Version 4.3. assecods.pl

Transcription

1 ` Version 4.3 assecods.pl

2 ` Table of Contents 1. OVERVIEW API repository TYPE OF PRODUCTS ID Certificates SSL Certificates Premium EV Certificate Code Signing Certificates SNI Certificates WEBSERVICE FUNCTIONS OVERVIEW Submission of the order Verification of data in the order Download information about available domain verification methods Download information on orders and certificates for a specified period of time Download information on orders and certificates whose status has changed for the specified period of time Download information about the order and certificate for the specified identifier Retry sending verification for the specified identifier Acquire statement Cancel an order Revoke certificate Download certificate Retrieve message sending configuration Get domain verification status for SSL certificates Get allowed product list Renew certificate Perform verification of SSL certificate Change verification parameters for SSL certificates Place an order for SNI certificate assecods.pl

3 Modify existing SNI certificate Add verification information to verification request Acquire information about expiring certificates Update documents Reissue certificate WEBSERVICE STRUCTURE quickorderrequest quickorderresponse validateorderparametersrequest validateorderparametersresponse getapproverlistrequest getapproverlistresponse getordersbydaterangerequest getordersbydaterangeresponse getmodifiedordersrequest getmodifiedordersresponse getorderbyorderidrequest getorderbyorderidresponse sendnotificationsrequest sendnotificationsresponse getstatementrequest getstatementresponse cancelorderrequest cancelorderresponse revokecertificaterequest revokecertificateresponse getcertificaterequest getcertificateresponse getconfigurationrequest

4 getconfigurationresponse getdomainverificationrequest getdomainverificationresponse get verificationrequest get verificationresponse getproductlistrequest getproductlistresponse renewcertificaterequest renewcertificateresponse verifydomainrequest verifydomainresponse changeapproversrequest changeapproversresponse ordersnicertificaterequest ordersnicertificateresponse modifysnicertificaterequest modifysnicertificateresponse verifyorderrequest verifyorderresponse getexpiringcertificatesrequest getexpiringcertificatesresponse updatedocumentsrequest updatedocumentsresponse reissuecertificaterequest reissuecertificateresponse getactivationcoderequest getactivationcoderesponse PRODUCT GROUPS Products in group ID Certificates

5 Products in group SSL Certificates Products in group Premium EV Certificates Products in group Code Signing Certificates Products in group SpaceSSL Certificates ADDITIONAL INFORMATION messages sent by CERTUM Information regarding certificates Automatic verification methods for SSL certificates Approvers section creating verification records for SSL certificates Changing verification parameters for SSL certificates The order process Uniqueness of the <customer> field in quickorder request SAN options for SSL certificates Cancel the order Additional configuration options SNI Certificates Adding documents Types of documents Certificate reissue Reissue certificate revocation Fields included in certificates Order status ERROR CODES HISTORY OF CHANGES

6 6 1. Overview CERTUM Partners Program offers a flexible and efficient solution based on SOAP (Simple Object Access Protocol) to allow submission of certification request, status check and in further stage, management of certificates directly from Partner website. CERTUM Partners API allow to submit certificate request of any profile (according to a signed partnership agreement) and monitor the status of the submission while it is processed. CERTUM perform domain and/or e- mail address verification process and, depends of the agreement, contacts the customer when it is necessary to provide additional documents. In partnership agreement shall be determined such matters as: Products that partner can sell Special certification policies if applicable Content of s that are automatically send by system to customer during issuance process Rules regarding how CERTUM will contact partner customers 1.1. API repository This documentation is during development all the time. It is modified every time CERTUM would like to add new information or makes changes in API itself (e.g. adding new functions or modify/extend existing ones). The most current version of documentation is always available under the address: Additionally, CERTUM provides graphical interface for all API methods. It is available under addresses: for test environment for production environment infolinia@

7 ` 2. Type of Products 2.1. ID Certificates ID Certificates are offered in option for 1-3 years (except test ID certificates that are issued for 90 days) and are always issued for a single address. ID Certificates require confirmation by the customer to access address specified in the certificate. Verification of access to address must performed by the customer. Products in group ID Certificates 2.2. SSL Certificates SSL certificates are offered in option 1-2 years (except test SSL certificates that are issued for 30 days), also in the Wildcard option, depending on the variant allow to include domain in certificate. SSL certificates require confirmation by the customer access to domains specified in the certificate. Verification of access to the domain can be performed by the customer. Products in group SSL Certificates 2.3. Premium EV Certificate Premium EV certificates are offered in option 1-2 years, and there is NO Wildcard option. Depending on the variant allow to include domain in certificate. EV certificate require thorough verification of the data that will be included in it and confirmation by the customer access to domains specified in the certificate. It is required to sign an agreement with the amendment, between end-customer and CERTUM, where people responsible for the certification process on client side are defined. Products in group Premium EV Certificates 2.4. Code Signing Certificates Code Signing certificates are offered in option 1-3 years. Code signing certificates are used for protection of application's code with an electronic signature. Because this certificates includes confirmed details used to identify a software producer, the software code used for its security ceased being anonymous. Additionally, a positive verification of electronic signature ensures the final user that there are no unauthorized changes in the installed application. Products in group Code Signing Certificates 2.5. SNI Certificates SNI certificate is special multi domain SSL certificates. This product is designed for hosting companies who want to restrict the use of IPv4 addresses. More information about SNI certificates infolinia@

