GlobalSign API for SSL Certificates

Similar documents
GlobalSign API for SSL Certificates

GlobalSign API for SSL Certificates

GlobalSign API for SSL Certificates. Implementation Guide and Definitions Version /23/2018. Version Release Notes

GlobalSign API for MSSL Certificates

Version 4.3. assecods.pl

GlobalSign API for EPKI

GlobalSign API for MSSL Certificates

GlobalSign API for CloudSSL

GlobalSign API for MSSL Certificates

GeoTrust API Quick Guide

Managed SSL Quick Start Guide

GlobalSign APIs for MSSL Certificates

GAS (Global Agent System)

COMODO CA SSL CERTIFICATES

COMODO CA SSL CERTIFICATES

SSL Certificates Enrollment, Collection, Installation and Renewal

IceWarp SSL Certificate Process

OnlineNIC SSL API User Guide

Certificate Details Order Summary Full Order Details User & Contact Details GCC Log GCC Audit Log...

GlobalSign Integration Guide. GlobalSign Enterprise PKI (EPKI) and VMware Workspace ONE UEM (AirWatch)

GlobalSign Integration Guide

GlobalSign Enterprise Solutions. Enterprise PKI. Administrator Guide. Version 2.6

Comodo Certificate Manager

Reports Web Services API. InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104

Public. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2

Comodo Certificate Manager

GlobalSign Enterprise Solution epki Administrator guide v1.9. GlobalSign Enterprise Solutions

Comodo Certificate Manager

Technical resources. OneClickSSL. ISPsystem Plug-in

Comodo Server Security Server

Comodo Certificate Manager

Comodo Certificate Manager

Software Version 5.0. Administrator Guide Release Date: 7th April, InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104

GlobalSign Certification Practice Statement

AusCERT Certificate Services Manager. AusCERT Certificate Services Manager Reports Web Services API 1

Enterprise Certificate Console. Simplified Control for Digital Certificates from the Cloud

Overview and Tutorial

Template for defining an RDS Purpose: Domain Name Certification Mailing list address: Mailing list archive:

GlobalSign Certification Practice Statement

PURCHASING AN ENTRUST DATACARD SSL/TLS CERTIFICATE. Document issue: 12.2 Date of issue: July 2017

This help covers the ordering, download and installation procedure for Odette Digital Certificates.

Comodo Certificate Manager

IoPT Consulting, LLC 2 June 2015

GlobalSign Enterprise Solutions

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

Bugzilla ID: Bugzilla Summary:

Partner Documentation Reseller Portal Guide

DigiCert User Guide. Version 6.4

OnlineNIC SSL API User Guide

DigiCert User Guide (GÉANT)

WeChat Adobe Campaign Integration - User Guide

Merchant Reporting Tool Interface guideline

AirWatch Mobile Device Management

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Partner Documentation Reseller Portal Guide

Comodo Certificate Manager

Comodo Certificate Manager Version 5.7

VSP18 Venafi Security Professional

Comodo Certificate Manager Version 5.6

Comodo Accounts Management Software Version 15.0

NETBANK USER GUIDE v

Integration Architecture Of SDMS

administrative control

Comodo Certificate Manager

Creating Trust Online TM. Extended Validation (EV) High Assurance SSL Certificate Reseller Program

Mitel MiVoice Connect Security Certificates

Comodo Certificate Manager Version 5.7

DRAFT REVISIONS BR DOMAIN VALIDATION

Integrating AirWatch and VMware Identity Manager

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

SHS Version 1.2 CA. The Swedish Agency for Public Management oct This version:

Comodo UCC Quick Start. This document describes how to get started using the Comodo Unified Communication Certificate.

Comodo Accounts Management Software Version 17.0

DigiCert User Guide (GÉANT)

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

H O W T O I N S T A L L A N S S L C E R T I F I C A T E V I A C P A N E L

Comodo Certificate Manager Version 5.5

Comodo Certificate Manager Version 6.0

Managed DNS API Specification Version July 28, 2008

Director and Certificate Authority Issuance

Comodo Certificate Manager Version 5.7

Queens Library API Requirements Document For e-content Partners

BMC FootPrints 12 Integration with Remote Support

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

General Settings General Settings Settings

Person determining CPS suitability for the policy CPS approval procedures 1.6. DEFINITIONS AND ACRONYMS

Vocera Messaging Platform API Guide. Version 5.2.3

ENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017

Server software page. Certificate Signing Request (CSR) Generation. Software

The JANET Certificate Service

But where'd that extra "s" come from, and what does it mean?

Order and Payment APIs. Section A: Getting Started Guide

Troubleshooting External Services (External Message Store, Calendar Integrations, Calendar Information for PCTRs) in Cisco Unity Connection 8.

OKPAY guides INTEGRATION OVERVIEW

Carrier Roles... 3 CCM Role Alerts Pane Headers Alerts Pane... 4 Workflow Status... 4

Rocket U2 Clients and APIs

Citrix Analytics Data Governance Collection, storage, and retention of logs generated in connection with Citrix Analytics service.

Reseller Program For the Sectigo Partner Network

estos EWS Calendar Replicator

Amadeus Web UETT Report

Transcription:

a GlobalSign API for SSL Certificates Implementation Guide and Definitions version 4.2 Version Release Notes Version 4.0 Changes - Added support for newer GCC2 type orders. Now orders place via the GUI can be modified via the API - Added function to change the approver email after ordering - Added query functionality o Return CSR and OrderID used to place original order o To determine upcoming renewals - Added CSR Decoder and error checking function - Allow creation of Cert- Invites - Allow toggling of renewal notices by order Version 4.02 Changes - 06/20/2012 - Fixed documentation typos and errors Version 4.1 Changes - 07/10/2012 - Added Subscriber agreement request Version 4.1.1 Changes 03/05/2013 - Added Organization to Authorized Signer field for ExtendedSSL Version 4.2 Changes 03/28/2013 - Added URLVerification methods which can be used for DomainSSL and AlphaSSL orders (Metatag Verification) Section 7.4

