GlobalSign API for MSSL Certificates › files › 6314 › 0795 › 8289 › ... · 2019-10-22 · GlobalSign API for MSSL Certificates v1.2 Page 6 of 47 3.3 Issued Certificates

GlobalSign API for MSSL Certificates

Implementation Guide and Definitions Version 1.2

Version Release Notes Version 1.0.1 Changes

- Updated error codes

Version 1.0.2 Changes

- Workflow updates


- Added Query functions


- Added Domain and Profile status descriptions

Version 1.1 Changes

- Added AEG functionality

Version 1.2 Changes

- Updated “Reissue” Function for Hash Algorithm SHA-256, Section 15.6

Copyright © 2011-2014 GlobalSign, Inc. All rights reserved. GlobalSign, the GlobalSign logo and OneClickSSL are trademarks and registered trademarks of GlobalSign, Inc. or its affiliates in the United States and other countries. All other trademarks are the property of their respective owners.

GlobalSign API for MSSL Certificates v1.2 Page 2 of 47

Contents

1. Outline ................................................................................................................................... 4

2. SSL Product Type Explanations ........................................................................................ 4

3. Web Service Functions – Order & Query Workflow Overview ........................................ 5

3.1 Managed SSL Functions Functions ....................................................................... 5 3.2 Standard SSL Query functions ............................................................................... 5 3.3 Issued Certificates .................................................................................................. 6

4. API URL’s.............................................................................................................................. 6

4.1 GlobalSign URL ...................................................................................................... 6 4.2 Test Account URLs ................................................................................................ 6

5. WSDL Files ........................................................................................................................... 6

5.1 GlobalSign URL ...................................................................................................... 6 5.2 Test Account URLs ................................................................................................ 6

6. Ordering MSSL OrganizationSSL Certificates .................................................................. 7

6.1 Ordering an MSSL OrganizationSSL Certificate .................................................... 7 PVOrder Request ................................................................................................... 7 PVOrder Response ................................................................................................ 8

7. Ordering MSSL OrganizationSSL Certificates using AutoCSR ...................................... 9

Ordering an OrganizationSSL Certificate using AutoCSR ..................................... 9 PVOrderWithoutCSR Request ............................................................................... 9

PVOrderWithoutCSR Response .......................................................................... 10 8. Modify MSSL Order ........................................................................................................... 10

ModifyMSSLOrder Request ................................................................................. 10 ModifyMSSLOrder Response .............................................................................. 11

9. Add MSSL Profile ............................................................................................................... 11

AddMSSLProfile Request .................................................................................... 11 AddMSSLProfile Response .................................................................................. 12

10. Add MSSL Domain ............................................................................................................. 12

AddMSSLDomain Request .................................................................................. 12 AddMSSLDomain Response ............................................................................... 12

11. Update MSSL Profile ......................................................................................................... 12

UpdateMSSLProfile Request ............................................................................... 12 UpdateMSSLProfile Response ............................................................................ 13

12. Get MSSL Profiles .............................................................................................................. 13

GetMSSLProfile Request ..................................................................................... 13 GetMSSLProfile Response .................................................................................. 13

13. Get MSSL Domain List ...................................................................................................... 14

GetMSSLDomainList Request ............................................................................ 14 GetMSSLDomainList Response ......................................................................... 14

14. Modify MSSL Domain ........................................................................................................ 15

ModifyMSSLDomain Request ............................................................................. 15 ModifyMSSLDomain Response .......................................................................... 15

15. Query API Calls .................................................................................................................. 15

15.1 Get Issued Certificate – Single Certificate (GetOrderByOrderID) ........................ 15 15.2 Query API to get Issued Certificate - Multiple Orders (GetOrderByDateRange) . 18 15.3 Query API to Get Recently Modified Orders (GetModifiedOrders) ...................... 20 15.4 Query to Determine Upcoming Renewals (GetOrderByExpirationDate) ............. 23 15.5 Query API to Get Certificate Orders (GetCertificateOrders) ................................ 24 15.6 Query API to Reissue Certificates (ReIssue) ....................................................... 25 15.7 CSR Decoder and Error Checker (DecodeCSR) ................................................. 26 15.8 Turn Renewal Notice On/Off (ToggleRenewalNotice) ......................................... 27

16. Certificate Order Entry Parameters ................................................................................. 29


16.1 MSSL Profile and Domain ID’s ............................................................................. 29 16.2 Product Codes ...................................................................................................... 29 16.3 Validity Period ...................................................................................................... 29 16.4 Date/Time Formatting ........................................................................................... 29 16.5 Setting Validity Period of the Certificate (by Not before/Not after date) ............... 29 16.6 Order Type ........................................................................................................... 30 16.7 Options ................................................................................................................. 30 16.8 Licenses ............................................................................................................... 30 16.9 CreditAgency/OrganizationCode .......................................................................... 30 16.10 KeyLength ............................................................................................................ 30 16.11 OptionName ......................................................................................................... 31 16.12 Subject Alternative Names (SANs) Entry ............................................................. 31 16.13 Country ................................................................................................................. 31

17. Status Explanations .......................................................................................................... 34

17.1 Order/Certificate Status ........................................................................................ 34 17.2 ModificationEventName ....................................................................................... 35 17.3 MSSL Domain Status ........................................................................................... 35 17.4 MSSL Profile Status ............................................................................................. 36 17.5 ResendEmailType ................................................................................................ 36 17.6 Success / Error Codes ......................................................................................... 36

Client Error Codes ................................................................................................ 37 Server Error Codes .............................................................................................. 38

18. XML Field Definitions ........................................................................................................ 39


1. Outline

GlobalSign offers a Simple Object Access Protocol (SOAP) API for its partners and customers to directly order and manage certificates. Through this API, partners can perform functions such as ordering the different products, cancelling and fulfilling orders, and querying for order data.

The API is organized as two Web Services – ORDER and QUERY. The operations in the ORDER Web Service are focused around initiating and cancelling orders while the QUERY Web service is focused on checking status of orders, getting fulfillment information for orders, such as issued certificates, reports, and obtaining order details.

The API supports applications for SSL Certificates placed by customers using the SSL Managed service platform. Customers using the SSL Managed Service may use the API to place orders for certificates against the registered list of pre-vetted domains.

Typically an API user will retrieve issued certificates using the QUERY function and then use its own methods to install or communicate the certificate to the end customer. However the API also allows for orders to be emailed directly to end customers if desired.

2. SSL Product Type Explanations

OrganizationSSL:

OrganizationSSL is a feature rich high value organization validated certificate. When placing an OrganizationSSL order the applicant can either supply a CSR or request GlobalSign creates a CSR on the fly (AutoCSR). Certificates requested using AutoCSR are returned in a packaged PKCS#12 file containing both the Certificate file and private key. Certificates requested by supplying a customer generated CSR are returned as standard Certificate files.

To our partners these two products are known as OrganizationSSL and OrganizationSSL with Auto-CSR. Both of these product codes can be ordered as not only a standard and wildcard option, but also with certain SAN options. For the OrganizationSSL there are the following Subject Alternative Names options allowed:

Unified Communications support for owa, autodiscover and mail

Additional Subdomain support

Internal Hostname support

Public IP Address support

Additional Fully Qualified Domain Name support

These options can be added through both the OrganizationSSL product code, as well as the OrganizationSSL with Auto-CSR product code, in 1-5 year validity periods.

Note: the API product code specification OrganizationSSL is referenced as OV. The product code for applications using AutoCSR is referenced as OV_SKIP

Customers with SSL Managed Service accounts may obtain pre-vetted OrganizationSSL certificates by using the SSL Managed Service application calls.

Extended SSL:

ExtendedSSL is the product name for GlobalSign's Extended Validation (EV) SSL offering and is issued in strict adherence the published CA/B Forum EV SSL guidelines covering certificate profile format, vetting method and workflow. This product can be ordered as only a standard SSL Certificate with limited Subject Alternative Name support and does not support wildcard applications and globalip option, NOT as a wildcard option. This product can also work with all the SAN options. For the Extended SSL, the following SAN options allowed:

Unified Communications support for owa, autodiscover and mail

Additional Subdomain support


Additional Fully Qualified Domain Name support

This product can only be ordered in a 1-2 year validity period.

3. Web Service Functions – Order & Query Workflow Overview

Order processing for SSL Certificates and web identity products is asynchronous. For these types of orders an API client places an order and then later checks the server for the completed order. The specification document is split into two sections:

Managed SSL (MSSL) Functions: calls to place orders, modify or cancel orders, modify or query MSSL specific account information

Standard SSL Query Functions: calls needed to complete order calls, such as querying, and searching for complete orders (such as “getting” issued certificates)

The general approach for ordering is to place orders using an Order function, then periodically request the list of all orders that have changed status during a specified time interval (for example, the last four hours) using the Query function of “GetModifiedOrders”. This returns a list of all orders and detailed order information for orders that have changed status in the specified time interval. The status of all returned orders can then be updated locally and used as necessary.

An alternative to querying for a set of modified orders within a time period is to specifically request the status of a specific order. In this case the ordering flow consists of the following operations: place an order, and then periodically check the status of the specific order (GetOrderByOrderID). Once the order has been completed, the fulfillment information is returned with the GetOrderByOrderID operation. This approach is less efficient, but might be more appropriate when there is a low volume of certificates being managed.

3.1 Managed SSL Functions Functions

Function API Request

Get List of MSSL Profiles GetMSSLProfiles

Get List of MSSL Domains GetMSSLDomains

Order Pre-vetted SSL Certificate via SSL Managed Service account

GSPVOrder

Order Pre-vetted AutoCSR SSL Certificate via SSL Managed Service account

GSPVOrderWithoutCSR

Add domain to MSSL account AddMSSLDomain

Add profile to MSSL account AddMSSLProfile

Update existing MSSL Profile UpdateMSSLProfile

Modify Existing MSSL Order ModifyMSSLOrder

Modify Existing MSSL Domain ModifyMSSLDomain

3.2 Standard SSL Query functions

The following functions are not specific to MSSL, but are used across the range of SSL products.