8 8 3. WebService functions overview Due to the verification process at client-side, the submission and issuance of the certificate is asynchronous process. Customer submits certification request through a partner website. Upon submission, the partner should periodically poll the Partner API to determine whether the certificate was issued Submission of the order Function quickorder is used to transmit all the information necessary to submit an order: Partner s credentials (username and password) End user identifier Product information (product ID) Data that will allow verification of the customer (client name, contact information, organization information, customer ID in partner s system) Order details (CSR, validity period, verification /method) 3.2. Verification of data in the order Function validateorderparameters is used to check all the data contained in the order. Conformity of the data in CSR and certificate profile is checked and scope of the data provided Depending on the certificate profile, basic verification process may be extended. In the basic variant the following information is checked: 1. The Partners login 2. The order 3. CSR a. the correctness of the login and password, b. the partner s account identity and the type (a type of partnership is specified in the SSO), c. the partner s account activity. a. if the order ID is unique and properly constructed, b. if the Partner is entitled to use the specified product, c. if a customer login is specified (for more information look 6.4.1) d. if the range for the validity period of certificates is compliance with the number of days that are assigned for the given product code, or where a date range is not specified the validity starts from date of issuance of a certificate. e. if the date from is not passed, it must always be objected that the date may be changed when issuing the certificate f. if the date format is: YYYY-MM-DD Note: For Test SSL and Test ID certificates the section <validityperiod> is ignored a. if the key length is not less than 2048, infolinia@

9 9 b. if the algorithm is RSA, c. if the key is not blacklisted or previously used, d. if all required fields are filled certificate profile describes which fields are required, e. if the fields have accepted format should especially pay attention to the CN as it could be a PrintableString or UTF8, depending on the profile, f. Additional/unnecessary fields will be removed this is not an error, just feedback information in cases where CSR contains such data, g. Verification correctness of data attached to CSR related to SAN extension domain names validation Details of extended verification may be specified by product/product group 3.3. Download information about available domain verification methods In the case of SSL certificates, it is required to perform verification of access to a domain. To initiate the verification, it is necessary to indicate the domain administrator s address and select one of the available domain verification methods. It is necessary to get the list of allowed addresses, along with the methods of verification using getapproverlist. The list is generated based on a list of domain provided in the certificate request Download information on orders and certificates for a specified period of time Using getordersbydaterange will allow to download information on orders and certificates (if issued) for a specified period of time. Optionally, one may download additional information about the order and certificate. Responses are divided by pages, on one page there is information about maximum 100 order Download information on orders and certificates whose status has changed for the specified period of time Using getmodifiedorders will allow to download information on orders and certificates (if issued) whose status has changed in given period of time. Optionally, one may download additional information about the order and certificate. Responses are divided by pages, on one page there is information about maximum 100 order Download information about the order and certificate for the specified identifier Using getorderbyorderid will allow to download a single order for the specified identifier of the order. Optionally, one may download additional information about the order and certificate Retry sending verification for the specified identifier Using sendnotifications will allow to send again verification messages for specified order ID. Method does not allow to change previously chosen verification parameters, it only allow to send messages again. System sends only messages related to verifications that haven t been performed. If for given request all verifications are done or are still valid no messages are being sent. infolinia@

10 Acquire statement Using getstatement will allow to Get a statement that end-user have to accept before placing an order Cancel an order Using cancelorder will allow to cancel an order. Partner may only cancel orders generated on its account. If given order has an issued certificate it is required to revoke the certificate before cancelling an order. If the certificate to given order has expired it is impossible to cancel an order Revoke certificate Using revokecertificates will allow to revoke a certificate. Partner may only revoke certificates that were generated on its account. Certificate may be revoke only when it is valid or before validity period started Download certificate Using getcertificate will allow to get certificate in PEM form. Additionally, this method returns all certificates from certificates from certification path (intermediates and rootca) also in PEM form. Partner may only get certificates generated from its account Retrieve message sending configuration Using getconfiguration will allow to get message sending settings for all products available for partner Get domain verification status for SSL certificates Using getdomainverification will allow to get information about verification status for all domains in placed order Get allowed product list Using getproductlist will allow to get list of products that are available for partner account Renew certificate Using renewcertificate will allow to renew certificate. Renewal is possible only for certificates that were earlier placed using API from partner account (renewal only under the same account) Perform verification of SSL certificate Using verifydomain will allow to perform FILE/DNS verification for SSL certificates Change verification parameters for SSL certificates Using changeapprovers will allow to change verification parameters ( /FILE/DNS) for SSL certificates Place an order for SNI certificate Using ordersnicertificate will allow to place an order for SSL SNI certificate. More information about SNI certificates in chapter 6.8. infolinia@