Contents 1. Outline... 4 2. SSL Product Type Explanations... 4 3. Anti-Phishing Checks Background... 5 4. Web Service functions Workflow overview... 5 4.1 SSL functions... 5 4.2 Service/Query functions... 6 4.3 Account functions... 6 4.4 Delivery of Issued Certificates by Email... 6 5. API URL s... 7 5.1 GlobalSign URL... 7 5.2 Test account URLs... 7 6. WSDL files... 7 6.1 GlobalSign URL... 7 6.2 Test account URLs... 7 7. Ordering DomainSSL & AlphaSSL certificates... 8 7.1 Extract Common Name from the CSR and Perform Phishing DB Check... 9 7.2 Receive List of Approver email addresses... 10 7.3 Ordering a DomainSSL or AlphaSSL Certificate... 11 7.4 Ordering DomainSSL or AlphaSSL Using URLVerification (Meta-tag)... 12 URL Verification for Issue Request... 14 URL Verification for Issue Response... 14 8. Ordering OrganizationSSL Certificates... 15 8.1 OrganizationSSL Certificate Request... 15 8.2 Ordering the OrganizationSSL Certificate... 17 9. Ordering ExtendedSSL Certificates... 18 9.1 ExtendedSSL Certificate Request... 18 9.2 Ordering the ExtendedSSL Certificate... 20 10. General SSL Functions... 22 10.1 Changing the SubjectAltName in certificate... 22 10.2 Change SubjectAltName... 23 10.3 Create Cert-Invites (CertInviteOrder)... 23 10.4 Change Approver Email (ChangeApproverEmail)... 25 10.5 Re-Send Approver Email (ResendEmail)... 25 10.6 Modify Existing Order (ModifyOrder)... 26 11. Service & Query API Calls... 27 11.1 Get issued certificate Single Certificate (GetOrderByOrderID)... 27 11.2 Query API to get issued certificate - Multiple Orders (GetOrderByDateRange).. 29 11.3 Query API to Get Recently Modified Orders (GetModifiedOrders)... 32 11.4 Query to Determine Upcoming Renewals (GetOrderByExpirationDate)... 34 11.5 Query API to Get Certificate Orders (GetCertificateOrders)... 36 11.6 Query API to Reissue Certificates (ReIssue)... 37 11.7 CSR Decoder and Error Checker (DecodeCSR)... 37 11.8 Turn Renewal Notice On/Off (ToggleRenewalNotice)... 38 12. Account API Functions... 39 12.1 Retrieve Account Snapshot (GetAccountSnapshot)... 39 12.2 Create Sub Reseller Account (ResellerApplication)... 40 12.3 Add Deposits to Sub Reseller Account (AddResellerDeposit)... 41 12.4 Query Invoices... 42 13. Get Subscriber Agreement Request (GetAgreement)... 43 14. Code Examples:... 43 15. Certificate Order Entry Parameters... 45 15.1 Product codes... 45 15.2 Validity Period... 45 15.3 Date/Time Formatting... 45 GlobalSign API for Server Certificates V4.2 Page 2 of 67

15.4 Setting validity period of the certificate (by Not before/not after date)... 45 15.5 Order Type... 46 15.6 Base Options... 46 15.7 Licenses... 46 15.8 CreditAgency/OrganizationCode... 46 15.9 KeyLength... 46 15.10 OptionName... 47 15.11 Subject Alternative Names (SANs) Entry... 47 15.12 URLVerification Valid Approver URL Certificate Common Name relationships47 15.13 Country... 47 16. Status Explanations... 50 16.1 Order/Certificate status... 50 16.2 ModificationEventName... 51 16.3 ResendEmailType... 51 16.4 Success / Error Codes... 52 Client Error Codes... 52 Server Error Codes... 55 16.5 Server Error Responses by API Request Type... 57 17. XML Field definitions... 58 GlobalSign API for Server Certificates V4.2 Page 3 of 67

1. Outline GlobalSign offers a Simple Object Access Protocol (SOAP) API for its partners and customers to directly order and manage certificates. Through this API, partners can perform functions such as ordering the different products, cancelling and fulfilling orders, and querying for order data. The API supports applications for SSL certificates placed by partners and by customer using the SSL Managed service platform. Partners may place orders for all Certificate product types. 2. SSL Product Type Explanations AlphaSSL: AlphaSSL is a low end domain validated certificate and known to our resellers as AlphaSSL. This product can only be purchased in standard or wildcard options, 1-5 year validity periods. None of the other premium value add options are supported with this product. Note: in the API product code specification AlphaSSL is referenced as DV_LOW. DomainSSL: DomainSSL is a feature rich high value domain validated certificate. When placing a DomainSSL order the applicant must supply a CSR. Certificates requested by supplying a customer generated CSR are returned as standard Certificate files. To our partners these two products are known as DomainSSL and DomainSSL. Both of these product codes can be ordered as not only a standard and wildcard option, but also with certain SAN options. For the DomainSSL, there are the following Subject Alternative Names options allowed: Unified Communications support for owa, autodiscover and mail Additional Subdomain support These options can be added through both the DomainSSL product code, in 1-5 year validity periods. Note: the API product code specification DomainSSL is referenced as DV. OrganizationSSL: OrganizationSSL is a feature rich high value organization validated certificate. When placing an OrganizationSSL order the applicant must supply a CSR. Certificates requested by supplying a customer generated CSR are returned as standard Certificate files. To our partners these are known as OrganizationSSL This product code can be ordered as not only a standard and wildcard option, but also with certain SAN options. For the OrganizationSSL there are the following Subject Alternative Names options allowed: Unified Communications support for owa, autodiscover and mail Additional Subdomain support Internal Hostname support Public IP Address support Additional Fully Qualified Domain Name support These options can be added in 1-5 year validity periods. Note: the API product code specification OrganizationSSL is referenced as OV. Customers with SSL Managed Service accounts may obtain pre-vetted OrganizationSSL certificates by using the SSL Managed Service application calls. GlobalSign API for Server Certificates V4.2 Page 4 of 67

