GlobalSign API for SSL Certificates

Transcription

1 a GlobalSign API for SSL Certificates Implementation Guide and Definitions version 4.2 Version Release Notes Version 4.0 Changes - Added support for newer GCC2 type orders. Now orders place via the GUI can be modified via the API - Added function to change the approver after ordering - Added query functionality o Return CSR and OrderID used to place original order o To determine upcoming renewals - Added CSR Decoder and error checking function - Allow creation of Cert- Invites - Allow toggling of renewal notices by order Version 4.02 Changes - 06/20/ Fixed documentation typos and errors Version 4.1 Changes - 07/10/ Added Subscriber agreement request Version Changes 03/05/ Added Organization to Authorized Signer field for ExtendedSSL Version 4.2 Changes 03/28/ Added URLVerification methods which can be used for DomainSSL and AlphaSSL orders (Metatag Verification) Section 7.4

2 Contents 1. Outline SSL Product Type Explanations Anti-Phishing Checks Background Web Service functions Workflow overview SSL functions Service/Query functions Account functions Delivery of Issued Certificates by API URL s GlobalSign URL Test account URLs WSDL files GlobalSign URL Test account URLs Ordering DomainSSL & AlphaSSL certificates Extract Common Name from the CSR and Perform Phishing DB Check Receive List of Approver addresses Ordering a DomainSSL or AlphaSSL Certificate Ordering DomainSSL or AlphaSSL Using URLVerification (Meta-tag) URL Verification for Issue Request URL Verification for Issue Response Ordering OrganizationSSL Certificates OrganizationSSL Certificate Request Ordering the OrganizationSSL Certificate Ordering ExtendedSSL Certificates ExtendedSSL Certificate Request Ordering the ExtendedSSL Certificate General SSL Functions Changing the SubjectAltName in certificate Change SubjectAltName Create Cert-Invites (CertInviteOrder) Change Approver (ChangeApprover ) Re-Send Approver (Resend ) Modify Existing Order (ModifyOrder) Service & Query API Calls Get issued certificate Single Certificate (GetOrderByOrderID) Query API to get issued certificate - Multiple Orders (GetOrderByDateRange) Query API to Get Recently Modified Orders (GetModifiedOrders) Query to Determine Upcoming Renewals (GetOrderByExpirationDate) Query API to Get Certificate Orders (GetCertificateOrders) Query API to Reissue Certificates (ReIssue) CSR Decoder and Error Checker (DecodeCSR) Turn Renewal Notice On/Off (ToggleRenewalNotice) Account API Functions Retrieve Account Snapshot (GetAccountSnapshot) Create Sub Reseller Account (ResellerApplication) Add Deposits to Sub Reseller Account (AddResellerDeposit) Query Invoices Get Subscriber Agreement Request (GetAgreement) Code Examples: Certificate Order Entry Parameters Product codes Validity Period Date/Time Formatting GlobalSign API for Server Certificates V4.2 Page 2 of 67

3 15.4 Setting validity period of the certificate (by Not before/not after date) Order Type Base Options Licenses CreditAgency/OrganizationCode KeyLength OptionName Subject Alternative Names (SANs) Entry URLVerification Valid Approver URL Certificate Common Name relationships Country Status Explanations Order/Certificate status ModificationEventName Resend Type Success / Error Codes Client Error Codes Server Error Codes Server Error Responses by API Request Type XML Field definitions GlobalSign API for Server Certificates V4.2 Page 3 of 67

4 1. Outline GlobalSign offers a Simple Object Access Protocol (SOAP) API for its partners and customers to directly order and manage certificates. Through this API, partners can perform functions such as ordering the different products, cancelling and fulfilling orders, and querying for order data. The API supports applications for SSL certificates placed by partners and by customer using the SSL Managed service platform. Partners may place orders for all Certificate product types. 2. SSL Product Type Explanations AlphaSSL: AlphaSSL is a low end domain validated certificate and known to our resellers as AlphaSSL. This product can only be purchased in standard or wildcard options, 1-5 year validity periods. None of the other premium value add options are supported with this product. Note: in the API product code specification AlphaSSL is referenced as DV_LOW. DomainSSL: DomainSSL is a feature rich high value domain validated certificate. When placing a DomainSSL order the applicant must supply a CSR. Certificates requested by supplying a customer generated CSR are returned as standard Certificate files. To our partners these two products are known as DomainSSL and DomainSSL. Both of these product codes can be ordered as not only a standard and wildcard option, but also with certain SAN options. For the DomainSSL, there are the following Subject Alternative Names options allowed: Unified Communications support for owa, autodiscover and mail Additional Subdomain support These options can be added through both the DomainSSL product code, in 1-5 year validity periods. Note: the API product code specification DomainSSL is referenced as DV. OrganizationSSL: OrganizationSSL is a feature rich high value organization validated certificate. When placing an OrganizationSSL order the applicant must supply a CSR. Certificates requested by supplying a customer generated CSR are returned as standard Certificate files. To our partners these are known as OrganizationSSL This product code can be ordered as not only a standard and wildcard option, but also with certain SAN options. For the OrganizationSSL there are the following Subject Alternative Names options allowed: Unified Communications support for owa, autodiscover and mail Additional Subdomain support Internal Hostname support Public IP Address support Additional Fully Qualified Domain Name support These options can be added in 1-5 year validity periods. Note: the API product code specification OrganizationSSL is referenced as OV. Customers with SSL Managed Service accounts may obtain pre-vetted OrganizationSSL certificates by using the SSL Managed Service application calls. GlobalSign API for Server Certificates V4.2 Page 4 of 67