11 Modify existing SNI certificate Using modifysnicertificate will allow to modify existing SNI Certificate (add or remove domains from the certificate) Add verification information to verification request Using verifyorder allows partner to add additional information (notes and files with documents) to the certification request. Provided information will be taken into account by CERTUM employees during verification process. For more information about documents see chapter Acquire information about expiring certificates Using getexpiringcertificates will allow to download list of certificates that will expire at given numbers of days (can be set to 1-30 days) Update documents Using updatedocuments will allow to update previously added documents (e.g. new or additional files). For more information about documents see chapter Reissue certificate Using reissuecertificate will allow to generate new certificate on the same data and the same expiration date. New certificate is issued automatically, without any verification on client/partner side, and the only data that can be changed are the private key and hash algorithm (if such option is available for given product). For more information about this functionality see chapter

12 ` 4. WebService structure 4.1. quickorderrequest The request should include all information required to place an order such as certificate signing request in the PKCS#10 form, product code, certificate requestor information and other data required by given type of certificate such as verification parameters for SSL certificates. <quickorder> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <orderparameters> <CSR> 4000 String <customer> 255 String <language>? 2 String <orderid>? 50 String <productcode> 3 String <useragent>? 255 String (<validityperiod> <notafter> 25 YYYY-MM-DD <notbefore> 25 YYYY-MM-DD </validityperiod>)? <hashalgorithm>? String < >? <activationcode>?</activationcode> <commonname>? 64 String <organization>? 64 String <organizationalunit>? 64 String <locality>? 128 String <country>? 2 String <state>? 128 String </orderparameters> (<SANEntries> (<SANEntry> <DNSName> 255 String </SANEntry>)+ </SANEntries>)? (<approvers> <verificationnotificationenabled>? true, false (<Approver> <FQDN> 255 String <approver >? 255 String <approvemethod>? DNS, FILE </Approver>)+ </approvers>)? <requestorinfo> <addressline1> 255 String <addressline2>? 255 String <city> 255 String <country> 2 String < > 255 String <firstname> 255 String <lastname> 255 String <phone> 255 String <postalcode> 255 String </requestorinfo> (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String <verificationphonenumber>? 255 </organizationinfo>)? </quickorder> infolinia@

13 13 1. Authentication data login and password <quickorder> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> </quickorder> X username 255 characters. Partner ID, has to be in SSO as partner with API attribute. X password Password consistent with SSO. 2. Product data in these order it is the identifier of the product code, always one product. <orderparameters> <customer> 255 String <language>? 2 String <orderid> 50 String <productcode> 3 String <useragent>? 255 String </orderparameters> X customer 255 characters, Customer login in partner s system language orderid Language used in s send to customer. Default language is pl. Also available: ru. en, cn and es. 50 characters Unique, order identifier. When not specified, it is automatically given by the system. X productcode Product code 3 digits, The list of codes ID and SSL available in further parts of this document. useragent Browser and operating system. 3. Customer contact information it will be required to verify correctness of the order. <requestorinfo> <addressline1> 255 String <addressline2>? 255 String <city> 255 String <country> 2 String < > 255 String <firstname> 255 String <lastname> 255 String <phone> 255 String <postalcode> 255 String </requestorinfo> X addressline1 255 characters, street, house addressline2 255 characters, street, house X city 255 characters, city X country 2 characters, country code X 255 characters, customer infolinia@

14 14 X firstname 255 characters, customer name X lastname 255 characters, customer last name X phone 255 characters, phone X postalcode 255 characters, postal code 4. Organization data will be needed to verify correctness of the order. Organization data are not required but if provided, all information must be included. (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String <verificationphonenumber>? 255 </organizationinfo>)? X organizationname 255 characters, organization name X taxidentificationnumber 20 characters, tax identification number. verificationphonenumber 255 characters, phone number (see chapter 6.2) 5. Order data data that may have been included in certificate such as: validity period, CSR and optional additional domains as SAN. In addition, it is possible to edit a subject information like commonname, organization, organizationalunit, locality, country and state. For SSL certificates the list of data for domain verification is provided. <orderparameters> <CSR> 4000 String (<validityperiod> <notafter> 25 YYYY-MM-DD <notbefore> 25 YYYY-MM-DD </validityperiod>)? <hashalgorithm>? String < >? <activationcode>?</activationcode> <commonname>? 64 String <organization>? 64 String <organizationalunit>? 64 String <locality>? 128 String <country>? 2 String <state>? 128 String </orderparameters> (<SANEntries> (<SANEntry> <DNSName> 255 String </SANEntry>)+ </SANEntries>)? (<approvers> <verificationnotificationenabled>? true, false (<Approver> <FQDN> 255 String <approver > 255 String <approvemethod>? DNS, FILE </Approver>)+ </approvers>)? X CSR Certificate signing request in the form of a PKCS #10 file. notbefore notafter DNSName Certificate valid from date. Certificate valid to date. 255 characters each domain. infolinia@