Extended SSL: ExtendedSSL is the product name for GlobalSign's Extended Validation (EV) SSL offering and is issued in strict adherence the published CAB Forum EV SSL guidelines covering Certificate profile format, vetting method and workflow. This product can be ordered as only a standard SSL Certificate with limited Subject Alternative Name support and does not support wildcard applications and globalip option, NOT as a wildcard option. This product can also work with all the SAN options. For the Extended SSL, the following SAN options allowed: Unified Communications support for owa, autodiscover and mail Additional Subdomain support Additional Fully Qualified Domain Name support This product can only be ordered in a 1-2 year validity period. Note: the API product code specification ExtendedSSL is referenced as EV. 3. Anti-Phishing Checks Background All domain validated Certificates (DomainSSL and AlphaSSL) are automatically put through the GlobalSign anti-phishing checks. These checks involve a series of automated processes to help identify potential phishing risks. If flagged as high risk the Certificate will not be issued until manually reviewed by a GlobalSign vetting agent. If an API based order is flagged for phishing an appropriate alert message is reported and a vetting agent will be assigned to review the order at the first convenience. 4. Web Service functions Workflow overview Order processing for SSL certificates and web identity products is asynchronous. For these types of orders an API client places an order and then later checks the server for the completed order. The functions are broken into several categories SSL functions: calls to place orders, modify or cancel orders Service & Query functions: Calls searching for complete orders (such as getting issued Certificates), decoding CSRs, validating order parameters Account functions: calls needed to perform account actions, such as checking balance and modified sub-accounts. The general approach for ordering is to place orders using an SSL functions, then periodically request the list of all orders that have changed status during a specified time interval (for example, the last four hours) using the Service/Query function of GetModifiedOrders. This returns a list of all orders and detailed order information for orders that have changed status in the specified time interval. The status of all returned orders can then be updated locally and used as necessary. An alternative to querying for a set of modified orders within a time period is to specifically request the status of a specific order. In this case the ordering flow consists of the following operations: place an order, and then periodically check the status of the specific order (GetOrderByOrderID). Once the order has been completed, the fulfillment information is returned with the GetOrderByOrderID operation. This approach is less efficient, but might be more appropriate when there is a low volume of certificates being managed. 4.1 SSL functions Function Getting list of approver email addresses Getting list of approver email addresses and OrderID for DVOrder (DomainSSL and API Request GetApproverList GetDVApproverList GlobalSign API for Server Certificates V4.2 Page 5 of 67

AlphaSSL only) Order AlphaSSL or DomainSSL certificate with Approver Email validation Order AlphaSSL or DomainSSL certificate with MetaTag validation Order OrganizationSSL certificate Order ExtendedSSL certificate Changing certificate order status Resend Approver Emails for AlphaSSL & DomainSSL orders Place an order using the cert invite functionality Change the email address that the approval request is sent to for domain validated products Change the SubjectAltName in certificate. DVOrder URLVerification & URLVerificationForIssue OVOrder EVOrder ModifyOrder ResendEmail CertInviteOrder ChangeApproverEmail ChangeSubjectAltName 4.2 Service/Query functions Function Searching order information by Order ID Searching modified orders by modified date (from/to) Getting order list Searching orders by order date (from/to) Checking order parameter validity Decoding a CSR ReIssue Certificate Turn on/off Renewal notice Check upcoming expirations API GetOrderByOrderID GetModifiedOrders GetCertificateOrders GetOrderByDateRange ValidateOrderParameters DecodeCSR ReIssue ToggleRenewalNotice GetOrderByExpirationDate 4.3 Account functions Function To view account balance and recent usage Add deposit to a sub reseller account Query outstanding invoices Create a sub-reseller account API AccountSnapshot AddResellerDeposit QueryInvoices ResellerApplication 4.4 Delivery of Issued Certificates by Email Issued Certificates can be delivered directly to the customer specified in the appropriate 4.1 Order functions. In the DVOrder / OVOrder / EVOrder Request specify the end customer and their email address in the <ContactInfo> field. GlobalSign API for Server Certificates V4.2 Page 6 of 67

Note: to directly email the end customer your account must be configured on a specific template group. Contact your Account Manager or Tech Implementation Contact to arrange. 5. API URL s 5.1 GlobalSign URL The following URL s should be used to access the GlobalSign live API: SSL Functions: Service/Query: Account: Subscriber Agreement: https://system.globalsign.com/kb/ws/v1/serversslservice https://system.globalsign.com/kb/ws/v1/gasservice https://system.globalsign.com/kb/ws/v1/accountservice https://system.globalsign.com/qb/ws/gasquery 5.2 Test account URLs The following URLs* should be used to access the GlobalSign Test API: SSL Functions: Service/Query: Account: Subscriber Agreement: https://testsystem.globalsign.com/kb/ws/v1/serversslservice https://testsystem.globalsign.com/kb/ws/v1/gasservice https://testsystem.globalsign.com/kb/ws/v1/accountservice N/A *Test system accounts are available to API customers upon request 6. WSDL files 6.1 GlobalSign URL GlobalSign s WSDL files are available from: SSL Functions: Service/Query: Account: Subscriber Agreement: https://system.globalsign.com/kb/ws/v1/serversslservice?wsdl https://system.globalsign.com/kb/ws/v1/gasservice?wsdl https://system.globalsign.com/kb/ws/v1/accountservice?wsdl https://system.globalsign.com/qb/ws/gasquery?wsdl 6.2 Test account URLs Test account WSDL files are available from: SSL Functions: Service/Query: Account: https://testsystem.globalsign.com/kb/ws/v1/serversslservice?wsdl https://testsystem.globalsign.com/kb/ws/v1/gasservice?wsdl https://testsystem.globalsign.com/kb/ws/v1/accountservice?wsdl *Test system accounts are available to API customers upon request GlobalSign API for Server Certificates V4.2 Page 7 of 67