Function API Request

Searching order information by Order ID

GetOrderByOrderID

Searching modified orders by modified date (from/to)

GetModifiedOrders

Getting order list GetCertificateOrders

Searching orders by order date (from/to)

GetOrderByDataRange


3.3 Issued Certificates

There are two methods for certificate delivery, either via the API or through email. Issued certificates can be delivered directly to the user specified in the appropriate Order functions. In the Order Requests, specify the end user who shall receive the certificate and their email address in the <ContactInfo> field.

4. API URL’s

4.1 GlobalSign URL

The following URL’s should be used to access the GlobalSign live API: MSSL: https://system.globalsign.com/kb/ws/v1/ManagedSSLService Query & General: https://system.globalsign.com/kb/ws/v1/GASService

4.2 Test Account URLs

The following URLs* should be used to access the GlobalSign Test API: MSSL: https://testsystem.globalsign.com/kb/ws/v1/ManagedSSLService

Query & General: https://testsystem.globalsign.com/kb/ws/v1/GASService

*Test system accounts are available to API customers upon request

5. WSDL Files

5.1 GlobalSign URL

GlobalSign’s WSDL files are available from:

MSSL: https://system.globalsign.com/kb/ws/v1/ManagedSSLService?wsdl Query & General: https://system.globalsign.com/kb/ws/v1/GASService?wsdl

5.2 Test Account URLs

Test account WSDL files are available from: MSSL: https://testsystem.globalsign.com/kb/ws/v1/ManagedSSLService?wsdl Query & General: https://testsystem.globalsign.com/kb/ws/v1/GASService?wsdl *Test system accounts are available to API customers upon request

https://system.globalsign.com/kb/ws/v1/ManagedSSLService

https://system.globalsign.com/kb/ws/v1/GASService

https://testsystem.globalsign.com/kb/ws/v1/ManagedSSLService

https://testsystem.globalsign.com/kb/ws/v1/GASService?wsdl

https://system.globalsign.com/kb/ws/v1/ManagedSSLService?wsdl

https://system.globalsign.com/kb/ws/v1/GASService?wsdl

https://testsystem.globalsign.com/kb/ws/v1/ManagedSSLService?wsdl

https://testsystem.globalsign.com/kb/ws/v1/GASService?wsdl


6. Ordering MSSL OrganizationSSL Certificates

6.1 Ordering an MSSL OrganizationSSL Certificate

PVOrder Request

Input Type Size Req? Remarks

OrderRequestHeader Y

AuthToken Y

UserName String 30 Y

Password String 30 Y

OrderRequestParameter Y

ProductCode String Y "PV"

BaseOption -

OrderKind String Y New, Renewal, Transfer

Licenses

Options

Option +

OptionName

EXP: ExpressOption

INS: InsuranceOption

GSS: GSSupportOption

VPC: ValidityPeriodCustomizeOption,

SAN: SANOption

OptionValue Boolean true, false

ValidityPeriod Y

Months int 4 Y

NotBefore Date YYY-MM-DDTHH:MM:SS.000Z

NotAfter Date YYY-MM-DDTHH:MM:SS.000Z

CSR String 4000 Y

RenewalTargetOrderId String 50

TargetCert String 4000

SpecialIntructions String 4000

Coupon String 50

Campaign String 50

MssLProfileId String Y

MsslPDomainId String Y

SubId String 50

PVSealInfo String

AddressLine1 String 100



PostalCode String 20

Phone String 30

Fax String 30

ContactInfo

FirstName String 100 Y

Set order information and order

OrganizationSSL certificate PVOrder Response

(1) PVOrder Request


LastName String 100 Y

Phone String 30 Y

Email String 255 Y

SANEntries

SANEntry +

SANOptionType String

SANAltName String 4000 Y

ModifyOperations

PVOrder Response

Output Type Size Req? Remarks

OrderResponseHeader Y

SuccessCode int 2 Y

Errors N

Error Y

ErrorCode int 2 Y

ErrorField String 1000 N

ErrorMessage String 1000 Y

Timestamp DateTime Y YYYY-MM-DDTHH:MM:SS.000Z

GSPVOrderDetail N

CertificateInfo N

CertificateStatus int 5 Y

1: INITIAL,

2: Waiting for phishing check

3: Cancelled - not issued

4: Issue Completed

5: Cancelled - issued

6: Waiting for revocation

7: Revoked

StartDate Date Y YYYY-MM-DDTHH:MM:SS.000Z

EndDate Date Y YYYY-MM-DDTHH:MM:SS.000Z

CommonName String 64 Y

SerialNumber String 64 Y

SubjectName String 3000 Y

DNSNames String 300 N

Fulfillment N

CACerticates N

CACertificate Y

CACertType String Y Root, Inter

CACert String 4000 Y

ServerCertificate N

X509Cert String 4000 Y

PKCS7Cert String 4000 Y


7. Ordering MSSL OrganizationSSL Certificates using AutoCSR

Ordering an OrganizationSSL Certificate using AutoCSR

PVOrderWithoutCSR Request

Input Type Size Req? Remarks


AuthToken Y



OrderRequestParameterWithoutCSR Y

ProductCode String Y PV_SKIP

BaseOption

OrderKind String Y New, Renewal, Transfer

Licenses

Options

Option +

OptionName

EXP: ExpressOption

INS: InsuranceOption

GSS: GSSupportOption

VPC:

ValidityPeriodCustomizeOption,

SAN: SANOption

OptionValue Boolean true, false

ValidityPeriod Y

Months int 4 Y

NotBefore Date YYYY-MM-DDTHH:MM:SS.000Z

NotAfter Date YYYY-MM-DDTHH:MM:SS.000Z

Pin String Y

KeyLength int Y 2048

RenewalTargetOrderId String 50

TargetCert String 4000

SpecialIntructions String 4000

Coupon String 50

Campaign String 50

MssLProfileID String Y

MsslPDomainID String Y

SubId String 50

PVSealInfo String


Set order information and order

OrganizationSSL certificate PVOrderWithoutCSR Response

(1) PVOrderWithoutCSR Request

Retrieve Organization SSL

PKCS#12 Certificate GetOrderbyOrderID Response

(1) GetOrderbyOrderID Request





Phone String 30

Fax String 30

OVCSRInfo Y

CommonName String Y

OrganizationUnit String

ContactInfo



Phone String 30 Y

Email String 255 Y

SANEntries

SANEntry +

SANOptionType String

SANAltName String 4000

ModifyOperations

PVOrderWithoutCSR Response

Output Type Siz

e

Require

d Remarks


SuccessCode int 2 Y

Errors

Error Y

ErrorCode int 2 Y

ErrorField Strin

g

100

0

ErrorMessag

e

Strin

g

100

0 Y

Timestamp DateTime Y YYYY-MM-DDTHH:MM:SS.000Z

GSPVOrderDetai

l

CertificateInfo

CertificateStatus int 5 Y

1: INITIAL,

2: Waiting for phishing

check

3: Cancelled - not issued

4: Issue Completed

5: Cancelled - issued


7: Revoked

StartDate Date Y YYYY-MM-DDTHH:MM:SS.000Z

EndDat

e Date Y YYYY-MM-DDTHH:MM:SS.000Z

CommonName Strin

g 64 Y

SerialNumber Strin

g 64 Y

SubjectName Strin

g

300

0 Y

DNSNames Strin

g 300

Fulfillment

CACerticates

CACertificate Y

Strin

g Y Root, Inter

Strin

g

400

0 Y

ServerCertificate

X509Cert Strin

g

400

0 Y

PKCS7Cert Strin

g

400

0 Y

8. Modify MSSL Order

ModifyMSSLOrder Request


Input Type Size Req?

OrderRequestHeader AuthToken UserName String 30 Y


OrderID String 50 Y

ModifyOrderOperation String 64 Y

APPROVE

CANCEL

REVOKE

ModifyMSSLOrder Response

Output Type Size Req?


SuccessCode int 2 Y

Errors

Error Y

ErrorCode int 2 Y

ErrorField String 1000


Timestamp DateTime Y

9. Add MSSL Profile

AddMSSLProfile Request




VettingLevel String 2 Y

MSSLOVProfileInfo MSSLOVProfile Country String 2 Y

StateOrProvince String 255 Y

Locality String 255 Y

OrganisationUnit

OrganizationName

String

String

255

255

N

Y

OVSealInfo StreetAddress1 String 100 Y

StreetAddress2 String 100 Y

PostalCode String 20 Y

OtherAddressInfo String 100 Y

Telephone String 30 Y

Fax String 30 Y

BusinessOVInfo CreditAgency String 50 Y

OrganizationCode String 50

MSSLEVProfileInfo MSSLEVProfile OrganizationName String 255 Y

OrganisationUnit

BusinessCategory

String

String

255

20

N

Y

JurisdictionInfo JurisdictionCountry String 30 Y

JurisdictionState String 255 Y

JurisdictionLocality String 200 Y

IncorporationAgency

RegistrationNumber String 100 Y

BusinessPlaceInfo StreetAddress1 String 100 Y


BusinessCategory String 20 N

City String 200 Y



CountryCode String 2 Y


Fax String 30 N

BusinessEVInfo BusinessAssumedName String 255 Y

CreditAgency String 50 Y


CertificateApprover OrganizationName String 255 Y

JobTitle String 255 Y

ContractSigner OrganizationName String 100 Y

Department String 100 Y






EmailAddress String 30 Y

AddMSSLProfile Response

Output Type Siz

e

Req

?