5 Extended SSL: ExtendedSSL is the product name for GlobalSign's Extended Validation (EV) SSL offering and is issued in strict adherence the published CAB Forum EV SSL guidelines covering Certificate profile format, vetting method and workflow. This product can be ordered as only a standard SSL Certificate with limited Subject Alternative Name support and does not support wildcard applications and globalip option, NOT as a wildcard option. This product can also work with all the SAN options. For the Extended SSL, the following SAN options allowed: Unified Communications support for owa, autodiscover and mail Additional Subdomain support Additional Fully Qualified Domain Name support This product can only be ordered in a 1-2 year validity period. Note: the API product code specification ExtendedSSL is referenced as EV. 3. Anti-Phishing Checks Background All domain validated Certificates (DomainSSL and AlphaSSL) are automatically put through the GlobalSign anti-phishing checks. These checks involve a series of automated processes to help identify potential phishing risks. If flagged as high risk the Certificate will not be issued until manually reviewed by a GlobalSign vetting agent. If an API based order is flagged for phishing an appropriate alert message is reported and a vetting agent will be assigned to review the order at the first convenience. 4. Web Service functions Workflow overview Order processing for SSL certificates and web identity products is asynchronous. For these types of orders an API client places an order and then later checks the server for the completed order. The functions are broken into several categories SSL functions: calls to place orders, modify or cancel orders Service & Query functions: Calls searching for complete orders (such as getting issued Certificates), decoding CSRs, validating order parameters Account functions: calls needed to perform account actions, such as checking balance and modified sub-accounts. The general approach for ordering is to place orders using an SSL functions, then periodically request the list of all orders that have changed status during a specified time interval (for example, the last four hours) using the Service/Query function of GetModifiedOrders. This returns a list of all orders and detailed order information for orders that have changed status in the specified time interval. The status of all returned orders can then be updated locally and used as necessary. An alternative to querying for a set of modified orders within a time period is to specifically request the status of a specific order. In this case the ordering flow consists of the following operations: place an order, and then periodically check the status of the specific order (GetOrderByOrderID). Once the order has been completed, the fulfillment information is returned with the GetOrderByOrderID operation. This approach is less efficient, but might be more appropriate when there is a low volume of certificates being managed. 4.1 SSL functions Function Getting list of approver addresses Getting list of approver addresses and OrderID for DVOrder (DomainSSL and API Request GetApproverList GetDVApproverList GlobalSign API for Server Certificates V4.2 Page 5 of 67

6 AlphaSSL only) Order AlphaSSL or DomainSSL certificate with Approver validation Order AlphaSSL or DomainSSL certificate with MetaTag validation Order OrganizationSSL certificate Order ExtendedSSL certificate Changing certificate order status Resend Approver s for AlphaSSL & DomainSSL orders Place an order using the cert invite functionality Change the address that the approval request is sent to for domain validated products Change the SubjectAltName in certificate. DVOrder URLVerification & URLVerificationForIssue OVOrder EVOrder ModifyOrder Resend CertInviteOrder ChangeApprover ChangeSubjectAltName 4.2 Service/Query functions Function Searching order information by Order ID Searching modified orders by modified date (from/to) Getting order list Searching orders by order date (from/to) Checking order parameter validity Decoding a CSR ReIssue Certificate Turn on/off Renewal notice Check upcoming expirations API GetOrderByOrderID GetModifiedOrders GetCertificateOrders GetOrderByDateRange ValidateOrderParameters DecodeCSR ReIssue ToggleRenewalNotice GetOrderByExpirationDate 4.3 Account functions Function To view account balance and recent usage Add deposit to a sub reseller account Query outstanding invoices Create a sub-reseller account API AccountSnapshot AddResellerDeposit QueryInvoices ResellerApplication 4.4 Delivery of Issued Certificates by Issued Certificates can be delivered directly to the customer specified in the appropriate 4.1 Order functions. In the DVOrder / OVOrder / EVOrder Request specify the end customer and their address in the <ContactInfo> field. GlobalSign API for Server Certificates V4.2 Page 6 of 67