15 15 FQDN Domain that will be verified. approver address for verification (see chapter 6.3). approvemethod Verification method, not required (see chapter 6.3). verificationnotificationenabled hashalgorithm activationcode commonname country locality organization organizationunit state Determines if verification s for methods FILE/DNS will be sent to the customer. If it set to true s will be sent. If false is assigned, they will not. It affects all approvers in the request. Determines which hash function will be used to generate certificate. Available algorithms for every product can be obtain using getproductlist method. (Only for non-ev SSL certificates). The subscriber s address that is to be included in a certificate. NOTE: the subscriber s address is being verified by CERTUM. Activation code. Field CN It may contain name and last name for ID certificates or domain name for SSL certificates Field C country Field L city Field O organization Field OU organization unit Field SP province/state 4.2. quickorderresponse It returns a confirmation of receipt of an order. If the order was processed correctly, then the response contains code 0. Otherwise, the response contains an error code. For the list of error codes, please see chapter 7. Error Codes. <quickorderresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z </responseheader> <orderid>? 50 String <!- Error empty message --> (<verifications> <verification> <approvemethod> FILE, DNS <code> 50 String <fqdn> 255 String </verification> </verifications>)? </quickorderresponse> orderid Unique, order identifier approvemethod Code FQDN Verification method Verification code Name of the domain infolinia@

16 validateorderparametersrequest This request allows to validate all or part of the data. The scope of the provided data and conformity between CSR and the certificate profile are checked. The same validations are used when applying the method QuickOrder when writing to the database. The request looks the same as in QuickOrder. The following sections are described below. 1. Authentication data login and password <validateorderparameters> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> </validateorderparameters> X username 255 characters, Partner ID, has to be in SSO as partner with API attribute X password Password consistent with SSO 2. Product data in these order it is the identifier of the product code, always one product. <orderparameters> <customer> 255 String <language>? 2 String <orderid>? 50 String <productcode> 3 String <useragent>? 255 String </orderparameters> X customer 255 characters, customer login in partner shop language Language used in s send to customer. Default language is pl. Also available: ru, cn, en and es. X orderid 50 characters, unique, order identifier which will be used by partner X productcode Product code 3 digits, The list of codes ID and SSL available in further parts of this document useragent 255 characters, browser and operating system 3. Customer contact information it will be required to verify correctness of the order. <requestorinfo> <addressline1> 255 String <addressline2>? 255 String <city> 255 String <country> 2 String < > 255 String <firstname> 255 String <lastname> 255 String <phone> 255 String <postalcode> 255 String </requestorinfo> infolinia@

17 17 X addressline1 255 characters, street, house addressline2 255 characters, street, house X city 255 characters, city X country 2 characters, country code X 255 characters, customer X firstname 255 characters, customer name X lastname 255 characters, customer last name X phone 255 characters, phone X postalcode 255 characters, postal code 4. Organization data will be needed to verify correctness of the order. Organization data are not required but if provided, all information must be included. (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String <verificationphonenumber>? 255 </organizationinfo>)? X organizationname 255 characters, organization name X taxidentificationnumber 20 characters, tax identification number, system assumes that the characters are written without separators (no dashes and spaces) verificationphonenumber 255 characters, phone number (see chapter 6.2) 5. Order data data that may have been included in certificate such as validity period, CSR and optional additional domains as SAN. In addition, for SSL certificates the list of data for domain verification is provided. <orderparameters> <CSR> 4000 String (<validityperiod> <notbefore> 25 YYYY-MM-DD <notafter> 25 YYYY-MM-DD </validityperiod>)? <hashalgorithm>? String < >? </orderparameters> (<SANEntries> (<SANEntry> <DNSName> 255 String </SANEntry>)+ </SANEntries>)? (<approvers> (<Approver> <FQDN> 255 String <approver > 255 String <approvemethod>? DNS, FILE </Approver>)+ </approvers>)? infolinia@

18 18 X CSR text, CSR notbefore notafter DNSName FQDN timestamp without time zone, valid from, format: YYYY-MM-DD timestamp without time zone, valid to, format: YYYY-MM-DD 255 characters each domain Domain that will be verified approver address for verification (see chapter 6.3) approvemethod verification method, not required (see chapter 6.3) hashalgorithm 4.4. validateorderparametersresponse Determines which hash function will be used to generate certificate. Available algorithms for every product can be obtain using getproductlist method. It returns the result of validation of the Certification Signing Request. The correct response shall return data from decoded Certification Signing Request, only in the range of the fields included in the certificate. The remaining fields are ignored. Lack of required fields is indicated by an appropriate message. List of error codes with description, see chapter 7. Error Codes <validateorderparametersresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z </responseheader> (<parsedcsr> <commonname> <country> < >? <locality>? <organization>? <organizationunit>? <state>? </parsedcsr>)? </validateorderparametersresponse> X commonname Field CN It may contain name and last name for ID certificates or domain name for SSL certificates country locality organization organizationunit state Field C country Field E Field L city Field O organization Field OU organization unit Field SP province/state infolinia@