SuccessCod

e int 2 Y

Errors

Erro

r Y

ErrorCode int 2 Y

ErrorField Strin

g

100

0

ErrorMessag

e

Strin

g

100

0 Y

Timestamp DateTime Y YYYY-MM-

DDTHH:MM:SS.000Z

MSSLProfileI

D String 50

10. Add MSSL Domain

AddMSSLDomain Request

Input Type Size Req? Validation

OrderRequestHeader AuthToken UserName String 30 Y required, maxlength

Password String 30 Y required, maxlength

MSSLProfileID String 50 Y maxlength

DomainName String 64 Y maxlength, format

AddMSSLDomain Response



SuccessCode int 2 Y

Errors

Error Y

ErrorCode int 2 Y



Timestamp DateTime Y YYYY-MM-

DDTHH:MM:SS.000Z

DomainName String 64 Y

11. Update MSSL Profile

UpdateMSSLProfile Request



AuthToken Y

UserName String 30 Y required, maxlength


MSSLProfielID String 50 Y required, maxlength

MSSLEVProfileInfo

MSSLEVProfile Y

OrganizationName String 255 Y required, maxlength

BusinessCategory String 20 Y required, maxlength,

enumiccontains

JurisdictionInfo Y

JurisdictionCountry String 30 Y required, maxlength,

enumiccontains


JurisdictionState String 255 maxlength

JurisdictionLocality String 200 maxlength

IncorporationAgencyRegistrationNumber String 100 Y required, maxlength

BusinessPlaceInfo Y

StreetAddress1 String 100 Y required, maxlength

StreetAddress2 String 100 maxlength

City String 200 Y required, maxlength

StateOrProvince String 255 Y required, maxlength

PostalCode String 20 Y required, maxlength, postalcode

CountryCode String 2 Y required, maxlength,

enumiccontains

Telephone String 30 Y required, maxlength, tel

Fax String 30 maxlength, tel

BusinessEVInfo Y

BusinessAssumedName String 255 maxlength

CreditAgency String 50 maxlength, enumcontains

OrganizationCode String 50 maxlength

CertificateApprover Y


JobTitle String 255 maxlength

ContractSigner Y


Department String 100 Y required, maxlength

FirstName String 100 Y required, maxlength

LastName String 100 Y required, maxlength

JobTitle String 255 Y required, maxlength

Telephone String 30 Y required, maxlength, tel

EmailAddress String 30 Y required, maxlength, email

UpdateMSSLProfile Response



SuccessCode int 2 Y

Errors

Error Y

ErrorCode int 2 Y




MSSLProfileID String 50 X

12. Get MSSL Profiles

GetMSSLProfile Request



AuthToken Y

UserName String 30 Y required, maxlength


MSSLProfileID String 50 maxlength

VettingLevel String 2 Y maxlength, enumiccontains

MSSLProfileStatus String 5 maxlength, enumiccontains

GetMSSLProfile Response

OutPut Type Size Req?

SearchMSSLProfileDetails

SearchMSSLProfileDetail Y

MSSLProfielID String 50 Y

VettingLevel String 2 Y

MSSLPlofileStatus String 5

docsubmission_date Date 25

pvrecieve_date Date 25

hold_end_date Date 25

request_date Date 25 Y

MSSLOVProfileInfo

MSSLOVProfile Y

Country String 2 Y



Locality String 255 Y

OrganizationName String 255 Y

OVSealInfo Y

StreetAddress1 String 100



OtherAddressInfo String 100

Telephone String 30

Fax String 30

BusinessOVInfo Y

CreditAgency String 50


MSSLEVProfileInfo

MSSLEVProfile Y


BusinessCategory String 20 Y

JurisdictionInfo Y

JurisdictionCountry String 30 Y

JurisdictionState String 255

JurisdictionLocality String 200

IncorporationAgencyRegistrationNumber String 100 Y

BusinessPlaceInfo Y



BusinessCategory String 20 Y

City String 200 Y



CountryCode String 2 Y


Fax String 30

BusinessEVInfo Y

BusinessAssumedName String 255

CreditAgency String 50


CertificateApprover Y


JobTitle String 255

ContractSigner Y


Department String 100





EmailAddress String 30 Y

13. Get MSSL Domain List

GetMSSLDomainList Request



AuthToken Y



MSSLProfileID String 50

MSSLDomainID String 50

MSSLDomainName String 64

MSSLPlofileStatus String 5

GetMSSLDomainList Response


SearchMSSLDomainDetails

SearchMSSLDomainDetail

MSSLDomainID String 50 Y

MSSLProfielID String 17 Y

MSSLDomainName String 64 Y


MSSLDomainStatus String

NotBefore String

NotAfter String

delete_date String

SearchMSSLDomainDetail

SearchMSSLDomainDetails

14. Modify MSSL Domain

ModifyMSSLDomain Request




OrderID String 50 Y

MSSLDomainID String 64 Y

ModifyDomainOperation String 64 Y DELETE

ModifyMSSLDomain Response



SuccessCode int 2 Y

Errors

Error Y

ErrorCode int 2 Y




15. Query API Calls

15.1 Get Issued Certificate – Single Certificate (GetOrderByOrderID)

GetOrderByOrderID Request

<GetOrderByOrderID xmlns="http://stub.query.gasapiserver.esp.globalsign.com">

<Request>

<QueryRequestHeader>

<AuthToken>

<UserName> 30 String

<Password> 30 String

</AuthToken>

</QueryRequestHeader>

<OrderID> 50 String

(<OrderQueryOption>

(<OrderStatus>)? <!- N/A -->

(<ReturnOrderOption>)? 5 String true, false

(<ReturnCertificateInfo>)? 5 String true, false

(<ReturnFulfillment>)? 5 String true, false

(<ReturnCACerts>)? 5 String ReturnFulfillment

true

</OrderQueryOption>)?

</Request>


</GetOrderByOrderID>

GetOrderByOrderID Response

GetOrderByOrderID xmlns="http://stub.query.gasapiserver.esp.globalsign.com">

<Response>

<QueryResponseHeader>

<SuccessCode> 2

(<Errors>

(<Error>

<ErrorCode> 5

<ErrorMessage> 1000 String

</Error>)+

</Errors>)?

<Timestamp> 25 YYYY-MM-DDTHH:MM:SS.000Z

<ReturnCount> 5

</QueryResponseHeader>

<OrderID>? 50 String

(<Pkcs12File>)? 4000 String

(<OrderDetail>

<OrderInfo>

<OrderID> 50 String

<ProductCode> 20 String

(<BaseOption>)? 20 String

<OrderKind> 10 String

<Licenses> 3

(<ExpressOption>)? 5 String

(<ValidityPeriodCustomizeOption>)? 5 String

(<InsuranceOption>)? 5 String

(<GSSupportOption>)? 5 String

(<RenewalExtentionOption>)? 5 String

<DomainName> 255 String

<OrderDate> 25 YYYY-MM-DDTHH:MM:SS.000Z

(<OrderCompleteDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z

(<OrderCanceledDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z

(<OrderDeactivatedDate>)? 25 YYYY-MM-

DDTHH:MM:SS.000Z

<OrderStatus> 5 1: INITIAL


3: Cancelled - Not Issued

4: Issue completed

5: Cancelled - Issued


7: Revoked

<Price> 10

<Currency> 10 String

<ValidityPeriod>

<Months> 4

(<NotBefore>)? 25 YYYY-MM-DDTHH:MM:SS.000Z

(<NotAfter>)? 25 YYYY-MM-DDTHH:MM:SS.000Z

</ValidityPeriod>

(<SpecialInstructions>)? 4000 String

</OrderInfo>

<OrderSubInfo>

<CSRSkipOrderFlag> 5 String true,false

<DNSOrderFlag> 5 String true,false

<TrustedOrderFlag> 5 String true,false

(<P12DeleteStatus>)? 5

(<P12DeleteDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z

(<VerificationUrl>)? 300 String

<SubId> 50 String

</OrderSubInfo>

(<OrderOption>

<ApproverNotifiedDate>? 25 YYYY-MM-

DDTHH:MM:SS.000Z

<ApproverConfirmDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z

<ApproverEmailAddress>? 255 String

<OrganizationInfo>

<OrganizationName> 255 String

(<CreditAgency>)? 50 String


(<OrganizationCode>)? 50 String

(<BusinessAssumedName>)? 255 String

(<BusinessCategoryCode>)? 20 String

<OrganizationAddress>

<AddressLine1> 100 String

(<AddressLine2>)? 100 String


<City> 200 String

<Region> 255 String

<PostalCode> 20 String

<Country> 30 String

<Phone> 30 String

(<Fax>)? 30 String

</OrganizationAddress>

</OrganizationInfo>

(<RequestorInfo>

<FirstName> 100 String

<LastName> 100 String

<Function> 255 String


<OrganizationUnit> 100 String

<Phone> 30 String

<Email> 255 String

</RequestorInfo>)?

(<ApproverInfo>





(<OrganizationUnit>)? 100 String

<Phone> 30 String

<Email> 255 String

</ApproverInfo>)?

(<AuthorizedSignerInfo>




<Phone> 30 String

<Email> 255 String

</AuthorizedSignerInfo>)?

(<JurisdictionInfo>

<Country> 30 String

<StateOrProvince> 255 String

<Locality> 200 String

<IncorporatingAgencyRegistrationNumber> 100 String

</JurisdictionInfo>)?

(<ContactInfo>



<Phone> 30 String

<Email> 255 String

</ContactInfo>)?

</OrderOption>)?

(<CertificateInfo>

<CertificateStatus> 5 1: INITIAL



4: Issue completed


7: Revoked

<StartDate> 25 YYYY-MM-DDTHH:MM:SS.000Z

<EndDate> 25 YYYY-MM-DDTHH:MM:SS.000Z

<CommonName> 64 String

<SerialNumber> 64 String

<SubjectName> 3000 String

(<DNSNames>)? 300 String

</CertificateInfo>)?

(<Fulfillment>

(<CACertificates>

(<CACertificate>

<CACertType> 15 String Root,Inter


<CACert> 4000 String

</CACertificate>)+

</CACertificates>)?

(<ServerCertificate>

<X509Cert> 4000 String

<PKCS7Cert> 4000 String

</ServerCertificate>)?

</Fulfillment>)?

<ModificationEvents>

(<ModificationEvent>

<ModificationEventName> 5

<ModificationEventTimestamp>25 YYYY-MM-

DDTHH:MM:SS.000Z

</ModificationEvent>)+

</ModificationEvents>?

</OrderDetail>)?