7. Ordering DomainSSL & AlphaSSL certificates Optional - Obtain Common Name from the CSR and the Phishing DB check (1) GSValidateOrderParameters Request GSValidateOrderParameters Response Obtain the list of approver e-mail address and OrderID using Common name. (2) GetDVApproverList Request GetDVApproverList Response Order DomainSSL certificate using Order ID and selected approver e- mail address. (3) DVOrder Request DVOrder Response Sending approver e-mail (Out of API) Approve (Out of API) 1. Parsing CSR and Phishing check 2. Getting list of approver emails and order id for DVOrder 3. Submit order 4. Sending approver email 5. Approve or deny order GlobalSign API for Server Certificates V4.2 Page 8 of 67

7.1 Extract Common Name from the CSR and Perform Phishing DB Check ValidateOrderParameters Request <ValidateOrderParameters xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> DV,DV_LOW, OV,EV (<BaseOption>)? wildcard,globalip <OrderKind> new,renewal,transfer <Licenses> 3 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<CSR>)? 4000 String (<RenewalTargetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> <FQDN> 255 String (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain SAN option <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </ValidateOrderParameters> ValidateOrderParameters Response <ValidateOrderParameters xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> (<Price>)? 10 (<Currency>)? 10 (<ValidityPeriod> <Months> 4 GlobalSign API for Server Certificates V4.2 Page 9 of 67

(<NotBefore>)? (<NotAfter>)? </ValidityPeriod>)? (<ParsedCSR> <Subject> <DomainName> <Country> <Email> <Locality> <Organization> <OrganizationUnit> <State> <IsValidDomainName> </ParsedCSR>)? </Response> </ValidateOrderParameters> If the response includes a success code of 0, then the request procedure can continue. A success code of 1 will result in an Error code represented in the Result code box below, normally this will not stop the order however it may delay the issuance of the certificate. A success code of -1 indicates an issue with the request and the request procedure will fail. Consultation of the error codes will give the reason for this failure. 7.2 Receive List of Approver email addresses The details from the ValidateOrderParameters Response can now be used to continue with the request. The next step involves receiving the list of approver email addresses and an OrderID to complete the order of the certificate. GetDVApproverList Request <GetDVApproverList xmlns="http://stub.query.gasapiserver.esp.globalsign.com"> <Request> <QueryRequestHeader> <AuthToken> <UserName> 30 <Password> 30 </AuthToken> </QueryRequestHeader> <FQDN> 255 String* </Request> </GetDVApproverList> *FQDN is the CommonName from previous response GetDVApproverList Response <GetDVApproverList xmlns="http://stub.query.gasapiserver.esp.globalsign.com"> <Response> <QueryResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> <ReturnCount> 5 </QueryResponseHeader> (<Approvers> (<Approver> <ApproverType> 10 String Domain or Generic <ApproverEmail> 255 </Approver>)+ </Approvers>)? GlobalSign API for Server Certificates V4.2 Page 10 of 67

<OrderID>? 50 String </Response> </GetDVApproverList> This response will contain a success code, a list of approver contact details for the end user to choose from and an OrderID for continuing with the order. If the success code is -1, the request procedure will stop and the error code will have to be consulted. 7.3 Ordering a DomainSSL or AlphaSSL Certificate The final step in the order process is carried out using the information from GetDVApproverList together with the CSR and the user details of the requestor. DVOrder Request <DVOrder xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> DV, DV_LOW (<BaseOption>)? wildcard <OrderKind> new,renewal,transfer <Licenses> 1-99 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> <CSR> 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SubID>)? 50 String <OrderID> 50 String <ApproverEmail> 255 String <ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String <Email> 255 String </ContactInfo> <SecondContactInfo> <FirstName> 100 String <LastName> 100 String <Email> 255 String </SecondContactInfo> (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain option <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? GlobalSign API for Server Certificates V4.2 Page 11 of 67

</Request> </DVOrder> DVOrder Response <DVOrder xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String <!- Error empty message --> </Response> </DVOrder> If the response contains a success code of 0, GlobalSign will send out an email to the ApprovalEmail contact. After the contact has given his permission for the certificate to be issued, the certificate will be issued and the certificate sent via email to the reseller for forwarding to the end user. 7.4 Ordering DomainSSL or AlphaSSL Using URLVerification (Meta-tag) Using the following methods will allow you to order and approve DomainSSL and AlphaSSL certificates by using a metatag for verification instead of the approver email method. After the order is placed, the API response will contain a meta tag which needs to be placed in the index of the domain that is being secured. Partner API Server Outside of API: Partner / End user installs MetaTag in the <head> of the index of the domain being secured 1 2 Creates new Order with URLVerification Return Metatag Requests that SANs MetaTags are checked with the URLVerificationForIssue Request 3 Upon Success Returns Certificate with Verified SANs included 4 Outside of API: GlobalSign crawler verifies metatag GlobalSign API for Server Certificates V4.2 Page 12 of 67

URLVerification Order Request <URLVerification xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> DV_HIGH_URL, DV_LOW_URL (<BaseOption>)? wildcard <OrderKind> new,renewal,transfer <Licenses> 1-99 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> <CSR> 4000 String (<RenewalTargetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SubID>)? 50 String <OrderID> 50 String <ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String <Email> 255 String </ContactInfo> <SecondContactInfo> <FirstName> 100 String <LastName> 100 String <Email> 255 String </SecondContactInfo> (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain option <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </URLVerification> URLVerification Order Response The response contains both the metatag and a list of allowable domains on which we can verify the FQDN with. The metatag needs to be place on the index of the domain. <URLVerificationResponse xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> GlobalSign API for Server Certificates V4.2 Page 13 of 67

<OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String <!- Error empty message --> <Metatag>? 50 String <!- Error empty message --> <VerificationURLList> <VerificationURL> 1000 String <VerificationURLList> </Response> </ URLVerificationResponse> URL Verification for Issue Request After placing the metatag on one of the allowable domains, the following request is used to have our crawler verify the metatag. <ns2: URLVerificationForIssue xmlns:ns2="https://system.globalsign.com/bb/ws/"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderID> <ApproverURL> 64 String </Request> </ URLVerificationForIssue > URL Verification for Issue Response <UrlVerificationForIssue> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> (<UrlVerificationForIssue> (<CertificateInfo> <CertificateStatus> 5 <StartDate> <EndDate> <CommonName> 64 String <SerialNumber> 64 String <SubjectName> 3000 String (<DNSNames>)? 300 String </CertficateInfo>)? (<Fulfillment> (<CACertificates> (<CACertificate> <CACertType> Root, Inter <CACert> 4000 String </CACertificate>)+ </CACertificates>)? (<ServerCertificate> <X509Cert> 4000 String GlobalSign API for Server Certificates V4.2 Page 14 of 67