7 Note: to directly the end customer your account must be configured on a specific template group. Contact your Account Manager or Tech Implementation Contact to arrange. 5. API URL s 5.1 GlobalSign URL The following URL s should be used to access the GlobalSign live API: SSL Functions: Service/Query: Account: Subscriber Agreement: Test account URLs The following URLs* should be used to access the GlobalSign Test API: SSL Functions: Service/Query: Account: Subscriber Agreement: N/A *Test system accounts are available to API customers upon request 6. WSDL files 6.1 GlobalSign URL GlobalSign s WSDL files are available from: SSL Functions: Service/Query: Account: Subscriber Agreement: Test account URLs Test account WSDL files are available from: SSL Functions: Service/Query: Account: *Test system accounts are available to API customers upon request GlobalSign API for Server Certificates V4.2 Page 7 of 67

8 7. Ordering DomainSSL & AlphaSSL certificates Optional - Obtain Common Name from the CSR and the Phishing DB check (1) GSValidateOrderParameters Request GSValidateOrderParameters Response Obtain the list of approver address and OrderID using Common name. (2) GetDVApproverList Request GetDVApproverList Response Order DomainSSL certificate using Order ID and selected approver e- mail address. (3) DVOrder Request DVOrder Response Sending approver (Out of API) Approve (Out of API) 1. Parsing CSR and Phishing check 2. Getting list of approver s and order id for DVOrder 3. Submit order 4. Sending approver 5. Approve or deny order GlobalSign API for Server Certificates V4.2 Page 8 of 67

9 7.1 Extract Common Name from the CSR and Perform Phishing DB Check ValidateOrderParameters Request <ValidateOrderParameters xmlns=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> DV,DV_LOW, OV,EV (<BaseOption>)? wildcard,globalip <OrderKind> new,renewal,transfer <Licenses> 3 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<CSR>)? 4000 String (<RenewalTargetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> <FQDN> 255 String (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain SAN option <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </ValidateOrderParameters> ValidateOrderParameters Response <ValidateOrderParameters xmlns=" <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> (<Price>)? 10 (<Currency>)? 10 (<ValidityPeriod> <Months> 4 GlobalSign API for Server Certificates V4.2 Page 9 of 67

10 (<NotBefore>)? (<NotAfter>)? </ValidityPeriod>)? (<ParsedCSR> <Subject> <DomainName> <Country> < > <Locality> <Organization> <OrganizationUnit> <State> <IsValidDomainName> </ParsedCSR>)? </Response> </ValidateOrderParameters> If the response includes a success code of 0, then the request procedure can continue. A success code of 1 will result in an Error code represented in the Result code box below, normally this will not stop the order however it may delay the issuance of the certificate. A success code of -1 indicates an issue with the request and the request procedure will fail. Consultation of the error codes will give the reason for this failure. 7.2 Receive List of Approver addresses The details from the ValidateOrderParameters Response can now be used to continue with the request. The next step involves receiving the list of approver addresses and an OrderID to complete the order of the certificate. GetDVApproverList Request <GetDVApproverList xmlns=" <Request> <QueryRequestHeader> <AuthToken> <UserName> 30 <Password> 30 </AuthToken> </QueryRequestHeader> <FQDN> 255 String* </Request> </GetDVApproverList> *FQDN is the CommonName from previous response GetDVApproverList Response <GetDVApproverList xmlns=" <Response> <QueryResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> <ReturnCount> 5 </QueryResponseHeader> (<Approvers> (<Approver> <ApproverType> 10 String Domain or Generic <Approver > 255 </Approver>)+ </Approvers>)? GlobalSign API for Server Certificates V4.2 Page 10 of 67

11 <OrderID>? 50 String </Response> </GetDVApproverList> This response will contain a success code, a list of approver contact details for the end user to choose from and an OrderID for continuing with the order. If the success code is -1, the request procedure will stop and the error code will have to be consulted. 7.3 Ordering a DomainSSL or AlphaSSL Certificate The final step in the order process is carried out using the information from GetDVApproverList together with the CSR and the user details of the requestor. DVOrder Request <DVOrder xmlns=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> DV, DV_LOW (<BaseOption>)? wildcard <OrderKind> new,renewal,transfer <Licenses> 1-99 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> <CSR> 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SubID>)? 50 String <OrderID> 50 String <Approver > 255 String <ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String < > 255 String </ContactInfo> <SecondContactInfo> <FirstName> 100 String <LastName> 100 String < > 255 String </SecondContactInfo> (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain option <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? GlobalSign API for Server Certificates V4.2 Page 11 of 67