</Response>

</GetOrderByOrderID>

15.2 Query API to get Issued Certificate - Multiple Orders (GetOrderByDateRange)

GetOrderByDateRange Request

<GetOrderByDateRange xmlns="http://stub.query.gasapiserver.esp.globalsign.com">

<Request>


<AuthToken>

<UserName> 30

<Password> 30

</AuthToken>


<FromDate> YYYY-MM-DDTHH:MM:SS.000Z

<ToDate> YYYY-MM-DDTHH:MM:SS.000Z

(<OrderQueryOption>

(<OrderStatus>)? 5 String true, false

(<ReturnOrderOption>)? 5 String true, false

(<ReturnCertificateInfo>)? 5 String true, false

(<ReturnFulfillment>)? 5 String true, false

(<ReturnCACerts>)? 5 String


</Request>

</GetOrderByDataRange>

GetOrderByDateRange Response

<GetOrderByDateRange xmlns="http://stub.query.gasapiserver.esp.globalsign.com">

<Response>


<SuccessCode> 2

(<Errors>

(<Error>

<ErrorCode> 5


</Error>)+

</Errors>)?


<ReturnCount> 5


<FromDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z

<ToDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z

(<OrderDetails>

(<OrderDetail>

<OrderInfo>

<OrderID> 50 String




<Licenses> 3



(<ValidityPeriodCustomizeOption>)?5 String



(<RenewalExtentionOption>)?5 String






DDTHH:MM:SS.000Z




4: Issue completed



7: Revoked

<Price> 10


<ValidityPeriod>

<Months> 4



</ValidityPeriod>


</OrderInfo>

<OrderSubInfo>







<SubId> 50 String

</OrderSubInfo>

(<OrderOption>


DDTHH:MM:SS.000Z



<OrganizationInfo>










<City> 200 String

<Region> 255 String

(<PostalCode>)? 20 String

<Country> 30 String

<Phone> 30 String

(<Fax>)? 30 String


</OrganizationInfo>

(<RequestorInfo>






<Phone> 30 String

<Email> 255 String

</RequestorInfo>)?

(<ApproverInfo>







<Phone> 30 String

<Email> 255 String

</ApproverInfo>)?





<Phone> 30 String

<Email> 255 String


(<JurisdictionInfo>

<Country> 30 String



<IncorporatingAgencyRegistrationNumber>100 String


(<ContactInfo>



<Phone> 30 String

<Email> 255 String

</ContactInfo>)?

</OrderOption>)?

(<CertificateInfo>




4: Issue completed


7: Revoked








(<Fulfillment>

(<CACertificates>

(<CACertificate>

<CACertType> 15 String Root,Inter


</CACertificate>)+

</CACertificates>)?





</Fulfillment>)?




<ModificationEventTimestamp>25 YYYY-MM-

DDTHH:MM:SS.000Z



</OrderDetail>)+

</OrderDetails>)?

</Response>

</GetOrderByDataRange>

15.3 Query API to Get Recently Modified Orders (GetModifiedOrders)

As mentioned above the GetModifiedOrders API will return a list of orders modified within a specified time frame.


GetModifiedOrders Request

<GetModifiedOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com">

<Request>


<AuthToken>

<UserName>

<Password>

</AuthToken>


<FromDate> YYYY-MM-DDTHH:MM:SS.000Z

<ToDate> YYYY-MM-DDTHH:MM:SS.000Z

(<OrderQueryOption>

(<OrderStatus>)? 5 1: INITIAL



4: Issue completed



7: Revoked

(<ReturnOrderOption>)? true,false

(<ReturnCertificateInfo>)? true,false

(<ReturnFulfillment>)? true,false

(<ReturnCACerts>)? true,false


</Request>

</GetModifiedOrders>

GetModifiedOrders Response

<GetModifiedOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com">

<Response>


<SuccessCode> 2

(<Errors>

(<Error>

<ErrorCode> 5


</Error>)+

</Errors>)?


<ReturnCount> 5


<FromDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z

<ToDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z

(<OrderDetails>

(<OrderDetail>

<OrderInfo>

<OrderID> 50 String




<Licenses> 3


(<ValidityPeriodCustomizeOption>)?5 String



(<RenewalExtentionOption>)?5 String






DDTHH:MM:SS.000Z




4: Issue completed




7: Revoked

<Price> 10


<ValidityPeriod>

<Months> 4



</ValidityPeriod>


</OrderInfo>

<OrderSubInfo>







<SubId> 50 String

</OrderSubInfo>

(<OrderOption>


DDTHH:MM:SS.000Z



<OrganizationInfo>

<OrganizationName>255 String









<City> 200 String

<Region> 255 String

(<PostalCode>)? 20 String

<Country> 30 String

<Phone> 30 String

(<Fax>)? 30 String


</OrganizationInfo>

(<RequestorInfo>






<Phone> 30 String

<Email> 255 String

</RequestorInfo>)?

(<ApproverInfo>






<Phone> 30 String

<Email> 255 String

</ApproverInfo>)?





<Phone> 30 String

<Email> 255 String


(<JurisdictionInfo>


<Country> 30 String



<IncorporatingAgencyRegistrationNumber>100 String


(<ContactInfo>



<Phone> 30 String

<Email> 255 String

</ContactInfo>)?

</OrderOption>)?

(<CertificateInfo>




4: Issue completed


7: Revoked








(<Fulfillment>

(<CACertificates>

(<CACertificate>

<CACertType> 15 Root,Inter


</CACertificate>)+

</CACertificates>)?





</Fulfillment>)?




<ModificationEventTimestamp> YYYY-MM-

DDTHH:MM:SS.000Z



</OrderDetail>)+

</OrderDetails>)?

</Response>

</GetModifiedOrders>

15.4 Query to Determine Upcoming Renewals (GetOrderByExpirationDate)

Request to query for orders with certificates expiring in date range.

GetOrderByExpirationDate Request

<GetOrderByExpirationDate >

<Request>


<AuthToken>

<UserName>

<Password>

</AuthToken>


(<ExpirationFromDate>)? YYYY-MM-DDTHH:MM:SS.000Z

(<ExpirationToDate>)? YYYY-MM-DDTHH:MM:SS.000Z

(<FQDN>)? 64 String

(<OrderKind>)? 10 String





4: Issue completed



7: Revoked

(<SubID>)? 50 String

</Request>

</GetCertificateOrders>

GetOrderByExpirationDate Response

<GetCertificateOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com">

<Response>


<SuccessCode> 2

(<Errors>

(<Error>

<ErrorCode> 5


</Error>)+

</Errors>)?


<ReturnCount> 5


(<SearchOrderDetails>

(<SearchOrderDetail>

<OrderID> 50 String



<RequestKind> 10 String

<Licenses> 3

<OrderRequestDate> 25 YYYY-MM-DDTHH:MM:SS.000Z

<OrderIssueDate> 25 YYYY-MM-DDTHH:MM:SS.000Z





4: Issue completed



7: Revoked


<Months> 4

<SubId> 50 String

<FQDN> 64 String

</SearchOrderDetail>)+

</SearchOrderDetails>)?

</Response>


15.5 Query API to Get Certificate Orders (GetCertificateOrders)

As mentioned above the GetCertificateOrders API will return a list of orders.

GetCertificateOrders Request


<Request>


<AuthToken>

<UserName>


<Password>

</AuthToken>


(<FromDate>)? YYYY-MM-DDTHH:MM:SS.000Z

(<ToDate>)? YYYY-MM-DDTHH:MM:SS.000Z

(<FQDN>)? 64 String

(<OrderKind>)? 10 String




4: Issue completed



7: Revoked

(<SubID>)? 50 String

</Request>


GetCertificateOrders Response


<Response>


<SuccessCode> 2

(<Errors>

(<Error>

<ErrorCode> 5


</Error>)+

</Errors>)?


<ReturnCount> 5


(<SearchOrderDetails>

(<SearchOrderDetail>

<OrderID> 50 String



<RequestKind> 10 String

<Licenses> 3

<OrderRequestDate> 25 YYYY-MM-DDTHH:MM:SS.000Z

<OrderIssueDate> 25 YYYY-MM-

DDTHH:MM:SS.000Z





4: Issue completed



7: Revoked


<Months> 4

<SubId> 50 String

<FQDN> 64 String

</SearchOrderDetail>)+

</SearchOrderDetails>)?

</Response>


15.6 Query API to Reissue Certificates (ReIssue)

Use the Reissue API to Re-order a certificate.


"HashAlgorithm" is a newly added field in the API for reissue.

- If this is not specified, certificates will be issued based on the hash algorithm of the certificate being reissued.

- If "SHA1" is specified, SHA1 certificates will be issued. - If "SHA256" is specified, SHA-256 certificates will be issued. -

However, when reissuing certificates from SHA-256 to SHA1, issuing certificates which exceeds the

SHA-1 maximum validity period will be truncated. SHA-1 to SHA-1 certificate reissuance will not be

affected.

Example: Request a 5 year SHA-256 certificate. If you re-issue to SHA-1, you will receive a maximum

39 month certificate which could result in the loss of up to 21 months of validity period.

Recommendation: By requesting a maximum of a 3-year certificate you can avoid any loss of validity

period when performing reissues.

ReIssue Request

<ReIssue xmlns="http://stub.order.gasapiserver.esp.globalsign.com">

<Request>

<OrderRequestHeader>

<AuthToken>

<UserName> 30

<Password> 30

</AuthToken>

</OrderRequestHeader>

<OrderParameter>

<CSR> 4000 String


</OrderParameter>

<TargetOrderID> 50 String

<HashAlgorithm> SHA1, SHA256

</Request>

</ReOrder>

ReIssue Response

< ReIssue xmlns="http://stub.order.gasapiserver.esp.globalsign.com">

<Response>

<OrderResponseHeader>

<SuccessCode> 2

(<Errors>

(<Error>

<ErrorCode> 5

(<ErrorField>)? 1000 String


</Error>)+

</Errors>)?

<Timestamp> YYYY-MM-DDTHH:MM:SS.000Z

</OrderResponseHeader>


<TargetOrderID>? 50 String

</Response>

</ ReIssue >

15.7 CSR Decoder and Error Checker (DecodeCSR)

Request to allow submission of CSR for parsing and error checking.