<PKCS7Cert> 4000 String </ServerCertificate>)? </Fulfillment>)? </UrlVerificationForIssue>)? </Response> </UrlVerificationForIssue> 8. Ordering OrganizationSSL Certificates Obtaining Common Name from the CSR and the Phishing DB check (1) ValidateOrderParameters Request ValidateOrderParameters Response Order OrganizationSSL certificate (2) OVOrder Request OVOrder Response 1. Parsing CSR and Phishing check 2. Submit order 8.1 OrganizationSSL Certificate Request Extracting Common Name from the CSR and carrying out a Phishing db Check ValidateOrderParameters Request <ValidateOrderParameters xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> OV (<BaseOption>)? wildcard <OrderKind> new,renewal,transfer <Licenses> 3 (<Options> (<Option> GlobalSign API for Server Certificates V4.2 Page 15 of 67

<OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<CSR>)? 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> <FQDN> 255 String (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </ValidateOrderParameters > ValidateOrderParameters Response <ValidateOrderParameters xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> (<Price>)? 10 (<Currency>)? 10 (<ValidityPeriod> <Months> 4 (<NotBefore>)? (<NotAfter>)? </ValidityPeriod>)? (<ParsedCSR> <Subject> <DomainName> <Country> <Email> <Locality> <Organization> <OrganizationUnit> <State> <IsValidDomainName> </ParsedCSR>)? </Response> </ValidateOrderParameters > GlobalSign API for Server Certificates V4.2 Page 16 of 67

8.2 Ordering the OrganizationSSL Certificate OVOrder Request <OVOrder xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> OV, TEST_OV (<BaseOption>)? wildcard, globalip <OrderKind> new,renewal,transfer <Licenses> 1-99 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> <CSR> 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SubID>)? 50 String <OrganizationInfo> <OrganizationName> 255 String (<CreditAgency>)? 1:DUNS, 2:TDB (<OrganizationCode>)? 50 String <OrganizationAddress> <AddressLine1> 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String <Region> 255 String <PostalCode> 20 String <Country> 30 String <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfo> <ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String <Email> 255 String </ContactInfo> (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option <SubjectAltName> 4000 String (<ModifyOperation>)? ADDITION, UNCHANGED, DELETE </SANEntry>)+ </SANEntries>)? GlobalSign API for Server Certificates V4.2 Page 17 of 67

</Request> </OVOrder> OVOrder Response <OVOrder xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String <!- Error empty message --> </Response> </OVOrder> 9. Ordering ExtendedSSL Certificates (1) GSValidateOrderParameters Request Obtaining Common Name from the CSR and the Phishing DB check GSValidateOrderParameters Response (2) EVOrder Request Order ExtendedSSL certificate EVOrder Response 1. Parsing CSR and Phishing check 2. Request an order 9.1 ExtendedSSL Certificate Request ValidateOrderParameters Request <ValidateOrderParameters xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String GlobalSign API for Server Certificates V4.2 Page 18 of 67

<Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> EV (<BaseOption>)? wildcard,globalip <OrderKind> new,renewal,transfer <Licenses> 3 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<CSR>)? 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> <FQDN> 255 String (<SANEntries> (<SANEntry> <SANOptionType> <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </ValidateOrderParameters > 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option ValidateOrderParameters Response <ValidateOrderParameters xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> (<Price>)? 10 (<Currency>)? 10 (<ValidityPeriod> <Months> 4 (<NotBefore>)? (<NotAfter>)? </ValidityPeriod>)? (<ParsedCSR> <Subject> <DomainName> <Country> <Email> <Locality> GlobalSign API for Server Certificates V4.2 Page 19 of 67

<Organization> <OrganizationUnit> <State> <IsValidDomainName> </ParsedCSR>)? </Response> </ValidateOrderParameters > 9.2 Ordering the ExtendedSSL Certificate EVOrder Request <EVOrder xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> EV (<BaseOption>)? wildcard,globalip <OrderKind> new,renewal,transfer <Licenses> 1-99 (<Options> (<Option> <OptionName> VPC: ValidityPeriodCustomizeOption SAN: SANOption <OptionValue> true,false </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> <CSR> 4000 String (<RenewalTergetOrderID)? 50 String (<TargetCERT>)? 4000 String (<SpecialInstructions>)? 4000 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SubID>)? 50 String <OrganizationInfoEV> (<CreditAgency>)? 1:DUNS, 2:TDB (<OrganizationCode>)? 50 String (<BusinessAssumedName>)? 255 String <BusinessCategoryCode> PO:Private Organization GE:Government Entity BE:BusinessEntity <OrganizationAddress> <AddressLine1> 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String <Region> 255 String <PostalCode> 20 String <Country> 30 String ISO 3166-1 <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfoEV> <RequestorInfo> <FirstName> 100 String <LastName> 100 String (<Function>)? 255 String <OrganizationName> 255 String GlobalSign API for Server Certificates V4.2 Page 20 of 67

(<OrganizationUnit>)? 100 String <Phone> 30 String <Email> 255 String </RequestorInfo> <ApproverInfo> <FirstName> 100 String <LastName> 100 String (<Function>)? 255 String <OrganizationName> 255 String (<OrganizationUnit>)? 100 String <Phone> 30 String <Email> 255 String </ApproverInfo> <AuthorizedSignerInfo> <OrganizationName> 255 String <FirstName> 100 String <LastName> 100 String (<Function>)? 255 String <Phone> 30 String <Email> 255 String </AuthorizedSignerInfo> <JurisdictionInfo> <Country> 30 String ISO 3166-1 <StateOrProvince> 255 String <Locality> 200 String <IncorporatingAgencyRegistrationNumber> 100 String </JurisdictionInfo> <ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String <Email> 255 String </ContactInfo> (<SANEntries> (<SANEntry> <SANOptionType> <SubjectAltName> 4000 String (<ModifyOperation>)? <!- N/A --> </SANEntry>)+ </SANEntries>)? </Request> </EVOrder> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option EVOrder Response <EVOrder xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> 25 </OrderResponseHeader> <OrderID>? 50 String <!- Error empty message --> </Response> </EVOrder> GlobalSign API for Server Certificates V4.2 Page 21 of 67