19 getapproverlistrequest This request is used only for the SSL certificate and requires the list of domain names, which will be included in the certificate. <getapproverlistrequest> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <FQDNs> (<FQDN>)+ 255 String </FQDNs> </getapproverlistrequest> X FQDN Domain name which will be included in the certificate, in this case the list of all domains that will be in CN field and SAN extension of certificate 4.6. getapproverlistresponse The response contains the list of domains for which verification is required, the list of approved addresses for each domain and the list of all available verification methods. The generation of the list of domains is done according to the following scheme: 1. If provided domain is main domain (example.org) only this domain has to be verified 2. If there is subdomain provided (sub.example.org) than either subdomain has to be verified OR main domain 3. Subdomains are aggregated based on main domain for each subdomain: a. If there is more than one subdomain for the same main domain, verification can be made for main domain OR for each subdomain respectively 4. Each domain is labeled by the maindomain= true attribute. List of error codes with description, see chapter 7. Error Codes <getapproverlistresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z <returncount> 5 </responseheader> <approvers> (<Approver maindomain= true > <FQDN> 255 String (<approver >)+ 255 String (<approvemethod>)* DNS, FILE </Approver>)+ (<Approver> <FQDN> 255 String (<approver >)+ 255 String (<approvemethod>)* DNS, FILE </Approver>)? </approvers> </getapproverlistresponse> infolinia@

20 20 X FQDN Domain name that will be validated X approver The list of allowed addresses: admin@domain.this, administrator@domain.this, hostmaster@domain.this, webmaster@domain.this, postmaster@domain.this approvemethod List of allowed verification methods: DNS, FILE X maindomain= true Indication for main domains. If there is a list of different domains provided, every main domain will be marked with this attribute. Verification of the domains that are marked with this attribute will be enough to issue a certificate. infolinia@

21 getordersbydaterangerequest The request requires two parameters: <fromdate> and <todate>; the range of dates. All other parameters are set to false by default, so when there is a lack of any extra tags, then a response contains only the amount of records that meet the criteria. Date range is checked with the order create date. <getorderbydatarangerequest> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <fromdate> YYYY-MM-DD <todate> YYYY-MM-DD (<orderoption> (<orderstatus>)? true, false (<orderdetails>)? true, false (<certificatedetails>)? true, false </orderoption>)? <pagenumber>? </getorderbydatarangerequest> X fromdate Date range for submitted orders, search parameter. date must be formatted as YYYY-MM-DD. X todate Date range for submitted orders, search parameter. date must be formatted as YYYY-MM-DD. orderstatus orderdetails certificatedetails The lack of this tag is equal to be false. Returns basic information about order including processing status. The lack of this tag is equal to be false. Returns details of the order. Lack of this tag is equal to false. Returns details of the certificate (if issued) including certificate. X pagenumber Result page number. Can get values from 1 to 100. In one response there is maximum 100 orders. If there are more than 100 results they are divided into pages. If not given, it s set by default to getordersbydaterangeresponse The correct response shall include the information specified in the request. For the list of error codes, please see chapter 7. Error Codes <getorderbydatarangeresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z <currentpage> <pagescount> <returncount> 5 </responseheader> (<orders> infolinia@

22 22 (<order> (<orderstatus> <orderid> 50 String <orderstatus> <orderdate> YYYY-MM-DDTHH:MM:SS.000Z <productcode> 3 String <customer> 255 String <serialnumber>? </orderstatus>)? (<orderdetails> <requestorinfo> <firstname> 255 String <lastname> 255 String <addressline1> 255 String <addressline2>? 255 String <postalcode> 255 String <city> 255 String <country> 2 String <phone> 255 String < > 255 String </requestorinfo> (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String </organizationinfo>)? </orderdetails>)? (<certificatedetails> <certificatestatus> VALID, REVOKING, REVOKED <startdate> 25 YYYY-MM-DDTHH:MM:SS.000Z <enddate> 25 YYYY-MM-DDTHH:MM:SS.000Z <commonname> 64 String <serialnumber> 64 String <subjectname> 3000 String (<DNSNames>)? 300 String (<revokeddate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z <X509Cert> 4000 String </certificatedetails>)? </order>)* <orders>)? </getorderbydatarangeresponse> 1. Basic response information <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z <currentpage> <pagescount> <returncount> 5 </responseheader> X currentpage Information about current page of responses X pagescount Information about number of all pages X returncount Information about number of records 2. Basic order information (<orderstatus> <orderid> 50 String <orderstatus> <orderdate> YYYY-MM-DDTHH:MM:SS.000Z <productcode> 3 String <customer> 255 String <serialnumber>? infolinia@