DecodeCSR Request

<DecodeCSR>

<Request >


<AuthToken>



</AuthToken>


<CSR> 50 String

<ProductType> DV_LOW,DV OV, EV

</Request >

</DecodeCSR>

DecodeCSR Response

<DecodeCSR>

<Response>


<SuccessCode> 2

(<Errors>

(<Error>

<ErrorCode> 5



</Error>)+

</Errors>)?



<CSRData>

(<CommonName>)? 255 String

(<Organization>)? 255 String


(<Locality>)? 255 String

(<State>)? 255 String

(<Country>)? 30 String

(<EmailAddress>)? 255 String

(<KeyLength>)? 30 String

</CSRData>

<CertificatePreview>

(<CommonName>)? 255 String

(<Organization>)? 255 String


(<Locality>)? 255 String

(<State>)? 255 String

(<Country>)? 30 String

(<EmailAddress>)? 255 String

(<KeyLength>)? 30 String

</CertificatePreview>

</Response>

</DecodeCSR>

15.8 Turn Renewal Notice On/Off (ToggleRenewalNotice)

Toggle Renewal Notice Request

<ToggleRenewalNotice>

<Request>


<AuthToken>




</AuthToken>


<OrderID> 30 String

<RenewalNotice> true, false

</Request>

</ ToggleRenewalNotice >

Toggle RenewalNotice Response

< ToggleRenewalNotice >

<Response>


<SuccessCode> 2

(<Errors>

(<Error>

<ErrorCode> 5



</Error>)+

</Errors>)?




</Response>

</ ToggleRenewalNotice >


16. Certificate Order Entry Parameters

16.1 MSSL Profile and Domain ID’s

To order MSSL Certificates, an MSSLProfileID and MSSLDomainID must be provided. To obtain these

values from the GUI, login to your account, navigate to the “Manage Domains & Profiles” section, and

then click the “Toggle display of Profile ID & Domain ID” link at the bottom of the table. This will then

show the IDs for each of your profiles and domains.

16.2 Product Codes

The product code is a necessary item in most of the API calls above, the code you enter should match

the type of certificate your client requires.

Code Certificate Type PV OrganizationSSL

PV_SKIP OrganizationSSL using AutoCSR

16.3 Validity Period

You can control the validity period of ordered certificates by setting the number of months.

Number Of Months Certificate Validity Period (days) 6* 184*

12 366

24 731

36 1096

48 1461

60 1826

16.4 Date/Time Formatting

Date/Time is based on UTC and includes millisecond. eg: 2006-12-07T18:16:33.594Z This format is defined* as “xsd:dateTime XML Simple Type” * http://www.w3.org/TR/xmlschema-2/#dateTime

16.5 Setting Validity Period of the Certificate (by Not before/Not after date)

You can control the validity period of a certificate by modifying the Not before (N/B) and Not after (N/A) dates, these dates represent Valid From and Valid To in the final certificate. You can set either N/B and N/A dates, or just one of them. Restrictions are follows:

N/B should be at least 3 days after the ordering date for GSDVOrders, and at least 7 days after for GSOVOrders.

N/A should be as follows:

Number of Months Restrictions for N/A

http://www.w3.org/TR/xmlschema-2/#dateTime


6 DomainSSL : 4 days after or later from the ordering date and within 184 days

OV : 8 days after or later from the ordering date and within 184 days

12 185 days after or later from the ordering date and within 366 days





16.6 Order Type

The following OrderTypes can be ordered through the API.

No. OrderKind Notes 1 New A new order

2 Renewal A renewal order for replacing an expiring certificate

3 Transfer A competitive switch – a certificate is being traded in from another SSL provider

16.7 Options

BaseOptions can be added to the certificate order if it is for a specific type of certificate, the following

BaseOptions are currently available.

BaseOption Supported Product Notes wildcard OrganizationSSL (both with or without

using AutoCSR) Common Name must contain the * character in place of the

subdomain

globalip OrganizationSSL (both with or without using AutoCSR)

Common Name must contain a publicly accessible IP address

16.8 Licenses

GlobalSign has moved to an unlimited server licensing model for its SSL certificates. The values passed via the API in the license field are thus irrelevant. For new implementations, the request should be configured to submit a value of 1 licenses.

16.9 CreditAgency/OrganizationCode

CreditAgency/OrganizationCode is added to help GlobalSign validate the customers Organization. If the

customer has one of these numbers it should just be flagged as available, the actual code is not to be

entered.

No. Credit Agency Value 1 Dunn and Bradstreet number 1

2 Teikoku Databank code 2

16.10 KeyLength

This reflects the Key Length to be used if the certificate is being created on GlobalSign servers. Valid

values 2048 or 4096.


16.11 OptionName

The following option types must be added for ordering certificates with extended options. Set to TRUE to

activate.

OptionName Description SAN SAN: SANOption Activates the Subject Alternative

Name (SANs) options – see section on Subject Alternative Names (SANs) Entry

REX REX: RenewalExtentionOption Optionally adds an additional 30 days to a Renewal order

VPC VPC:ValidityPeriodCustomizeOption Allows the start date and end date of the Certificate to be customized – see section on Setting validity period of the certificate (by Not before/Not after date)

16.12 Subject Alternative Names (SANs) Entry

SANs entries should be added with a combination of OptionName set to SAN and SANOptionType set to

one of the following together with the full SAN name in SubjectAltName.

16.13 Country

List of country two digit codes and currently supported status, Y = supported N = not supported.

Code Name Status

AD ANDORRA Y

AE UNITED ARAB EMIRATES Y

AF AFGHANISTAN N

AG ANTIGUA AND BARBUDA Y

AI ANGUILLA Y

AL ALBANIA Y

AM ARMENIA Y

AN NETHERLANDS ANTILLES Y

AO ANGOLA N

AQ ANTARCTICA Y

AR ARGENTINA Y

AS AMERICAN SAMOA Y

AT AUSTRIA Y

AU AUSTRALIA Y

Code Name Status

AW ARUBA Y

AX ALANDS ISLANDS Y

AZ AZERBAIJAN Y

BA BOSNIA AND HERZEGOVINA

Y

BB BARBADOS Y

BD BANGLADESH Y

BE BELGIUM Y

BF BURKINA FASO Y

BG BULGARIA Y

BH BAHRAIN Y

BI BURUNDI Y

BJ BENIN Y

BM BERMUDA Y

BN BRUNEI DARUSSALAM Y

No. SAN OptionType Explanation Value 1 1:UC cert option Unified Communication Cert Option –

allows only owa, mail or autodiscover subdomains to be added

1

2 2:Subdomain SAN option Additional Subdomain Option 2

3 3:GIP SAN option Public IP Option 3

4 4:Internal SAN option Internal Hostname or non-public IP Option

4

7 7:FQDN SAN option Additional Fully Qualified Domain Option

7


Code Name Status

BO BOLIVIA Y

BR BRAZIL Y

GW GUINEA-BISSAU Y

GY GUYANA Y

HK HONG KONG Y

HM HEARD ISLAND AND MCDONALD ISLANDS

Y

HN HONDURAS Y

HR CROATIA Y

HT HAITI Y

HU HUNGARY Y

ID INDONESIA Y

IE IRELAND Y

IL ISRAEL Y

IM ISLE OF MAN Y

IN INDIA Y

IO BRITISH INDIAN OCEAN TERRITORY

Y

IQ IRAQ N

IR IRAN, ISLAMIC REPUBLIC OF

N

IS ICELAND Y

IT ITALY Y

JE JERSEY Y

JM JAMAICA Y

JO JORDAN Y

JP JAPAN Y

KE KENYA Y

KG KYRGYZSTAN Y

KH CAMBODIA Y

KI KIRIBATI Y

KM COMOROS Y

KN SAINT KITTS AND NEVIS Y

KP NORTH KOREA (DEMOCRATIC PEOPLE’S REPUBLIC OF KOREA)

N

BS BAHAMAS Y

BT BHUTAN Y

BV BOUVET ISLAND Y

BW BOTSWANA Y

BY BELARUS Y

BZ BELIZE Y

CA CANADA Y

CC COCOS (KEELING) ISLANDS

Y

CD CONGO, THE DEMOCRATIC REPUBLIC OF THE

Y

Code Name Status

CF CENTRAL AFRICAN REPUBLIC

Y

CG CONGO Y

CH SWITZERLAND Y

CI COTE D’IVOIRE Y

CK COOK ISLANDS Y

CL CHILE Y

CM CAMEROON Y

CN CHINA Y

CO COLOMBIA Y

CR COSTA RICA Y

CU CUBA N

CV CAPE VERDE Y

CX CHRISTMAS ISLAND Y

CY CYPRUS Y

CZ CZECH REPUBLIC Y

DE GERMANY Y

DJ DJIBOUTI Y

DK DENMARK Y

DM DOMINICA Y

DO DOMINICAN REPUBLIC Y

DZ ALGERIA Y

KR KOREA, REPUBLIC OF Y

KW KUWAIT Y

KY CAYMAN ISLANDS Y

KZ KAZAKSTAN Y

LA LAO PEOPLE’S DEMOCRATIC REPUBLIC

Y

LB LEBANON Y

LC SAINT LUCIA Y

LI LIECHTENSTEIN Y

LK SRI LANKA Y

LR LIBERIA N

LS LESOTHO Y

LT LITHUANIA Y

LU LUXEMBOURG Y

LV LATVIA Y

LY LIBYAN ARAB JAMAHIRIYA N

MA MOROCCO Y

MC MONACO Y

MD MOLDOVA, REPUBLIC OF Y

ME MONTENEGRO N

MG MADAGASCAR Y

MH MARSHALL ISLANDS Y

MK MACEDONIA, THE FORMER YUGOSLAV REPUBLIC OF

Y


Code Name Status

ML MALI Y

MM MYANMAR Y

MN MONGOLIA Y

MO MACAU Y

MP NORTHERN MARIANA ISLANDS

Y

MQ MARTINIQUE Y

MR MAURITANIA Y

EC ECUADOR Y

EE ESTONIA Y

EG EGYPT Y

EH WESTERN SAHARA Y

ER ERITREA Y

ES SPAIN Y

ET ETHIOPIA Y

FI FINLAND Y

FJ FIJI Y

FK FALKLAND ISLANDS (MALVINAS)