12 </Request> </DVOrder> DVOrder Response <DVOrder xmlns=" <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String <!- Error empty message --> </Response> </DVOrder> If the response contains a success code of 0, GlobalSign will send out an to the Approval contact. After the contact has given his permission for the certificate to be issued, the certificate will be issued and the certificate sent via to the reseller for forwarding to the end user. 7.4 Ordering DomainSSL or AlphaSSL Using URLVerification (Meta-tag) Using the following methods will allow you to order and approve DomainSSL and AlphaSSL certificates by using a metatag for verification instead of the approver method. After the order is placed, the API response will contain a meta tag which needs to be placed in the index of the domain that is being secured. Partner API Server Outside of API: Partner / End user installs MetaTag in the <head> of the index of the domain being secured 1 2 Creates new Order with URLVerification Return Metatag Requests that SANs MetaTags are checked with the URLVerificationForIssue Request 3 Upon Success Returns Certificate with Verified SANs included 4 Outside of API: GlobalSign crawler verifies metatag GlobalSign API for Server Certificates V4.2 Page 12 of 67

13 URLVerification Order Request <URLVerification xmlns=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> DV_HIGH_URL, DV_LOW_URL (<BaseOption>)? wildcard <OrderKind> new,renewal,transfer <Licenses> 1-99 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> <CSR> 4000 String (<RenewalTargetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SubID>)? 50 String <OrderID> 50 String <ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String < > 255 String </ContactInfo> <SecondContactInfo> <FirstName> 100 String <LastName> 100 String < > 255 String </SecondContactInfo> (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain option <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </URLVerification> URLVerification Order Response The response contains both the metatag and a list of allowable domains on which we can verify the FQDN with. The metatag needs to be place on the index of the domain. <URLVerificationResponse xmlns=" <Response> GlobalSign API for Server Certificates V4.2 Page 13 of 67

14 <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String <!- Error empty message --> <Metatag>? 50 String <!- Error empty message --> <VerificationURLList> <VerificationURL> 1000 String <VerificationURLList> </Response> </ URLVerificationResponse> URL Verification for Issue Request After placing the metatag on one of the allowable domains, the following request is used to have our crawler verify the metatag. <ns2: URLVerificationForIssue xmlns:ns2=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderID> <ApproverURL> 64 String </Request> </ URLVerificationForIssue > URL Verification for Issue Response <UrlVerificationForIssue> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> (<UrlVerificationForIssue> (<CertificateInfo> <CertificateStatus> 5 <StartDate> <EndDate> <CommonName> 64 String <SerialNumber> 64 String <SubjectName> 3000 String (<DNSNames>)? 300 String </CertficateInfo>)? (<Fulfillment> (<CACertificates> (<CACertificate> <CACertType> Root, Inter <CACert> 4000 String </CACertificate>)+ </CACertificates>)? (<ServerCertificate> <X509Cert> 4000 String GlobalSign API for Server Certificates V4.2 Page 14 of 67

15 <PKCS7Cert> 4000 String </ServerCertificate>)? </Fulfillment>)? </UrlVerificationForIssue>)? </Response> </UrlVerificationForIssue> 8. Ordering OrganizationSSL Certificates Obtaining Common Name from the CSR and the Phishing DB check (1) ValidateOrderParameters Request ValidateOrderParameters Response Order OrganizationSSL certificate (2) OVOrder Request OVOrder Response 1. Parsing CSR and Phishing check 2. Submit order 8.1 OrganizationSSL Certificate Request Extracting Common Name from the CSR and carrying out a Phishing db Check ValidateOrderParameters Request <ValidateOrderParameters xmlns=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> OV (<BaseOption>)? wildcard <OrderKind> new,renewal,transfer <Licenses> 3 (<Options> (<Option> GlobalSign API for Server Certificates V4.2 Page 15 of 67

16 <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<CSR>)? 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> <FQDN> 255 String (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </ValidateOrderParameters > ValidateOrderParameters Response <ValidateOrderParameters xmlns=" <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> (<Price>)? 10 (<Currency>)? 10 (<ValidityPeriod> <Months> 4 (<NotBefore>)? (<NotAfter>)? </ValidityPeriod>)? (<ParsedCSR> <Subject> <DomainName> <Country> < > <Locality> <Organization> <OrganizationUnit> <State> <IsValidDomainName> </ParsedCSR>)? </Response> </ValidateOrderParameters > GlobalSign API for Server Certificates V4.2 Page 16 of 67

17 8.2 Ordering the OrganizationSSL Certificate OVOrder Request <OVOrder xmlns=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> OV, TEST_OV (<BaseOption>)? wildcard, globalip <OrderKind> new,renewal,transfer <Licenses> 1-99 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> <CSR> 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SubID>)? 50 String <OrganizationInfo> <OrganizationName> 255 String (<CreditAgency>)? 1:DUNS, 2:TDB (<OrganizationCode>)? 50 String <OrganizationAddress> <AddressLine1> 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String <Region> 255 String <PostalCode> 20 String <Country> 30 String <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfo> <ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String < > 255 String </ContactInfo> (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option <SubjectAltName> 4000 String (<ModifyOperation>)? ADDITION, UNCHANGED, DELETE </SANEntry>)+ </SANEntries>)? GlobalSign API for Server Certificates V4.2 Page 17 of 67

