request.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />   
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />   
         <keyvalue:kv key='VALIDATION0' value='URL' />
      </keyvalue:extension>   
   </extension>   
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key="VALIDATIONURL" value="http://<DOMAIN>/abcde01234.txt"/>
      <keyvalue:kv key="VALIDATIONURLCONTENT" value="vwxyz56789"/>
    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>


Renew certificate with new plain contact data

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   
         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='Organization' />
         <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='Firstname' />
         <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='Lastname' />
         <keyvalue:kv key='OWNERCONTACT0STREET' value='Street' />
         <keyvalue:kv key='OWNERCONTACT0CITY' value='City' />
         <keyvalue:kv key='OWNERCONTACT0STATE' value='State' />
         <keyvalue:kv key='OWNERCONTACT0ZIP' value='Zip' />
         <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='Country' />
         <keyvalue:kv key='OWNERCONTACT0PHONE' value='Phone' />
         <keyvalue:kv key='OWNERCONTACT0FAX' value='Fax' />
         <keyvalue:kv key='OWNERCONTACT0EMAIL' value='Email' />
         <keyvalue:kv key='OWNERCONTACT0TITLE' value='Title' />
      </keyvalue:extension>
   </extension>
</epp>


All parameters

<?xml version="1.0" encoding="UTF-8" standalone="no"?>   
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
   <extension>   
      <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">   

         <keyvalue:kv key='COMMAND' value='RenewSSLCert' />
         <keyvalue:kv key='SSLCERTID' value='<SSLCERTID>' />
         <keyvalue:kv key='PERIOD' value='<INT>' />

         <keyvalue:kv key='DOMAIN0' value='<DOMAIN>' />
         <keyvalue:kv key='DOMAIN1' value='<DOMAIN>' />
         ...

         <keyvalue:kv key='VALIDATION0' value='EMAIL | DNSZONE | URL' />
         <keyvalue:kv key='VALIDATION1' value='EMAIL | DNSZONE | URL' />
         ...

         <keyvalue:kv key='VALIDATIONEMAIL0' value='<EMAIL>' />
         <keyvalue:kv key='VALIDATIONEMAIL1' value='<EMAIL>' />
         ...

         <keyvalue:kv key='INTERNALDNS' value='0 | 1' />

         <keyvalue:kv key='CSR0' value='-----BEGIN CERTIFICATE REQUEST-----' />
         <keyvalue:kv key='CSR1' value='...' />
         ...

         <keyvalue:kv key='CREATECSR' value='0 | 1' />

         <keyvalue:kv key='PEM0' value='-----BEGIN RSA PRIVATE KEY-----' />
         <keyvalue:kv key='PEM1' value='...' />
         ...

         <keyvalue:kv key='CREATEPRIVATEKEY' value='0 | 1' />

         <keyvalue:kv key='SERVERSOFTWARE' value='APACHESSL | APACHESSLEAY | APACHE2 | IIS' />

         <keyvalue:kv key='ownercontact0' value='<CONTACT>' />
         <keyvalue:kv key='ownercontact0organization' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0street' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0city' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0state' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0zip' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0country' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0phone' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0fax' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0email' value='<TEXT>' />
         <keyvalue:kv key='ownercontact0title' value='<TEXT>' />

         <keyvalue:kv key='admincontact0' value='<CONTACT>' />
         <keyvalue:kv key='admincontact0organization' value='<TEXT>' />
         <keyvalue:kv key='admincontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='admincontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='admincontact0street' value='<TEXT>' />
         <keyvalue:kv key='admincontact0city' value='<TEXT>' />
         <keyvalue:kv key='admincontact0state' value='<TEXT>' />
         <keyvalue:kv key='admincontact0zip' value='<TEXT>' />
         <keyvalue:kv key='admincontact0country' value='<TEXT>' />
         <keyvalue:kv key='admincontact0phone' value='<TEXT>' />
         <keyvalue:kv key='admincontact0fax' value='<TEXT>' />
         <keyvalue:kv key='admincontact0email' value='<TEXT>' />
         <keyvalue:kv key='admincontact0title' value='<TEXT>' />

         <keyvalue:kv key='techcontact0' value='<CONTACT>' />
         <keyvalue:kv key='techcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='techcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='techcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='techcontact0street' value='<TEXT>' />
         <keyvalue:kv key='techcontact0city' value='<TEXT>' />
         <keyvalue:kv key='techcontact0state' value='<TEXT>' />
         <keyvalue:kv key='techcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='techcontact0country' value='<TEXT>' />
         <keyvalue:kv key='techcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='techcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='techcontact0email' value='<TEXT>' />
         <keyvalue:kv key='techcontact0title' value='<TEXT>' />

         <keyvalue:kv key='billingcontact0' value='<CONTACT>' />
         <keyvalue:kv key='billingcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0street' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0city' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0state' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0country' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0email' value='<TEXT>' />
         <keyvalue:kv key='billingcontact0title' value='<TEXT>' />