Y

FM MICRONESIA, FEDERATED STATES OF

Y

FO FAROE ISLANDS Y

FR FRANCE Y

GA GABON Y

GB UNITED KINGDOM Y

GD GRENADA Y

GE GEORGIA Y

GF FRENCH GUIANA Y

GG GUERNSEY Y

GH GHANA Y

GI GIBRALTAR Y

GL GREENLAND Y

GM GAMBIA Y

GN GUINEA Y

GP GUADELOUPE Y

GQ EQUATORIAL GUINEA Y

GR GREECE Y

GS SOUTH GEORGIA AND THE SOUTH SANDWICH ISLANDS

Y

GT GUATEMALA Y

GU GUAM Y

MS MONTSERRAT Y

MT MALTA Y

MU MAURITIUS Y

MV MALDIVES Y

MW MALAWI Y

MX MEXICO Y

Code Name Status

MY MALAYSIA Y

MZ MOZAMBIQUE Y

NA NAMIBIA Y

NC NEW CALEDONIA Y

NE NIGER Y

NF NORFOLK ISLAND Y

NG NIGERIA Y

NI NICARAGUA Y

NL NETHERLANDS Y

NO NORWAY Y

NP NEPAL Y

NR NAURU Y

NU NIUE Y

NZ NEW ZEALAND Y

OM OMAN Y

PA PANAMA Y

PE PERU Y

PF FRENCH POLYNESIA Y

PG PAPUA NEW GUINEA Y

PH PHILIPPINES Y

PK PAKISTAN Y

PL POLAND Y

PM SAINT PIERRE AND MIQUELON

Y

PN PITCAIRN Y

PR PUERTO RICO Y

PS PALESTINIAN TERRITORY, OCCUPIED

Y

PT PORTUGAL Y

PW PALAU Y

PY PARAGUAY Y

QA QATAR Y

RE REUNION Y

RO ROMANIA Y

RS SERBIA N

RU RUSSIAN FEDERATION Y

RW RWANDA N

SA SAUDI ARABIA Y

SB SOLOMON ISLANDS Y

SC SEYCHELLES Y

SD SUDAN N

SE SWEDEN Y

SG SINGAPORE Y

SH SAINT HELENA Y

SI SLOVENIA Y

SJ SVALBARD AND JAN MAYEN

Y


Code Name Status

SK SLOVAKIA Y

SL SIERRA LEONE N

SM SAN MARINO Y

SN SENEGAL Y

SO SOMALIA N

SR SURINAME Y

ST SAO TOME AND PRINCIPE Y

SV EL SALVADOR Y

SY SYRIAN ARAB REPUBLIC N

SZ SWAZILAND Y

TC TURKS AND CAICOS ISLANDS

Y

TD CHAD Y

TF FRENCH SOUTHERN TERRITORIES

Y

TG TOGO Y

TH THAILAND Y

TJ TAJIKISTAN Y

TK TOKELAU Y

TL TIMOR-LESTE Y

TM TURKMENISTAN Y

TN TUNISIA Y

TO TONGA Y

TR TURKEY Y

TT TRINIDAD AND TOBAGO Y

TV TUVALU Y

Code Name Status

TW TAIWAN, PROVINCE OF CHINA

Y

TZ TANZANIA, UNITED REPUBLIC OF

Y

UA UKRAINE Y

UG UGANDA Y

UM UNITED STATES MINOR OUTLYING ISLANDS

Y

US UNITED STATES Y

UY URUGUAY Y

UZ UZBEKISTAN Y

VA HOLY SEE (VATICAN CITY STATE)

Y

VC SAINT VINCENT AND THE GRENADINES

Y

VE VENEZUELA Y

VG VIRGIN ISLANDS, BRITISH Y

VI VIRGIN ISLANDS, U.S. Y

VN VIET NAM Y

VU VANUATU Y

WF WALLIS AND FUTUNA Y

WS SAMOA Y

YE YEMEN Y

YT MAYOTTE Y

ZA SOUTH AFRICA Y

ZM ZAMBIA Y

ZW ZIMBABWE Y

17. Status Explanations

17.1 Order/Certificate Status

Order/Certificate status of any certificate request can be obtained at any time, via GetModifiedOrders API

call.

No. Order Status Value 1 INITIAL 1

2 Waiting for phishing check 2

3 Cancelled – Not Issued 3

4 Issue completed 4

5 Cancelled - Issued 5

6 Waiting for revocation 6

7 Revoked 7


17.2 ModificationEventName

ModificationEventName is returned from GetModifiedOrders. At any time all modified orders and their modification can be returned from the API. ModificationEventName is a combination of Action code and result code.

e.g.: 1,0 - means Certificate Confirmed is succeeded.

Action Code Description 0 Initial (no requested for RA)

1 Certificate Confirmed

2 Certificate Rejected

3 Certificate phishing OK

4 Certificate phishing NG

5 Certificate requested for RA

6 Certificate Approver Cancelled

7 Certificate issued

8 Certificate Cancelled(before issue)

9 Certificate Cancelled(after issue)

10 Certificate mail re-issue

11 Certificate Revoke request

12 Certificate Revoked

13 Certificate re-issue request

14 Certificate re-issued

15 Certificate transference

16 Certificate re-request Cancelled

17 Certificate error recover

18 Certificate requested for RA(manual request)

19 Certificate status updated

20 Certificate requested for RA(partner)

21 Certificate requested for RA(TP)

22 EV 1st document vetting is OK

23 Certificate Revoke Cancelled

27 SAN option changed(original order).

39 Changing SAN option requested.

41 Changing SAN option requested for RA.

Result Code Description 0 Succeed

1 Warning

-1 Error

17.3 MSSL Domain Status

Domain Vetting status of any domain in the account can be obtained at any time, via GetMSSLDomains

API call.

No. Order Status Value 1 INITIAL / Vetting in Progress 1

2 Vetting in Progress 2

3 Vetting Completed / Available 3

5 Cancelled / Suspended 5

6 Domain Rejected 6


17.4 MSSL Profile Status

Profile Vetting status of any domain in the account can be obtained at any time, via GetMSSLProfiles API

call.

17.5 ResendEmailType

The following Emails can be resent via the API.

Value Description APPROVEREMAIL Resend the approver email for GSDVOrder, GSDVOrderWithoutCSR

17.6 Success / Error Codes

A SuccessCode is always returned from the API, if the SuccessCode is 0 or 1, the order will normally be

able to continue. A SuccessCode of -1 will be a terminating point and will be combined in the reply with

one or more ErrorCodes. ErrorCodes provide more information on the Error created with the API call. In

addition to the error message documentation below, the API returns more specific error details regarding

the specific fields that may be causing problems in the XML response.

There are two types of errors: Client Error and Server Error.

Client error codes suggest that the error was caused by something on the client end. These issues are

often due to malformed XML requests, incorrect or missing data, or other API implementation issues. A

client error code indicates that the request has not been accepted and the user must make changes and

resubmit.

Server error codes suggest a server-side issue caused the error and should be reported to

[email protected]. The request is received but it may not be processed immediately or the request

cannot received by GAS system. A server error code is received, please view compare the error code

and the table in section Error! Reference source not found..

Success Codes

Code Code Details Notes 0 Success

-1 Failure The order/request has failed; please consult the Error Code list, as well as the error message in the XML response for remedial actions.

1 Warning

Indicates order has been flagged for Phishing. The order is valid, but will experience a delay in processing until the GlobalSign vetting team manually reviews and clears the order’s phishing flag

No. Order Status Value 1 INITIAL / Vetting in Progress 1

2 Vetting in Progress 2

3 Vetting Completed / Available 3

5 Cancelled / Suspended 5

6 Profile Rejected 6

mailto:[email protected]


Client Error Codes

Success Code

Error Code

Description Notes

0 - Success -

-1 -1

Internal system error. Please re-execute what you were doing. If error persists, please contact GlobalSign Support

If the error is a Gas Error or the system cannot find the specific error code for it

-1 -2 RA Communication Fault was encountered

If the API failed to connect to the RA Server

-1 -102 Mandatory parameter missing If input is null and field is required

-1 -103 Parameter length check error If input exceeds allowed length

-1 -104 Parameter format check error If input is invalid or in wrong format

-1 -105 Invalid parameter combination If the combination of an input and another input is incorrect

-1 -201 Failed database operation If there is an error in the database

-1 -300

Database Error. Please retry and if the issue persists contact support with detailed information concerning the issue.

If partner/contractor cannot be found

-1 -4001 Login failure invalid user ID If username or password used is incorrect or does not exists

-1 -4007 The CSR used when ordering a certificate is invalid. Please recheck your CSR.

If CSR is used for ordering a certificate is invalid

-1 -4008

The certificate is either expired, does not meet the requirements of transfer, or is inaccessible on the CN by the GlobalSign system. Please ensure that the certificate is correct and try again

If switching and system cannot connect to the switching server to verify the certificate If the CSR used for switching is expired If the certificate used for switching is not verified If the certificate used for switching is invalid

-1 -6001 There was an error when trying to parse the supplied CSR. Please recheck the CSR used

If there is an error while parsing the CSR

-1 -6101 The account used does not have enough balance to order a certificate

If Deposit balance is not enough to order a certificate

-1 -6102

The renewal of the certificate failed. There may be lacking or incorrect information that is required for the renewal of the certificate

If renewing of certificate failed

-1 -9401 No profile was found using the supplied MSSLProfileID. Please make sure that the supplied MSSLProfileID is correct.

If profileId supplied is invalid or does not exists

-1 -9403

The account used does not have MSSL rights. Please make sure you are using. Please make sure you are using an account with MSSL rights.