18 </Request> </OVOrder> OVOrder Response <OVOrder xmlns=" <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String <!- Error empty message --> </Response> </OVOrder> 9. Ordering ExtendedSSL Certificates (1) GSValidateOrderParameters Request Obtaining Common Name from the CSR and the Phishing DB check GSValidateOrderParameters Response (2) EVOrder Request Order ExtendedSSL certificate EVOrder Response 1. Parsing CSR and Phishing check 2. Request an order 9.1 ExtendedSSL Certificate Request ValidateOrderParameters Request <ValidateOrderParameters xmlns=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String GlobalSign API for Server Certificates V4.2 Page 18 of 67

19 <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> EV (<BaseOption>)? wildcard,globalip <OrderKind> new,renewal,transfer <Licenses> 3 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<CSR>)? 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> <FQDN> 255 String (<SANEntries> (<SANEntry> <SANOptionType> <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </ValidateOrderParameters > 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option ValidateOrderParameters Response <ValidateOrderParameters xmlns=" <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> (<Price>)? 10 (<Currency>)? 10 (<ValidityPeriod> <Months> 4 (<NotBefore>)? (<NotAfter>)? </ValidityPeriod>)? (<ParsedCSR> <Subject> <DomainName> <Country> < > <Locality> GlobalSign API for Server Certificates V4.2 Page 19 of 67

20 <Organization> <OrganizationUnit> <State> <IsValidDomainName> </ParsedCSR>)? </Response> </ValidateOrderParameters > 9.2 Ordering the ExtendedSSL Certificate EVOrder Request <EVOrder xmlns=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> EV (<BaseOption>)? wildcard,globalip <OrderKind> new,renewal,transfer <Licenses> 1-99 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> <CSR> 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SubID>)? 50 String <OrganizationInfoEV> (<CreditAgency>)? 1:DUNS, 2:TDB (<OrganizationCode>)? 50 String (<BusinessAssumedName>)? 255 String <BusinessCategoryCode> PO:Private Organization GE:Government Entity BE:BusinessEntity <OrganizationAddress> <AddressLine1> 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String <Region> 255 String <PostalCode> 20 String <Country> 30 String ISO <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfoEV> <RequestorInfo> <FirstName> 100 String <LastName> 100 String (<Function>)? 255 String <OrganizationName> 255 String GlobalSign API for Server Certificates V4.2 Page 20 of 67

21 (<OrganizationUnit>)? 100 String <Phone> 30 String < > 255 String </RequestorInfo> <ApproverInfo> <FirstName> 100 String <LastName> 100 String (<Function>)? 255 String <OrganizationName> 255 String (<OrganizationUnit>)? 100 String <Phone> 30 String < > 255 String </ApproverInfo> <AuthorizedSignerInfo> <OrganizationName> 255 String <FirstName> 100 String <LastName> 100 String (<Function>)? 255 String <Phone> 30 String < > 255 String </AuthorizedSignerInfo> <JurisdictionInfo> <Country> 30 String ISO <StateOrProvince> 255 String <Locality> 200 String <IncorporatingAgencyRegistrationNumber> 100 String </JurisdictionInfo> <ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String < > 255 String </ContactInfo> (<SANEntries> (<SANEntry> <SANOptionType> <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </EVOrder> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option EVOrder Response <EVOrder xmlns=" <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> 25 </OrderResponseHeader> <OrderID>? 50 String <!- Error empty message --> </Response> </EVOrder> GlobalSign API for Server Certificates V4.2 Page 21 of 67

22 10. General SSL Functions 10.1 Changing the SubjectAltName in certificate DomainSSL Set the Common Name and get approver list and OrderId (1) GetDVApproverList Request GetDVApproverList Response Order ChangeSubjectAltName using OrderID and selected approver address (2) ChangeSubjectAltName Request ChangeSubjectAltName Response 1. Getting list of approver and OrderID for ChangeSubjectAltName(with Phishing check) 2. Request an SAN Order 3. Sending approver 4. Approve or deny order OrganizationalSSL, Extended SSL Set SubjectAltName information and order certificate (1) ChangeSubjectAltName Request ChangeSubjectAltName Response GlobalSign API for Server Certificates V4.2 Page 22 of 67