10. General SSL Functions 10.1 Changing the SubjectAltName in certificate DomainSSL Set the Common Name and get approver email list and OrderId (1) GetDVApproverList Request GetDVApproverList Response Order ChangeSubjectAltName using OrderID and selected approver email address (2) ChangeSubjectAltName Request ChangeSubjectAltName Response 1. Getting list of approver email and OrderID for ChangeSubjectAltName(with Phishing check) 2. Request an SAN Order 3. Sending approver email 4. Approve or deny order OrganizationalSSL, Extended SSL Set SubjectAltName information and order certificate (1) ChangeSubjectAltName Request ChangeSubjectAltName Response GlobalSign API for Server Certificates V4.2 Page 22 of 67

10.2 Change SubjectAltName Use the ChangeSubjectAltName API to change (add or delete) SubjectAltName(s) of issued certificate. <SANEntries> parameters should be set as how SubjectAltName(s) would be after this change. GetDVApproverList API should be requested beforehand for DomainSSL. New certificate with requested SubjectAltName will be issued after the vetting is completed and be able to get using Query APIs. ChangeSubjectAltName Request <ChangeSubjectAltName xmlns=" http://stub.order.gasapiserver.esp.globalsign.com "> <Request> <OrderRequestHeader> <AuthToken> <UserName> <Password> </AuthToken> </OrderRequestHeader> (<OrderID>)? 50 String <TargetOrderID> 50 String (<ApproverEmail>)? (<SANEntries> (<SANEntryArray> <SANOptionType> <SubjectAltName> 64 String </SANEntryArray>)+ </SANEntries>)? <PIN>? String </Request> </ChangeSubjectAltName> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option ChangeSubjectAltName Response <ChangeSubjectAltName xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String (<TargetOrderID>)? 50 String </Response> </ChangeSubjectAltName> 10.3 Create Cert-Invites (CertInviteOrder) Request which allows the ordering and creation of Cert-Invites. CertInviteOrder Request <CertInviteOrder > <Request> GlobalSign API for Server Certificates V4.2 Page 23 of 67

<OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderRequestParameter> <ProductCode> DV_LOW, DV,OV,EV (<BaseOption>)? Wildcard <OrderKind> new,renewal,transfer (<Options> (<Option> <OptionName> EXP: ExpressOption INS: InsuranceOption GSS: GSSupportOption REX: RenewalExtentionOption VPC: ValidityPeriodCustomizeOption SAN: SANOption true,false <OptionValue> </Option>)+ <Options>)? <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<RenewalTergetOrderID)? 50 String (<Coupon>)? 50 String (<Campaign>)? 50 String </OrderRequestParameter> (<SANEntries> (<SANEntry> <SANOptionType> 1:UC cert option 2:Subdomain SAN option 3:GIP SAN option 4:Internal SAN option 7:FQDN SAN option </SANEntry>)+ </SANEntries>)? <CertInviteExpirationDate> 25 <RecipientDeliveryOption> true,false <CertInviteRecipientEmail> 255 String </Request> </ CertInviteOrder > CertInviteOrder Response <CertInviteOrder> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <PIN> 255 String </Response> </CertInviteOrder> GlobalSign API for Server Certificates V4.2 Page 24 of 67

10.4 Change Approver Email (ChangeApproverEmail) A request which allows the API user to change the approver email for the order. When request is submitted a new approval request will be sent to the approver email provided. The user may optionally use a get approver list request before submitting the change approver email request. ChangeApproverEmail Request <ChangeApproverEmail > <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </OrderRequestHeader> <OrderID> 50 String <ApproverEmail> 255 String <FQDN> 255 String </Request> </ChangeApproverEmail > ChangeApproverEmail Response <ChangeApproverEmail> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String </Response> </ChangeApproverEmail > 10.5 Re-Send Approver Email (ResendEmail) If the user did not receive or lost his Approver Email message you can use the ResendEmail API to resend this email. ResendEmail Request <ResendEmail xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request> <OrderRequestHeader> <AuthToken> <UserName> 30 <Password> 30 </AuthToken> </OrderRequestHeader> <OrderID> 50 String <ResendEmailType> 20 String APPROVEREMAIL GlobalSign API for Server Certificates V4.2 Page 25 of 67

</Request> </ResendEmail > ResendEmail Response <ResendEmail xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String </Response> </ResendEmail> 10.6 Modify Existing Order (ModifyOrder) Using the ModifyOrder API you can Approve, Cancel or Revoke a Certificate or Certificate Request by using the OrderID of the Order. ModifyOrder Request <ModifyOrder xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Request > <OrderRequestHeader> <AuthToken> <UserName> <Password> </AuthToken> </OrderRequestHeader> <OrderID> 50 String <ModifyOrderOperation> APPROVE,CANCEL,REVOKE </Request > </ModifyOrder> ModifyOrder Response <ModifyOrder xmlns="http://stub.order.gasapiserver.esp.globalsign.com"> <Response> <OrderResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 (<ErrorField>)? 1000 String <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> </OrderResponseHeader> <OrderID>? 50 String </Response> </ModifyOrder> GlobalSign API for Server Certificates V4.2 Page 26 of 67