If the account used does not have MSSL access

-1 -9431 The account used does not have access to the profile associated with the supplied MSSLProfileID

If the profile retrieved does not belong to the current partner

-1 -9440

No domain was found using the supplied MSSLDomainID. Please make sure that the supplied MSSLDomainID is correct.

If domainId supplied is invalid or does not exists

-1 -9443 The account used does not have access to the domain associated with the supplied MSSLDomainID

If the domain retrieved does not belong to the current partner

-1 -9450 Cannot request a certificate order. Please try again.

If the user may have limited rights/privilege when ordering a certificate

-1 -9452

The CN in the CSR is not the same or is not a subdomain of the domain name associated with the supplied MSSLDomainID. Please recheck your CSR or your MSSLDomainID

If the CN in CSR and domain name is not equal

-1 -9900 IP Address out of Range If user is not allowed to use API

-1 -9913 No valid coupons were found. Please recheck the supplied coupon.

If system cannot find a valid coupon supplied in the request

-1 -9914 No valid campaigns were found, Please recheck the supplied campaign.

If system cannot find a valid campaign supplied in the request


Success Code

Error Code

Description Notes

-1 -9915 Certificate was already canceled If certificate was already canceled

-1 -9916 Cannot find the certificate that is associated with the order id you have supplied

When renewal, If order cannot be found through RenewalTargetOrderID or TargetCERT

-1 -9918 The coupon or campaign you supplied is invalid

If campaign/coupon exists but is not valid

-1 -9919 The coupon or campaign you supplied is already used

If campaign/coupon is already used

-1 -9920 The coupon or campaign you supplied is not allowed to be used

if campaign/coupon is not permitted to be used

-9922 The coupon or campaign's currency is not the same with the currency of your user

If campaign/coupon's currency and account currency does not match

-1 -9933 The expiration date you have entered is not compatible with the product you have selected

If NotAfter does not match with the type of order

-1 -9936

GlobalSign operates a security and vulnerability scan of the public key component of the CSR you have just submitted.

If the Debian Security Hole DSA_1571_1 validation failed

-1 -9938 The status of the certificate has already been changed

If the state of the certificate has been changed

-1 -9942 A problem was encountered when trying to request the certificate in the RA System

If the RAOrderNo returned by the RA Server is a GAS OrderNo If the OrderStatus in the RA is not APPROVE If the certificate order state is REVOKE_REQUESTED

-1 -9943 A problem was was encountered when trying to issue the certificate in the RA System

If order cannot be issued

Server Error Codes

Success Code

Error Code

Description Notes

-1 -1 Internal system error The system has experienced an internal error. Please try to do what you were doing again, and if the problem persists, please report this error code to GlobalSign Support.

-1 -2 Network Connection Error

The GlobalSign system has experienced a network error. Please try to do what you were doing again, and if the problem persists, please report this error code to GlobalSign Support.

-1

-201 -204 -300 -301

Internal system error - Failed database operation

The system has experienced an internal error updating the database. Please try to do what you were doing again, and if the problem persists, please report the following error code to GlobalSign Support.

-1 -1001 Internal system error - CA connection error

The CA system has experienced a communication error. Your Order has been accepted and will be processed when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.

-1 -1002 Internal system error - CA issuing error

The CA system has experienced an issuance process error. Your Order has been accepted and will be processed when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.

-1 -1003 Internal system error - CA revoke error

The CA system has experienced a revocation process error. Your Order has been accepted and will be processed when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.

-1 -1004 Internal system error - CA connection error

The CA system has experienced a communication error. Your Order has been accepted and will be processed when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.

-1 -2001 Internal system error - Email sending warning

The CA system has experienced an email sending error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.

-1 -4010 Internal system error

The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.


Success Code

Error Code

Description Notes



















18. XML Field Definitions

This table lists all of the data types used in the API specification in alphabetical order.

DataType Description

String fixed-length character string

Boolean logical Boolean (true/false)

Int signed four-byte integer

DateTime YYYY-MM-DDTHH:MM:SS.000Z

XML Structure Description Type/Length AddressLine1 Part of the Address structure. Contains the first line of the

address.

String/100

AddressLine2 Part of the Address structure. Contains the second line of the address.

String/100

AddressLine3 Part of the Address structure. Contains the third line of the address.

String/100

Approver

ApproverType

ApproverEmail

Approver

This is the Approver information for each Approver in the ApproverList. Today only the e-mail address is returned, but there could be other fields returned in the future.


XML Structure Description Type/Length ApproverEmail This is the email of the Approver – For DomainSSL and

DV_LOW products the person responsible for approving the certificate order.

String/255

ApproverEmailAddress This is the email of the Approver – For DomainSSL and DV_LOW products the person responsible for approving the certificate order.

String/255

ApproverType The type of Approver email address. One of the following: Domain – From WHOIS data Generic – From the computed list

String/10

Approvers

Approver

Approvers

ApproverInfo

Email

FirstName

Function

LastName

OrganizationName

OrganizationUnit

Phone

ApproverInfo

Approver Information for an EV certificate request

AuthorizedSignerInfo

FirstName

LastName

Function

Phone

Email

AuthorizedSignerInfo

Authorized Signer Details

AuthToken

UserName

Password

AuthToken

Used for partner authentication on each message posted to GlobalSign. This partner has to be set up by GlobalSign for API access.

BaseOption Options for the certificate. Currently allowed fields are: wildcard – certificate with * globalip – certificate with global ip address subaltname – certificate with alternative subject names

String /20

BusinessAssumedName String/255

BusinessCategoryCode Business Type String /20

CACert This is the content of a CA certificate in the certificate chain for the server certificate in Base64 encoded format.

String/4000

CACertificate

CACertType

CACert

CACertificate

This identifies the type of certificate for each CA certificate in the chain, and also contains the actual certificate.

CACertificates

CACertificate

CACertType

CACert

CACertificate

CACertificates

This is the list of CA certificates associated with the server certificate. If present, there must be one or more CACertificate fields in this structure. The Root certificate will always be present in this structure, and there may be one or more intermediate CA certificates.

CACertType The Type of CA certificate: ROOT or INTER String/15

Campaign Campaign can be used for payment。 String/50

CertificateInfo

DNSNames

CertificateStatus

CommonName

EndDate

SerialNumber

StartDate

SubjectName

CertificateInfo

This structure contains information stored related to the certificate in various Query operations.

CertificateStatus The current status of a certificate. 1 - INITIAL 2 - Waiting for phishing check 3 - Cancelled - Not Issued 4 - Issue completed 6 - Waiting for revocation 7 - Revoked

Int

CommonName The common name in certificate. String/255

CSRSkipOrderFlag Boolean

City Part of the Address structure. String/200


XML Structure Description Type/Length ContactInfo

FirstName

LastName

Phone

Email

ContactInfo

Contact Information of for a certificate request

Country Part of the Organization Address structure. The Country of the Organization. Must be a valid ISO country code.

String/2

Coupon Coupons can be used for payment。 String/50

CreditAgency The Organizations name. 1 – DUNS No. 2 – TDB code

String/50

Currency The Currency of the transaction String/10

CSR Certificate Signing Request. This is the Base64 encoded X.509 digital certificate signing request typically generated by the end user on their target web server. This is a critical element for all SSL orders.

String/4000

DNSOrderFlag Boolean

DNSNames Contains one or more DNSName values to be put into the certificate SubjectAltName extension. Each can be up to 64 characters. Values are comma delimited. Each DNSName may only contain alphanumeric values, plus dash and under bar – No periods.

String/300

DomainName The domain name for an Order. For an SSL Order this can be a fully qualified Domain (e.g., www.globasign.com) or possibly a wildcard domain (e.g., *.globalsign.com.

String/255

DVCSRInfo

Country

DVCSRInfo

CSR information for SKIP GSDVOrders.

EndDate Expired date of certificate. DateTime

Email From the ContactInfo structure. The Email Address of the contact.

String/255

Error

ErrorCode

ErrorField

ErrorMessage

Error

A structure that contains an ErrorCode and an ErrorMessage. Error is part of the Errors structure.

ErrorCode A unique code identifying the error. Int

ErrorField When there is a specific field that has caused the error, the XML tag for that field is placed in this structure. Where the tag is not unique in the entire message, one or more tags precede this so this field can be uniquely identified. For example, if the Phone field was invalid in the AdminContact structure, the return code would have AdminContactPhone.

String/1000

ErrorMessage A message describing an error in more detail. ErrorMessage is a part of the Error Structure

String/1000

Errors

Error

ErrorCode

ErrorField

ErrorMessage

Error

Errors

A list of the errors returned from a request. An Errors structure can have multiple Error elements. Errors is a part of the OrderResponseHeader structure. If present, this structure contains one or more errors.

ErrorCode Int

ErrorField String/1000

ErrorMessage String/1000

ExpressOption To add Express Options set to true. If not false. Boolean

Fax From the OrganizationAddress structure. The Fax number for the organization.

String/30

FirstName From one of the Contact structures. The First Name of the contact.

String/100

FQDN Fully Qualified Domain Name String/255

FromDate The starting date used in various queries. DateTime

http://www.globasign.com/


XML Structure Description Type/Length Fulfillment

CACertificates

CACertificate

CACertType

CACert

CACertificate

CACertificates

ServerCertificate

x509Cert

PKCS7Cert

ServerCertificate

Fulfillment

Contains the CA certificate(s) and/or the ServerCertificate (in x509 and/or PKCS7 formats).

Function Requestor job function String/255

GSSupportOption To add GS Support set to true. If not false. Boolean

IncorporatingAgencyRegistrationN

umber

String/100

InsuranceOption To add Insurance Options set to true.If not false. Boolean

IsValidDomainName Returns true if the domain name is valid for a certificate orders

Boolean

JurisdictionInfo

Country

StateOrProvince

Locality

IncorporatingAgencyRegistrationN

umber

JurisdictionInfo

Jurisdiction of Incorporation Details

KeyLength String/4

LastName From one of the Contact structures. The Last Name of the contact.