23 10.2 Change SubjectAltName Use the ChangeSubjectAltName API to change (add or delete) SubjectAltName(s) of issued certificate. <SANEntries> parameters should be set as how SubjectAltName(s) would be after this change. GetDVApproverList API should be requested beforehand for DomainSSL. New certificate with requested SubjectAltName will be issued after the vetting is completed and be able to get using Query APIs. ChangeSubjectAltName Request <ChangeSubjectAltName xmlns=" "> <Request> <OrderRequestHeader> <AuthToken> <UserName> <Password> </AuthToken> </OrderRequestHeader> (<OrderID>)? 50 String <TargetOrderID> 50 String (<Approver >)? (<SANEntries> (<SANEntryArray> <SANOptionType> <SubjectAltName> 64 String </SANEntryArray>)+ </SANEntries>)? <PIN>? String </Request> </ChangeSubjectAltName> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option ChangeSubjectAltName Response <ChangeSubjectAltName xmlns=" <Response> <OrderResponseHeader> <SuccessCode> (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String (<TargetOrderID>)? 50 String </Response> </ChangeSubjectAltName> 10.3 Create Cert-Invites (CertInviteOrder) Request which allows the ordering and creation of Cert-Invites. CertInviteOrder Request <CertInviteOrder > <Request> GlobalSign API for Server Certificates V4.2 Page 23 of 67

24 <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> DV_LOW, DV,OV,EV (<BaseOption>)? Wildcard <OrderKind> new,renewal,transfer (<Options> (<Option> <OptionName> EXP: ExpressOption INS: InsuranceOption GSS: GSSupportOption REX: RenewalExtentionOption VPC: ValidityPeriodCustomizeOption SAN: SANOption true,false <OptionValue> </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<RenewalTergetOrderID)? 50 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option </SANEntry>)+ </SANEntries>)? <CertInviteExpirationDate> 25 <RecipientDeliveryOption> true,false <CertInviteRecipient > 255 String </Request> </ CertInviteOrder > CertInviteOrder Response <CertInviteOrder> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <PIN> 255 String </Response> </CertInviteOrder> GlobalSign API for Server Certificates V4.2 Page 24 of 67

25 10.4 Change Approver (ChangeApprover ) A request which allows the API user to change the approver for the order. When request is submitted a new approval request will be sent to the approver provided. The user may optionally use a get approver list request before submitting the change approver request. ChangeApprover Request <ChangeApprover > <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderID> 50 String <Approver > 255 String <FQDN> 255 String </Request> </ChangeApprover > ChangeApprover Response <ChangeApprover > <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String </Response> </ChangeApprover > 10.5 Re-Send Approver (Resend ) If the user did not receive or lost his Approver message you can use the Resend API to resend this . Resend Request <Resend xmlns=" <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 <Password> 30 </AuthToken> </OrderRequestHeader> <OrderID> 50 String <Resend Type> 20 String APPROVER GlobalSign API for Server Certificates V4.2 Page 25 of 67

26 </Request> </Resend > Resend Response <Resend xmlns=" <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String </Response> </Resend > 10.6 Modify Existing Order (ModifyOrder) Using the ModifyOrder API you can Approve, Cancel or Revoke a Certificate or Certificate Request by using the OrderID of the Order. ModifyOrder Request <ModifyOrder xmlns=" <Request > <OrderRequestHeader> <AuthToken> <UserName> <Password> </AuthToken> </OrderRequestHeader> <OrderID> 50 String <ModifyOrderOperation> APPROVE,CANCEL,REVOKE </Request > </ModifyOrder> ModifyOrder Response <ModifyOrder xmlns=" <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String </Response> </ModifyOrder> GlobalSign API for Server Certificates V4.2 Page 26 of 67

27 11. Service & Query API Calls 11.1 Get issued certificate Single Certificate (GetOrderByOrderID) GetOrderByOrderID Request <GetOrderByOrderID xmlns=" <Request> <QueryRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </QueryRequestHeader> <OrderID> 50 String (<OrderQueryOption> (<OrderStatus>)? <!- N/A --> (<ReturnOrderOption>)? 5 String true, false (<ReturnCertificateInfo>)? 5 String true, false (<ReturnFulfillment>)? 5 String true, false (<ReturnCACerts>)? 5 String ReturnFulfillment true </OrderQueryOption>)? </Request> </GetOrderByOrderID> GetOrderByOrderID Response GetOrderByOrderID xmlns=" <Response> <QueryResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> 25 <ReturnCount> 5 </QueryResponseHeader> <OrderID>? 50 String (<Pkcs12File>)? 4000 String (<OrderDetail> <OrderInfo> <OrderID> 50 String <ProductCode> 20 String (<BaseOption>)? 20 String <OrderKind> 10 String <Licenses> 3 (<ExpressOption>)? 5 String (<ValidityPeriodCustomizeOption>)? 5 String (<InsuranceOption>)? 5 String (<GSSupportOption>)? 5 String (<RenewalExtentionOption>)? 5 String <DomainName> 255 String <OrderDate> 25 (<OrderCompleteDate>)? 25 (<OrderCanceledDate>)? 25 (<OrderDeactivatedDate>)? 25 <OrderStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 5: Cancelled - Issued 6: Waiting for revocation 7: Revoked <Price> 10 <Currency> 10 String GlobalSign API for Server Certificates V4.2 Page 27 of 67