         <keyvalue:kv key='csrcontact0' value='<CONTACT>' />
         <keyvalue:kv key='csrcontact0organization' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0firstname' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0lastname' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0street' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0city' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0state' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0zip' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0country' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0phone' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0fax' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0email' value='<TEXT>' />
         <keyvalue:kv key='csrcontact0title' value='<TEXT>' />

      </keyvalue:extension>
   </extension>
</epp>

RESPONSE:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<response>
  <result code="1001">
    <msg>Command completed successfully; action pending</msg>
    <extValue>
      <value xmlns:epp="urn:ietf:params:xml:ns:epp-1.0">
        <epp:undef/>
      </value>
      <reason>200 Command completed successfully</reason>
    </extValue>
  </result>
  <extension>
    <keyvalue:extension xmlns:keyvalue="http://schema.ispapi.net/epp/xml/keyvalue-1.0" xsi:schemaLocation="http://schema.ispapi.net/epp/xml/keyvalue-1.0 keyvalue-1.0.xsd">
      <keyvalue:kv key="SSLCERTID" value="<SSLCERTID>"/>
      <keyvalue:kv key='SSLCERTCLASS' value='<CLASS>' />
      <keyvalue:kv key='STATUS' value='REQUESTEDCREATE' />
      <keyvalue:kv key='CREATEDDATE' value='<DATE>' />
      <keyvalue:kv key='REGISTRATIONEXPIRATIONDATE' value='<DATE>' />

      <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />
      <keyvalue:kv key='DOMAIN' value='<DOMAIN>' />
      ...

      <keyvalue:kv key='VALIDATION' value='EMAIL|DNSZONE|URL' />
      <keyvalue:kv key='VALIDATION' value='EMAIL|DNSZONE|URL' />
      ...

      <keyvalue:kv key='VALIDATIONEMAIL' value='<EMAIL>' />
      <keyvalue:kv key='VALIDATIONEMAIL' value='<EMAIL>' />
      ...

      <keyvalue:kv key='VALIDATIONDNSRR' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONDNSRR' value='<TEXT>' />
      ...

      <keyvalue:kv key='VALIDATIONURL' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONURL' value='<TEXT>' />
      ...

      <keyvalue:kv key='VALIDATIONURLCONTENT' value='<TEXT>' />
      <keyvalue:kv key='VALIDATIONURLCONTENT' value='<TEXT>' />
      ...

      <keyvalue:kv key='INTERNALDNS' value='0 | 1' />

      <keyvalue:kv key='CSR' value='-----BEGIN CERTIFICATE REQUEST-----' />
      <keyvalue:kv key='CSR' value='...' />
      ...

      <keyvalue:kv key='PEM' value='-----BEGIN RSA PRIVATE KEY-----' />
      <keyvalue:kv key='PEM' value='...' />
      ...

      <keyvalue:kv key='SERVERSOFTWARE' value='APACHESSL | APACHESSLEAY | APACHE2 | IIS' />

      <keyvalue:kv key='OWNERCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='OWNERCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='ADMINCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='ADMINCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='TECHCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='TECHCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='BILLINGCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='BILLINGCONTACT0TITLE' value='<TEXT>' />

      <keyvalue:kv key='CSRCONTACT0ORGANIZATION' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0FIRSTNAME' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0LASTNAME' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0STREET' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0CITY' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0STATE' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0ZIP' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0COUNTRY' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0PHONE' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0FAX' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0EMAIL' value='<TEXT>' />
      <keyvalue:kv key='CSRCONTACT0TITLE' value='<TEXT>' />

    </keyvalue:extension>
  </extension>
  <trID>
    <svTRID>RW-XXXX-XXXXXXXXXXXXXXXX</svTRID>
  </trID>
</response>
</epp>

Resend validation email
Have another validation email send to the validation email address.

[COMMAND]
command = ResendSSLCertEmail
sslcertid = <SSLCERTID>
EOF


Reissue SSL certificate
With this command you request to have an existing certificate replaced. This is useful when your private key got compromised, for example. A Reissue is free of charge, but note that you have to go through a validation process again.

[COMMAND]
command = ReissueSSLCert
sslcertid = <SSLCERTID>
csr# = <TEXT>
EOF


Revoke SSL certificate
With this command you request that an existing certificate is being nullified. This is appropriate when your private key got compromised.

[COMMAND]
command = RevokeSSLCert
sslcertid = <SSLCERTID>
EOF


Get status of SSL certificate order

[COMMAND]
command = StatusSSLCert
sslcertid = <SSLCERTID>
EOF


ACTIVE - certificate successfully issued

REQUESTED / REQUESTEDCREATE - certificate has been requested at HEXONET

PROCESSING - certificate order is being processed at HEXONET

PENDING / PENDINGCREATE - certificate order has been successfully transmitted to the certificate supplier

FAILED - certificate order has failed

REPLACED - certificate has been replaced by a new certificate

REVOKED - certificate has been revoked

REQUESTEDRENEW - certificate renewal has been requested at HEXONET

PENDINGRENEW - certificate renewal request has been successfully transmitted to the certificate supplier

REQUESTEDREISSUE - re-issue has been requested at HEXONET

PENDINGREISSUE - re-issue request has been successfully transmitted to the certificate supplier