23 23 </orderstatus>)? orderid Unique, order identifier X orderstatus Order status X orderdate Placing order date X productcode Product code 3 digits. The list of codes ID and SSL available in further parts of this document X customer 255 characters, Customer login in partner system serialnumber 3. Additional order information (<orderdetails> <requestorinfo> <firstname> 255 String <lastname> 255 String <addressline1> 255 String <addressline2>? 255 String <postalcode> 255 String <city> 255 String <country> 2 String <phone> 255 String < > 255 String </requestorinfo> (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String </organizationinfo>)? </orderdetails>)? Certificate serial number (if exists), serial number in HEX format X firstname 255 characters, customer first name X lastname 255 characters, customer last name X addressline1 255 characters, street, house addressline2 255 characters, street, house X postalcode 255 characters, postal code X city 255 characters, city X country 2 characters, country code X 255 characters, customer X phone 255 characters, phone X organizationname 255 characters, organization name X taxidentificationnumber 20 characters, tax identification number, system assumes that the characters are written without separators (no dashes and spaces) 4. Additional information about certificate (<certificatedetails> <certificatestatus> VALID, REVOKING, REVOKED <startdate> 25 YYYY-MM-DDTHH:MM:SS.000Z <enddate> 25 YYYY-MM-DDTHH:MM:SS.000Z <commonname> 64 String <serialnumber> 64 String <subjectname> 3000 String (<DNSNames>)? 300 String (<revokeddate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z <X509Cert> 4000 String </certificatedetails>)? infolinia@

24 24 X certificatestatus Certificate status: VALID, REVOKING, REVOKED X startdate timestamp without time zone, valid from X enddate timestamp without time zone, valid to X commonname may contain name and last name for ID certificates or domain name for SSL certificates X serialnumber serial number in HEX format X subjectname text, content of Subject field DNSNames revokeddate text, content of DNSNames fields timestamp without time zone, revoke date X X509Cert certificate in base64 format infolinia@

25 getmodifiedordersrequest The request requires two parameters: <fromdate> and <todate>; the range of dates. All other parameters are set to be false by default, so when there is a lack of any extra tags, then a response contains only the amount of records that meet the criteria. Date range is checked with the order create date. <getmodifiedordersrequest> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <fromdate> YYYY-MM-DD <todate> YYYY-MM-DD (<orderoption> (<orderstatus>)? true, false (<orderdetails >)? true, false (<certificatedetails>)? true, false </orderoption>)? <pagenumber>? </getmodifiedordersrequest> X fromdate Date range for submitted orders, search parameter. Date must be formatted as YYYY-MM-DD. X todate Date range for submitted orders, search parameter. Date must be formatted as YYYY-MM-DD. orderstatus orderdetails certificatedetails pagenumber The lack of this tag is equal to be false. Returns basic information about order including processing status. The lack of this tag is equal to be false. Returns details of the order. The lack of this tag is equal to be false. Returns details of the certificate (if issued). Result page number. Can get values from 1 to 100. In one response there is maximum 100 orders. If there are more than 100 results they are divided into pages. If not given it s set by default to getmodifiedordersresponse The response shall include the information specified in the request. For the list of error codes, please see chapter 7. Error Codes <getmodifiedordersresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z <currentpage> <pagescount> <returncount> 5 </responseheader> (<orders> (<order> (<orderstatus> infolinia@

26 26 <orderid> 50 String <orderstatus> <orderdate> YYYY-MM-DDTHH:MM:SS.000Z <productcode> 3 String <customer> 255 String <serialnumber>? </orderstatus>)? (<orderdetails> <requestorinfo> <firstname> 255 String <lastname> 255 String <addressline1> 255 String <addressline2>? 255 String <postalcode> 255 String <city> 255 String <country> 2 String <phone> 255 String < > 255 String </requestorinfo> (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String </organizationinfo>)? </orderdetails>)? (<certificatedetails> <certificatestatus> VALID, REVOKING, REVOKED <startdate> 25 YYYY-MM-DDTHH:MM:SS.000Z <enddate> 25 YYYY-MM-DDTHH:MM:SS.000Z <commonname> 64 String <serialnumber> 64 String <subjectname> 3000 String (<DNSNames>)? 300 String (<revokeddate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z <X509Cert> 4000 String </certificatedetails>)? </order>) * <orders>)? </getmodifiedordersresponse> 1. Basic response information <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z <currentpage> <pagescount> <returncount> 5 </responseheader> X currentpage Information about current page of responses X pagescount Information about number of all pages X returncount Information about number of records 2. Basic order information (<orderstatus> <orderid> 50 String <orderstatus> <orderdate> YYYY-MM-DDTHH:MM:SS.000Z <productcode> 3 String <customer> 255 String <serialnumber>? </orderstatus>)? infolinia@