String/100

Licenses This is the Number of Licenses. Int

1-99 Only

Locality The Locality field from the CSR or Certificate String/255

ModificationEvent One event in the set of ModificationEvents

ModificationEventName The name of the event. Examples include: Approver Confirmed Approver Rejected Certificate Cancelled Certificate Created Certificate Revoked Order Cancelled Order Completed Order Created Order Refunded

Int

ModificationEvents

ModificationEvent

ModificationEventName

ModificationEventTimestamp

ModificationEvent

ModificationEvents

The set of events for the order that caused the status to be changed within the specified time period. This is contained in OrderDetail. Used only in GetModifiedOrders.

ModificationEventTimestamp The time of the event DateTime

ModifyOrderOperation Specifies the operation to be performed on the order or certificate. APPROVE CANCEL REVOKE

String/20

Months The number of months that a certificate will be valid for. Int/4

MSSLProfileID ID associated with the Profile you are using String/50

MSSLDomaindID ID associated with the Domain being used String/50

MSSLDomainName Domain name being queried String/64

MSSLProfileStatus Status of profile String/5

NotAfter DateTime

NotBefore DateTime

OrderDate The date the order was created. DateTime

OrderDetail

OrderInfo

OrderOption

CertificateInfo

(Fulfillment

ModificationEvents

OrderDetail

OrderDetail is returned in many Order Query operations. The specific content is dependent on the values in the request ModificationEvents is only returned (and only returned) in GetModifiedOrders.


XML Structure Description Type/Length OrderKind Type of order:

new: a new request renewal: renewal of current certificate transfer: a commercial upgrade of a current valid certificate

String/10

OrderID This is the OrderID assigned by GlobalSign to the order and provided to the person requesting the certificate.

String/50

OrderInfo

OrderID

ProductCode

BaseOption

OrderKind

Licenses

ExpressOption

ValidityPeriodCustomizeOption

InsuranceOption

GSSupportOption

RenewalExtentionOption

DomainName

OrderDate

OrderCompleteDate

OrderCanceledDate

OrderDeactivatedDate

OrderStatus

Price

Currency

ValidityPeriod

Months

NotBefore

NotAfter

ValidityPeriod

SpecialInstructions

OrderInfo

This structure contains basic information that apply to most orders and is profiled within each order response structure.

OrderOption

ApproverNotifiedDate

ApproverConfirmDate

ApproverEmailAddress

OrganizationInfo

OrganizationName

CreditAgency

OrganizationCode

OrganizationAddress

AddressLine1

AddressLine2

AddressLine3

City

Region

PostalCode

Country

Phone

Fax

OrganizationAddress

OrganizationInfo

ContactInfo

FirstName

LastName

Phone

Email

ContactInfo

OrderOption

This structure is in many order request messages and contains basic order information common to all types of orders.


XML Structure Description Type/Length OrderParameter

ProductCode

BaseOption

OrderKind

Licenses

ExpressOption


InsuranceOption

GSSupportOption


ValidityPeriod

Months

NotBefore

NotAfter

ValidityPeriod

CSR

RenewalTergetOrderID)?

TargetCERT

DNSNames

SpecialInstructions

Coupon

Campaign

OrderParameter

This structure is part of the order validation and order processes. It includes all details relating to the order and also the CSR for parsing.

OrderParameterWithoutCSR

ProductCode

BaseOption

OrderKind

Licenses

ExpressOption


InsuranceOption

GSSupportOption


ValidityPeriod

Months

NotBefore

NotAfter

ValidityPeriod

PIN

KeyLength

RenewalTergetOrderID)?

TargetCERT

DNSNames

SpecialInstructions

Coupon

Campaign

OrderParameterWithoutCSR

This structure is part of the order validation and order processes. It includes all details relating to the order without a CSR.

OrderQueryOption

OrderStatus)

ReturnOrderOption)

ReturnCertificateInfo)

ReturnFulfillment)

ReturnCACerts)

OrderQueryOption

Specifies what is returned in the response message. All values default to false if not supplied so the corresponding data structure will not appear in the response.

OrderRequestHeader

AuthToken

UserName

Password

AuthToken

OrderRequestHeader

The OrderRequestHeader is used in all of the order operations.


XML Structure Description Type/Length OrderResponseHeader

SuccessCode

Errors

Error

ErrorCode

ErrorField

ErrorMessage

Error

Errors)*

Timestamp

OrderResponseHeader

This is the header returned in all Order operations.

OrderStatus

The current status of an Order. 1 - INITIAL 2 - Waiting for phishing check 3 - Cancelled - Not Issued 4 - Issue completed 5 - Cancelled - Issued 6 - Waiting for revocation 7 - Revoked

Int

OrderSubInfo

CSRSkipOrderFlag

DNSOrderFlag

TrustedOrderFlag

P12DeleteStatus

P12DeleteDate

VerificationUrl

SubId

OrderSubInfo

Organization The Organization field from the certificate String/255

OrganizationCode Can be used to indicate company numbers lookup eg. For DUNS enter 1 in this field.

String/50

OrganizationInfo

OrganizationName

CreditAgency

OrganizationCode

OrganizationAddress

AddressLine1

AddressLine2

AddressLine3

City

Region

PostalCode

Country

Phone

Fax

OrganizationAddress

OrganizationInfo

Organization Info sent with Certificate request.

OrganizationInfoEV

CreditAgency

OrganizationCode

BusinessAssumedName

BusinessCategoryCode

OrganizationAddress

AddressLine1

AddressLine2

AddressLine3

City

Region

PostalCode

Country

Phone

Fax

OrganizationAddress

OrganizationInfoEV

Organization Info sent with Certificate request.

OrganizationName The name of the Organization applying for a certificate. String/255

OrganizationUnit The OrganizationalUnit name from the CSR. . String/255


XML Structure Description Type/Length OVCSRInfo

CommonName

OrganizationName

OrganizationUnit

Locality

StateOrProvince

Country

OVCSRInfo

Info to be used in the creation of the Certificate

ParsedCSR

DomainName

Country

Email

Locality

Organization

OrganizationUnit

State

IsValidDomainName

ParsedCSR

Details from the CSR

Password Required for user authentication over the API String/30

Phone From one of the Contact or OrganizationAddress structures. String/30

P12DeleteDate DateTime

P12DeleteStatus Int

PKCS12File A bese64-encoded PKCS#12 String/4000

PKCS7Cert A Base64-encoded PKCS#7 String/20000

PostalCode From the Address structure. The Postal Code (e.g., Zip Code in the U.S.) for the Address

String/20

ProductCode A code for the product that a particular request relates to. Note that a partner must have a valid contract for a product code for it to be valid in a request. Also, a product code must be valid for the context of the request.

String/20

QueryRequestHeader

AuthToken

UserName

Password

AuthToken

QueryRequestHeader

The header on all Query Request operations.

QueryResponseHeader

Errors

ReturnCount

SuccessCode

Timestamp

OrderResponseHeader

Region Region, state/prov From the Address structure. This is the region of the address such as state or province. If this is a U.S. state it must have a valid 2 character abbreviation

String/255

RenewalExtentionOption To add bonus to validity period set to true. If not false. Boolean

ReOrderParameter

CSR

DNSNames

ReOrderParameter

ReOrderParameterWithoutCSR

DNSNames

PIN

KeyLength

ReOrderParameterWithoutCSR

RenewalTergetOrderID Original OrderID for renewal orders. String/50

RequestorInfo

FirstName

LastName

Function

OrganizationName

OrganizationUnit

Phone

Email

RequestorInfo

Certificate Requestor Information


XML Structure Description Type/Length ResendEmailType Current values are:

ApproverEmail – resend the approver email for any QuickSSL order.

String/20

ReturnCACerts If set to true in the request message, the CACerts structure is populated in the Fulfillment structure of the response message.

Boolean

ReturnCertificateInfo If set to true in the request message, the CertificateInfo structure appears in the response message.

Boolean

ReturnCount The number of items returned in the message Int

ReturnFulfillment If set to true in the request message, the Fulfillment structure appears in the response message.

Boolean

ReturnOrderOption In the response, product information will be in details if set to true.

Boolean

SearchOrderDetail

OrderID

BaseOption

OrderKind

RequestKind

Licenses

OrderRequestDate

OrderIssueDate

OrderCanceledDate

OrderStatus

OrganizationName

Months

SubId

FQDN

SearchOrderDetail

SerialNumber The serial number of a certificate specified as a hex string. String/64

ServerCertificate

X509Cert

PKCS7Cert

ServerCertificate

SpecialInstructions Special Instructions for the order String/4000

StartDate Start date of certificate. DateTime

State The value of the State in the ParseCSRResponse. String/255

StateOrProvince String/255

SubID String/50

SubjectName The SubjectName in certificate. String/255

SuccessCode Code in the Order and Query Response Headers which indicates the success of failure of the request. A zero SuccessCode indicates a success with no warnings. A positive SuccessCode indicates a success with warnings. A negative SuccessCode indicates a failure. Note that if the Success in non-zero an accompanying Errors structure will be present.

Int

TargetCERT String/4000

TargetOrderID String/50

Timestamp A date timestamp used in a variety of contexts. Note that the XML format is: YYYY-MM-DDTHH:MM:SS.000Z (for example, 2001-01-01T24:00:00:000Z is for Jan 1, 2001 at midnight).

DateTime

TrustedOrderFlag Boolean

UserName Required for user authentication String/30

ValidityPeriod

Months

NotBefore

NotAfter

ValidityPeriod

The number of months that a certificate or site seal will be valid for. Defaults to 12 if not present.

ValidityPeriodCustomizeOption To customize the validity period set to true. If not false. Boolean

VerificationUrl OneClickSSL - A mechanism whereby a web server publishes a CSR which is randomly named, allowing for an automated verification by an external RA system. The verification url includes the location of the randomly named CSR.

String/300

X509Cert A base64-encoded certificate. String/4000

Documents

GlobalSign API for MSSL Certificates › files › 6314 › 0795 › 8289 › ... · 2019-10-22 · GlobalSign API for MSSL Certificates v1.2 Page 6 of 47 3.3 Issued Certificates