28 <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<SpecialInstructions>)? 4000 String </OrderInfo> <OrderSubInfo> <CSRSkipOrderFlag> 5 String true,false <DNSOrderFlag> 5 String true,false <TrustedOrderFlag> 5 String true,false (<P12DeleteStatus>)? 5 (<P12DeleteDate>)? 25 (<VerificationUrl>)? 300 String <SubId> 50 String </OrderSubInfo> (<OrderOption> <ApproverNotifiedDate>? 25 <ApproverConfirmDate>? 25 <Approver Address>? 255 String <OrganizationInfo> <OrganizationName> 255 String (<CreditAgency>)? 50 String (<OrganizationCode>)? 50 String (<BusinessAssumedName>)? 255 String (<BusinessCategoryCode>)? 20 String <OrganizationAddress> <AddressLine1> 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String <Region> 255 String <PostalCode> 20 String <Country> 30 String <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfo> (<RequestorInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String <OrganizationUnit> 100 String <Phone> 30 String < > 255 String </RequestorInfo>)? (<ApproverInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String (<OrganizationUnit>)? 100 String <Phone> 30 String < > 255 String </ApproverInfo>)? (<AuthorizedSignerInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <Phone> 30 String < > 255 String </AuthorizedSignerInfo>)? (<JurisdictionInfo> <Country> 30 String <StateOrProvince> 255 String <Locality> 200 String <IncorporatingAgencyRegistrationNumber> 100 String </JurisdictionInfo>)? (<ContactInfo> <FirstName> 100 String GlobalSign API for Server Certificates V4.2 Page 28 of 67

29 <LastName> 100 String <Phone> 30 String < > 255 String </ContactInfo>)? </OrderOption>)? (<CertificateInfo> <CertificateStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 6: Waiting for revocation 7: Revoked <StartDate> 25 <EndDate> 25 <CommonName> 64 String <SerialNumber> 64 String <SubjectName> 3000 String (<DNSNames>)? 300 String </CertificateInfo>)? (<Fulfillment> (<CACertificates> (<CACertificate> <CACertType> 15 String Root,Inter <CACert> 4000 String </CACertificate>)+ </CACertificates>)? (<ServerCertificate> <X509Cert> 4000 String <PKCS7Cert> 4000 String </ServerCertificate>)? </Fulfillment>)? <ModificationEvents> (<ModificationEvent> <ModificationEventName> 5 <ModificationEventTimestamp>25 </ModificationEvent>)+ </ModificationEvents>? </OrderDetail>)? </Response> </GetOrderByOrderID> 11.2 Query API to get issued certificate - Multiple Orders (GetOrderByDateRange) GetOrderByDateRange Request <GetOrderByDateRange xmlns=" <Request> <QueryRequestHeader> <AuthToken> <UserName> 30 <Password> 30 </AuthToken> </QueryRequestHeader> <FromDate> <ToDate> (<OrderQueryOption> (<OrderStatus>)? 5 String true, false (<ReturnOrderOption>)? 5 String true, false (<ReturnCertificateInfo>)? 5 String true, false (<ReturnFulfillment>)? 5 String true, false (<ReturnCACerts>)? 5 String </OrderQueryOption>)? </Request> </GetOrderByDataRange> GetOrderByDateRange Response <GetOrderByDateRange xmlns=" <Response> GlobalSign API for Server Certificates V4.2 Page 29 of 67

30 <QueryResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> 25 <ReturnCount> 5 </QueryResponseHeader> <FromDate>? 25 <ToDate>? 25 (<OrderDetails> (<OrderDetail> <OrderInfo> <OrderID> 50 String <ProductCode> 20 String (<BaseOption>)? 20 String <OrderKind> 10 String <Licenses> 3 (<ExpressOption>)? 5 String (<ValidityPeriodCustomizeOption>)?5 String (<InsuranceOption>)? 5 String (<GSSupportOption>)? 5 String (<RenewalExtentionOption>)?5 String <DomainName> 255 String <OrderDate> 25 (<OrderCompleteDate>)? 25 (<OrderCanceledDate>)? 25 (<OrderDeactivatedDate>)? 25 <OrderStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 5: Cancelled - Issued 6: Waiting for revocation 7: Revoked <Price> 10 <Currency> 10 String <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<SpecialInstructions>)? 4000 String </OrderInfo> <OrderSubInfo> <CSRSkipOrderFlag> 5 String true,false <DNSOrderFlag> 5 String true,false <TrustedOrderFlag> 5 String true,false (<P12DeleteStatus>)? 5 (<P12DeleteDate>)? 25 (<VerificationUrl>)? 300 String <SubId> 50 String </OrderSubInfo> (<OrderOption> <ApproverNotifiedDate>? 25 <ApproverConfirmDate>? 25 <Approver Address>? 255 String <OrganizationInfo> <OrganizationName> 255 String (<CreditAgency>)? 50 String (<OrganizationCode>)? 50 String (<BusinessAssumedName>)? 255 String (<BusinessCategoryCode>)? 20 String <OrganizationAddress> (<AddressLine1>)? 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String GlobalSign API for Server Certificates V4.2 Page 30 of 67