27 27 orderid 50 characters, unique in the database X orderstatus Order status X orderdate timestamp without time zone, order date X productcode Product code 3 digits. The list of codes ID and SSL available in further parts of this document X customer 255 characters, Customer login in partner shop serialnumber 3. Additional order information (<orderdetails> <requestorinfo> <firstname> 255 String <lastname> 255 String <addressline1> 255 String <addressline2>? 255 String <postalcode> 255 String <city> 255 String <country> 2 String <phone> 255 String < > 255 String </requestorinfo> (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String </organizationinfo>)? </orderdetails>)? Certificate serial number (if exists) X firstname 255 characters, customer first name X lastname 255 characters, customer last name X addressline1 255 characters, street, house addressline2 255 characters, street, house X postalcode 255 characters, postal code X city 255 characters, city X country 2 characters, country code X 255 characters, customer X phone 255 characters, phone X organizationname 255 characters, organization name X taxidentificationnumber 20 characters, tax identification number, system assumes that the characters are written without separators (no dashes and spaces) 4. Additional information about certificate (<certificatedetails> <certificatestatus> VALID, REVOKING, REVOKED <startdate> 25 YYYY-MM-DDTHH:MM:SS.000Z <enddate> 25 YYYY-MM-DDTHH:MM:SS.000Z <commonname> 64 String <serialnumber> 64 String <subjectname> 3000 String (<DNSNames>)? 300 String (<revokeddate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z <X509Cert> 4000 String </certificatedetails>)? infolinia@

28 28 X certificatestatus 255 characters, status VALID, REVOKING, REVOKED X startdate timestamp without time zone, valid from X enddate timestamp without time zone, valid to X commonname may contain name and last name for ID certificates or domain name for SSL certificates X serialnumber serial number in HEX format X subjectname text, content of Subject field DNSNames revokeddate X509Cert text, content of DNSNames fields timestamp without time zone, revoke date certificate in base64 format infolinia@

29 getorderbyorderidrequest The request requires only the one parameter: <orderid>. All other parameters are set to be false by default, so when there is a lack of any extra tags, then an empty response is returned. <getorderbyorderidrequest> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <orderid> 50 String (<orderoption> (<orderstatus>)? true, false (<orderdetails >)? true, false (<certificatedetails>)? true, false </orderoption>)? </getorderbyorderidrequest> X orderid Unique order identifier orderstatus orderdetails certificatedetails The lack of this tag is equal to be false. Returns basic information about order including processing status The lack of this tag is equal to be false. Returns details of the order Lack of this tag is equal to be false. Returns details of the certificate (if issued) including certificate getorderbyorderidresponse The response shall include the information specified in the request. Only the one order with assigned ID shall exists as connected with only one product and one request. For the list of error codes, please see chapter 7. Error Codes <getorderbyorderidresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z <returncount> 5 </responseheader> (<orders> (<Order reissue="true"> (<orderstatus> <orderid> 50 String <orderstatus> <orderdate> YYYY-MM-DDTHH:MM:SS.000Z <productcode> 3 String <customer> 255 String <serialnumber>? </orderstatus>)? (<orderdetails> <requestorinfo> <firstname> 255 String <lastname> 255 String <addressline1> 255 String infolinia@

30 30 <addressline2>? 255 String <postalcode> 255 String <city> 255 String <country> 2 String <phone> 255 String < > 255 String </requestorinfo> (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String </organizationinfo>)? </orderdetails>)? (<certificatedetails> <certificatestatus> VALID, REVOKING, REVOKED <startdate> 25 YYYY-MM-DDTHH:MM:SS.000Z <enddate> 25 YYYY-MM-DDTHH:MM:SS.000Z <commonname> 64 String <serialnumber> 64 String <subjectname> 3000 String (<DNSNames>)? 300 String (<revokeddate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z <X509Cert> 4000 String </certificatedetails>)? </Order>? <orders>)? </getorderbyorderidresponse> 1. Basic order information (<orderstatus> <orderid> 50 String <orderstatus> <orderdate> YYYY-MM-DDTHH:MM:SS.000Z <productcode> 3 String <customer> 255 String <serialnumber>? </orderstatus>)? orderid 50 characters, unique in the database X orderstatus Order status X orderdate timestamp without time zone, order date X productcode Product code 3 digits. The list of codes ID and SSL available in further parts of this document X customer 255 characters, Customer login in partner shop serialnumber Certificate serial number (if exists) 2. Additional order information (<orderdetails> <requestorinfo> <firstname> 255 String <lastname> 255 String <addressline1> 255 String <addressline2>? 255 String <postalcode> 255 String <city> 255 String <country> 2 String <phone> 255 String < > 255 String </requestorinfo> (<organizationinfo> <organizationname> 255 String <taxidentificationnumber> 20 String </organizationinfo>)? </orderdetails>)? infolinia@

31 31 X firstname 255 characters, customer first name X lastname 255 characters, customer last name X addressline1 255 characters, street, house addressline2 255 characters, street, house X postalcode 255 characters, postal code X city 255 characters, city X country 2 characters, country code X 255 characters, customer X phone 255 characters, phone X organizationname 255 characters, organization name X taxidentificationnumber 20 characters, tax identification number, system assumes that the characters are written without separators (no dashes and spaces) 3. Additional information about certificate (<certificatedetails> <certificatestatus> VALID, REVOKING, REVOKED <startdate> 25 YYYY-MM-DDTHH:MM:SS.000Z <enddate> 25 YYYY-MM-DDTHH:MM:SS.000Z <commonname> 64 String <serialnumber> 64 String <subjectname> 3000 String (<DNSNames>)? 300 String (<revokeddate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z <X509Cert> 4000 String </certificatedetails>)? X certificatestatus 255 characters, status VALID, REVOKING, REVOKED X startdate timestamp without time zone, valid from X enddate timestamp without time zone, valid to X commonname may contain name and last name for ID certificates or domain name for SSL certificates X serialnumber serial number in HEX format X subjectname text, content of Subject field DNSNames revokeddate text, content of DNSNames fields timestamp without time zone, revoke date X X509Cert certificate in base64 format infolinia@

32 sendnotificationsrequest The request requires the one parameter: <orderid>. <sendnotification> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <orderid> 50 String </sendnotification> X orderid Unique order ID sendnotificationsresponse The response contains information about the correct processing of the request. For the list of error codes, please see chapter 7. Error Codes <sendnotificationsresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z </responseheader> </sendnotificationsresponse> infolinia@

33 getstatementrequest The request requires the one parameter: <language>. <getstatement> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <language> 2 String </getstatement> X language Country code consistent with ISO getstatementresponse The response contains a content of the statement in the requested language. For the list of error codes, please see chapter 7. Error Codes <getstattementresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z </responseheader> <statement>? String </getstatementresponse> statement Contain content of the statement infolinia@

34 cancelorderrequest The request requires the parameter: <orderid> and, optionally, allows to add a note to the cancelled order. <cancelorder> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <cancelparameters> <note> 255 String <orderid> 50 String </cancelparameters> </cancelorder> X orderid Unique order ID. note cancelorderresponse Note regarding cancelling an order The response contains information about correct processing of the request. If there is a valid certificate issued to an order error code is returned and certificate serial number in HEX form. For the list of error codes please, see chapter 7. Error Codes <cancelorderresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 <value>? 64 String </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z </responseheader> </cancelorderresponse> Value Certificate serial number in HEX form infolinia@

35 revokecertificaterequest The request requires at least serial number as a parameter. Additionally, there may be added such information as revocation reason, key compromise data and note which will be added to the revocation. <revokecertificate> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <revokecertificateparameters> <keycompromitationdate>? YYYY-MM-DD <note>? 200 String <revocationreason>? <serialnumber> 64 String </revokecertificateparameters> </revokecertificate> X serialnumber Serial number of the certificate that will be revoked keycompromisedate note revocationreason Key compromise date in YYYY-MM-DD format. Used when revocation reason is KEYCOMPROMISE Note added to the revocation request Revocation reason. May be one of the following values: UNSPECIFIED, KEYCOMPROMISE, AFFILIATIONCHANGED, CESSATIONOFOPERATION, PRIVILEGEWITHDRAWN, CERTIFICATEHOLD. If not given, then system automatically sets UNSPECIFIED reason revokecertificateresponse The response contains content of the statement in the requested language. For the list of error codes, please see chapter 7. Error Codes <revokecertificateresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 <value> 64String </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z </responseheader> </revokecertificateresponse> infolinia@

36 getcertificaterequest Request requires one of the parameter: serial number or order identifier of the certificate, that has to be downloaded. <getcertificate> <requestheader> <authtoken> <username> 255 String <password> 255 String </authtoken> </requestheader> <orderid>? 50 String <serialnumber>? 64 String </getcertificate> orderid Unique order identifier serialnumber Certificate serial number in HEX form getcertificateresponse The response contains validity dates for the certificate and certificate in PEM form and all certificates from certification path (intermediates and root CA) also in PEM form. For the list of error codes, please see chapter 7. Error Codes <getcertificateresponse> <responseheader> <successcode> 2 (<errors> (<error> <errorcode> 5 </error>)+ </errors>)? <timestamp> YYYY-MM-DDTHH:MM:SS.000Z </responseheader> (<certificatedetails> <enddate> YYYY-MM-DDTHH:MM:SS.000Z <startdate> YYYY-MM-DDTHH:MM:SS.000Z <X509Cert> 4000 String </certificatedetails>)? <cabundle> (<X509Cert>) String </cabundle> </getcertificateresponse> enddate Certificate validity end date startdate X509Cert cabundle/x509cert Certificate validity start date Certificate in PEM form Intermediate certificates and root CA certificate in PEM form (all certification path) infolinia@