11. Service & Query API Calls 11.1 Get issued certificate Single Certificate (GetOrderByOrderID) GetOrderByOrderID Request <GetOrderByOrderID xmlns="http://stub.query.gasapiserver.esp.globalsign.com"> <Request> <QueryRequestHeader> <AuthToken> <UserName> 30 String <Password> 30 String </AuthToken> </QueryRequestHeader> <OrderID> 50 String (<OrderQueryOption> (<OrderStatus>)? <!- N/A --> (<ReturnOrderOption>)? 5 String true, false (<ReturnCertificateInfo>)? 5 String true, false (<ReturnFulfillment>)? 5 String true, false (<ReturnCACerts>)? 5 String ReturnFulfillment true </OrderQueryOption>)? </Request> </GetOrderByOrderID> GetOrderByOrderID Response GetOrderByOrderID xmlns="http://stub.query.gasapiserver.esp.globalsign.com"> <Response> <QueryResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> 25 <ReturnCount> 5 </QueryResponseHeader> <OrderID>? 50 String (<Pkcs12File>)? 4000 String (<OrderDetail> <OrderInfo> <OrderID> 50 String <ProductCode> 20 String (<BaseOption>)? 20 String <OrderKind> 10 String <Licenses> 3 (<ExpressOption>)? 5 String (<ValidityPeriodCustomizeOption>)? 5 String (<InsuranceOption>)? 5 String (<GSSupportOption>)? 5 String (<RenewalExtentionOption>)? 5 String <DomainName> 255 String <OrderDate> 25 (<OrderCompleteDate>)? 25 (<OrderCanceledDate>)? 25 (<OrderDeactivatedDate>)? 25 <OrderStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 5: Cancelled - Issued 6: Waiting for revocation 7: Revoked <Price> 10 <Currency> 10 String GlobalSign API for Server Certificates V4.2 Page 27 of 67

<ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<SpecialInstructions>)? 4000 String </OrderInfo> <OrderSubInfo> <CSRSkipOrderFlag> 5 String true,false <DNSOrderFlag> 5 String true,false <TrustedOrderFlag> 5 String true,false (<P12DeleteStatus>)? 5 (<P12DeleteDate>)? 25 (<VerificationUrl>)? 300 String <SubId> 50 String </OrderSubInfo> (<OrderOption> <ApproverNotifiedDate>? 25 <ApproverConfirmDate>? 25 <ApproverEmailAddress>? 255 String <OrganizationInfo> <OrganizationName> 255 String (<CreditAgency>)? 50 String (<OrganizationCode>)? 50 String (<BusinessAssumedName>)? 255 String (<BusinessCategoryCode>)? 20 String <OrganizationAddress> <AddressLine1> 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String <Region> 255 String <PostalCode> 20 String <Country> 30 String <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfo> (<RequestorInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String <OrganizationUnit> 100 String <Phone> 30 String <Email> 255 String </RequestorInfo>)? (<ApproverInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String (<OrganizationUnit>)? 100 String <Phone> 30 String <Email> 255 String </ApproverInfo>)? (<AuthorizedSignerInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <Phone> 30 String <Email> 255 String </AuthorizedSignerInfo>)? (<JurisdictionInfo> <Country> 30 String <StateOrProvince> 255 String <Locality> 200 String <IncorporatingAgencyRegistrationNumber> 100 String </JurisdictionInfo>)? (<ContactInfo> <FirstName> 100 String GlobalSign API for Server Certificates V4.2 Page 28 of 67

<LastName> 100 String <Phone> 30 String <Email> 255 String </ContactInfo>)? </OrderOption>)? (<CertificateInfo> <CertificateStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 6: Waiting for revocation 7: Revoked <StartDate> 25 <EndDate> 25 <CommonName> 64 String <SerialNumber> 64 String <SubjectName> 3000 String (<DNSNames>)? 300 String </CertificateInfo>)? (<Fulfillment> (<CACertificates> (<CACertificate> <CACertType> 15 String Root,Inter <CACert> 4000 String </CACertificate>)+ </CACertificates>)? (<ServerCertificate> <X509Cert> 4000 String <PKCS7Cert> 4000 String </ServerCertificate>)? </Fulfillment>)? <ModificationEvents> (<ModificationEvent> <ModificationEventName> 5 <ModificationEventTimestamp>25 </ModificationEvent>)+ </ModificationEvents>? </OrderDetail>)? </Response> </GetOrderByOrderID> 11.2 Query API to get issued certificate - Multiple Orders (GetOrderByDateRange) GetOrderByDateRange Request <GetOrderByDateRange xmlns="http://stub.query.gasapiserver.esp.globalsign.com"> <Request> <QueryRequestHeader> <AuthToken> <UserName> 30 <Password> 30 </AuthToken> </QueryRequestHeader> <FromDate> <ToDate> (<OrderQueryOption> (<OrderStatus>)? 5 String true, false (<ReturnOrderOption>)? 5 String true, false (<ReturnCertificateInfo>)? 5 String true, false (<ReturnFulfillment>)? 5 String true, false (<ReturnCACerts>)? 5 String </OrderQueryOption>)? </Request> </GetOrderByDataRange> GetOrderByDateRange Response <GetOrderByDateRange xmlns="http://stub.query.gasapiserver.esp.globalsign.com"> <Response> GlobalSign API for Server Certificates V4.2 Page 29 of 67

<QueryResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> 25 <ReturnCount> 5 </QueryResponseHeader> <FromDate>? 25 <ToDate>? 25 (<OrderDetails> (<OrderDetail> <OrderInfo> <OrderID> 50 String <ProductCode> 20 String (<BaseOption>)? 20 String <OrderKind> 10 String <Licenses> 3 (<ExpressOption>)? 5 String (<ValidityPeriodCustomizeOption>)?5 String (<InsuranceOption>)? 5 String (<GSSupportOption>)? 5 String (<RenewalExtentionOption>)?5 String <DomainName> 255 String <OrderDate> 25 (<OrderCompleteDate>)? 25 (<OrderCanceledDate>)? 25 (<OrderDeactivatedDate>)? 25 <OrderStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 5: Cancelled - Issued 6: Waiting for revocation 7: Revoked <Price> 10 <Currency> 10 String <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<SpecialInstructions>)? 4000 String </OrderInfo> <OrderSubInfo> <CSRSkipOrderFlag> 5 String true,false <DNSOrderFlag> 5 String true,false <TrustedOrderFlag> 5 String true,false (<P12DeleteStatus>)? 5 (<P12DeleteDate>)? 25 (<VerificationUrl>)? 300 String <SubId> 50 String </OrderSubInfo> (<OrderOption> <ApproverNotifiedDate>? 25 <ApproverConfirmDate>? 25 <ApproverEmailAddress>? 255 String <OrganizationInfo> <OrganizationName> 255 String (<CreditAgency>)? 50 String (<OrganizationCode>)? 50 String (<BusinessAssumedName>)? 255 String (<BusinessCategoryCode>)? 20 String <OrganizationAddress> (<AddressLine1>)? 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String GlobalSign API for Server Certificates V4.2 Page 30 of 67