31 <Region> 255 String (<PostalCode>)? 20 String <Country> 30 String <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfo> (<RequestorInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String <OrganizationUnit> 100 String <Phone> 30 String < > 255 String </RequestorInfo>)? (<ApproverInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String (<OrganizationUnit>)? 100 String <Phone> 30 String < > 255 String </ApproverInfo>)? (<AuthorizedSignerInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <Phone> 30 String < > 255 String </AuthorizedSignerInfo>)? (<JurisdictionInfo> <Country> 30 String <StateOrProvince> 255 String <Locality> 200 String <IncorporatingAgencyRegistrationNumber>100 String </JurisdictionInfo>)? (<ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String < > 255 String </ContactInfo>)? </OrderOption>)? (<CertificateInfo> <CertificateStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 6: Waiting for revocation 7: Revoked <StartDate> 25 <EndDate> 25 <CommonName> 64 String <SerialNumber> 64 String <SubjectName> 3000 String (<DNSNames>)? 300 String </CertificateInfo>)? (<Fulfillment> (<CACertificates> (<CACertificate> <CACertType> 15 String Root,Inter <CACert> 4000 String </CACertificate>)+ </CACertificates>)? (<ServerCertificate> <X509Cert> 4000 String <PKCS7Cert> 4000 String </ServerCertificate>)? </Fulfillment>)? GlobalSign API for Server Certificates V4.2 Page 31 of 67

32 <ModificationEvents> (<ModificationEvent> <ModificationEventName> 5 <ModificationEventTimestamp>25 </ModificationEvent>)+ </ModificationEvents>? </OrderDetail>)+ </OrderDetails>)? </Response> </GetOrderByDataRange> 11.3 Query API to Get Recently Modified Orders (GetModifiedOrders) As mentioned above the GetModifiedOrders API will return a list of orders modified within a specified time frame. GetModifiedOrders Request <GetModifiedOrders xmlns=" <Request> <QueryRequestHeader> <AuthToken> <UserName> <Password> </AuthToken> </QueryRequestHeader> <FromDate> <ToDate> (<OrderQueryOption> (<OrderStatus>)? 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 5: Cancelled - Issued 6: Waiting for revocation 7: Revoked (<ReturnOrderOption>)? true,false (<ReturnCertificateInfo>)? true,false (<ReturnFulfillment>)? true,false (<ReturnCACerts>)? true,false </OrderQueryOption>)? </Request> </GetModifiedOrders> GetModifiedOrders Response <GetModifiedOrders xmlns=" <Response> <QueryResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> 25 <ReturnCount> 5 </QueryResponseHeader> <FromDate>? 25 <ToDate>? 25 (<OrderDetails> (<OrderDetail> <OrderInfo> <OrderID> 50 String <ProductCode> 20 String GlobalSign API for Server Certificates V4.2 Page 32 of 67

33 (<BaseOption>)? 20 String <OrderKind> 10 String <Licenses> 3 (<ExpressOption>)? 5 String (<ValidityPeriodCustomizeOption>)?5 String (<InsuranceOption>)? 5 String (<GSSupportOption>)? 5 String (<RenewalExtentionOption>)?5 String <DomainName> 255 String <OrderDate> 25 (<OrderCompleteDate>)? 25 (<OrderCanceledDate>)? 25 (<OrderDeactivatedDate>)? 25 <OrderStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 5: Cancelled - Issued 6: Waiting for revocation 7: Revoked <Price> 10 <Currency> 10 String <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<SpecialInstructions>)? 4000 String </OrderInfo> <OrderSubInfo> <CSRSkipOrderFlag> 5 String true,false <DNSOrderFlag> 5 String true,false <TrustedOrderFlag> 5 String true,false (<P12DeleteStatus>)? 5 (<P12DeleteDate>)? 25 (<VerificationUrl>)? 300 String <SubId> 50 String </OrderSubInfo> (<OrderOption> <ApproverNotifiedDate>? 25 <ApproverConfirmDate>? 25 <Approver Address>? 255 String <OrganizationInfo> <OrganizationName>255 String (<CreditAgency>)? 50 String (<OrganizationCode>)? 50 String (<BusinessAssumedName>)? 255 String (<BusinessCategoryCode>)? 20 String <OrganizationAddress> (<AddressLine1>)? 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String <Region> 255 String (<PostalCode>)? 20 String <Country> 30 String <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfo> (<RequestorInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String <OrganizationUnit> 100 String <Phone> 30 String < > 255 String </RequestorInfo>)? (<ApproverInfo> GlobalSign API for Server Certificates V4.2 Page 33 of 67