<Region> 255 String (<PostalCode>)? 20 String <Country> 30 String <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfo> (<RequestorInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String <OrganizationUnit> 100 String <Phone> 30 String <Email> 255 String </RequestorInfo>)? (<ApproverInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String (<OrganizationUnit>)? 100 String <Phone> 30 String <Email> 255 String </ApproverInfo>)? (<AuthorizedSignerInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <Phone> 30 String <Email> 255 String </AuthorizedSignerInfo>)? (<JurisdictionInfo> <Country> 30 String <StateOrProvince> 255 String <Locality> 200 String <IncorporatingAgencyRegistrationNumber>100 String </JurisdictionInfo>)? (<ContactInfo> <FirstName> 100 String <LastName> 100 String <Phone> 30 String <Email> 255 String </ContactInfo>)? </OrderOption>)? (<CertificateInfo> <CertificateStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 6: Waiting for revocation 7: Revoked <StartDate> 25 <EndDate> 25 <CommonName> 64 String <SerialNumber> 64 String <SubjectName> 3000 String (<DNSNames>)? 300 String </CertificateInfo>)? (<Fulfillment> (<CACertificates> (<CACertificate> <CACertType> 15 String Root,Inter <CACert> 4000 String </CACertificate>)+ </CACertificates>)? (<ServerCertificate> <X509Cert> 4000 String <PKCS7Cert> 4000 String </ServerCertificate>)? </Fulfillment>)? GlobalSign API for Server Certificates V4.2 Page 31 of 67

<ModificationEvents> (<ModificationEvent> <ModificationEventName> 5 <ModificationEventTimestamp>25 </ModificationEvent>)+ </ModificationEvents>? </OrderDetail>)+ </OrderDetails>)? </Response> </GetOrderByDataRange> 11.3 Query API to Get Recently Modified Orders (GetModifiedOrders) As mentioned above the GetModifiedOrders API will return a list of orders modified within a specified time frame. GetModifiedOrders Request <GetModifiedOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com"> <Request> <QueryRequestHeader> <AuthToken> <UserName> <Password> </AuthToken> </QueryRequestHeader> <FromDate> <ToDate> (<OrderQueryOption> (<OrderStatus>)? 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 5: Cancelled - Issued 6: Waiting for revocation 7: Revoked (<ReturnOrderOption>)? true,false (<ReturnCertificateInfo>)? true,false (<ReturnFulfillment>)? true,false (<ReturnCACerts>)? true,false </OrderQueryOption>)? </Request> </GetModifiedOrders> GetModifiedOrders Response <GetModifiedOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com"> <Response> <QueryResponseHeader> <SuccessCode> 2 (<Errors> (<Error> <ErrorCode> 5 <ErrorMessage> 1000 String </Error>)+ </Errors>)? <Timestamp> 25 <ReturnCount> 5 </QueryResponseHeader> <FromDate>? 25 <ToDate>? 25 (<OrderDetails> (<OrderDetail> <OrderInfo> <OrderID> 50 String <ProductCode> 20 String GlobalSign API for Server Certificates V4.2 Page 32 of 67

(<BaseOption>)? 20 String <OrderKind> 10 String <Licenses> 3 (<ExpressOption>)? 5 String (<ValidityPeriodCustomizeOption>)?5 String (<InsuranceOption>)? 5 String (<GSSupportOption>)? 5 String (<RenewalExtentionOption>)?5 String <DomainName> 255 String <OrderDate> 25 (<OrderCompleteDate>)? 25 (<OrderCanceledDate>)? 25 (<OrderDeactivatedDate>)? 25 <OrderStatus> 5 1: INITIAL 2: Waiting for phishing check 3: Cancelled - Not Issued 4: Issue completed 5: Cancelled - Issued 6: Waiting for revocation 7: Revoked <Price> 10 <Currency> 10 String <ValidityPeriod> <Months> 4 (<NotBefore>)? 25 (<NotAfter>)? 25 </ValidityPeriod> (<SpecialInstructions>)? 4000 String </OrderInfo> <OrderSubInfo> <CSRSkipOrderFlag> 5 String true,false <DNSOrderFlag> 5 String true,false <TrustedOrderFlag> 5 String true,false (<P12DeleteStatus>)? 5 (<P12DeleteDate>)? 25 (<VerificationUrl>)? 300 String <SubId> 50 String </OrderSubInfo> (<OrderOption> <ApproverNotifiedDate>? 25 <ApproverConfirmDate>? 25 <ApproverEmailAddress>? 255 String <OrganizationInfo> <OrganizationName>255 String (<CreditAgency>)? 50 String (<OrganizationCode>)? 50 String (<BusinessAssumedName>)? 255 String (<BusinessCategoryCode>)? 20 String <OrganizationAddress> (<AddressLine1>)? 100 String (<AddressLine2>)? 100 String (<AddressLine3>)? 100 String <City> 200 String <Region> 255 String (<PostalCode>)? 20 String <Country> 30 String <Phone> 30 String (<Fax>)? 30 String </OrganizationAddress> </OrganizationInfo> (<RequestorInfo> <FirstName> 100 String <LastName> 100 String <Function> 255 String <OrganizationName> 255 String <OrganizationUnit> 100 String <Phone> 30 String <Email> 255 String </RequestorInfo>)? (<ApproverInfo> GlobalSign API for Server Certificates V4.2 Page 33 of 67

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback