View
14
Download
0
Category
Preview:
Citation preview
GlobalSign API for MSSL Certificates
Implementation Guide and Definitions Version 1.2
Version Release Notes Version 1.0.1 Changes
- Updated error codes
Version 1.0.2 Changes
- Workflow updates
Version 1.0.3 Changes
- Added Query functions
Version 1.0.4 Changes
- Added Domain and Profile status descriptions
Version 1.1 Changes
- Added AEG functionality
Version 1.2 Changes
- Updated “Reissue” Function for Hash Algorithm SHA-256, Section 15.6
Copyright © 2011-2014 GlobalSign, Inc. All rights reserved. GlobalSign, the GlobalSign logo and OneClickSSL are trademarks and registered trademarks of GlobalSign, Inc. or its affiliates in the United States and other countries. All other trademarks are the property of their respective owners.
GlobalSign API for MSSL Certificates v1.2 Page 2 of 47
Contents
1. Outline ................................................................................................................................... 4
2. SSL Product Type Explanations ........................................................................................ 4
3. Web Service Functions – Order & Query Workflow Overview ........................................ 5
3.1 Managed SSL Functions Functions ....................................................................... 5 3.2 Standard SSL Query functions ............................................................................... 5 3.3 Issued Certificates .................................................................................................. 6
4. API URL’s.............................................................................................................................. 6
4.1 GlobalSign URL ...................................................................................................... 6 4.2 Test Account URLs ................................................................................................ 6
5. WSDL Files ........................................................................................................................... 6
5.1 GlobalSign URL ...................................................................................................... 6 5.2 Test Account URLs ................................................................................................ 6
6. Ordering MSSL OrganizationSSL Certificates .................................................................. 7
6.1 Ordering an MSSL OrganizationSSL Certificate .................................................... 7 PVOrder Request ................................................................................................... 7 PVOrder Response ................................................................................................ 8
7. Ordering MSSL OrganizationSSL Certificates using AutoCSR ...................................... 9
Ordering an OrganizationSSL Certificate using AutoCSR ..................................... 9 PVOrderWithoutCSR Request ............................................................................... 9
PVOrderWithoutCSR Response .......................................................................... 10 8. Modify MSSL Order ........................................................................................................... 10
ModifyMSSLOrder Request ................................................................................. 10 ModifyMSSLOrder Response .............................................................................. 11
9. Add MSSL Profile ............................................................................................................... 11
AddMSSLProfile Request .................................................................................... 11 AddMSSLProfile Response .................................................................................. 12
10. Add MSSL Domain ............................................................................................................. 12
AddMSSLDomain Request .................................................................................. 12 AddMSSLDomain Response ............................................................................... 12
11. Update MSSL Profile ......................................................................................................... 12
UpdateMSSLProfile Request ............................................................................... 12 UpdateMSSLProfile Response ............................................................................ 13
12. Get MSSL Profiles .............................................................................................................. 13
GetMSSLProfile Request ..................................................................................... 13 GetMSSLProfile Response .................................................................................. 13
13. Get MSSL Domain List ...................................................................................................... 14
GetMSSLDomainList Request ............................................................................ 14 GetMSSLDomainList Response ......................................................................... 14
14. Modify MSSL Domain ........................................................................................................ 15
ModifyMSSLDomain Request ............................................................................. 15 ModifyMSSLDomain Response .......................................................................... 15
15. Query API Calls .................................................................................................................. 15
15.1 Get Issued Certificate – Single Certificate (GetOrderByOrderID) ........................ 15 15.2 Query API to get Issued Certificate - Multiple Orders (GetOrderByDateRange) . 18 15.3 Query API to Get Recently Modified Orders (GetModifiedOrders) ...................... 20 15.4 Query to Determine Upcoming Renewals (GetOrderByExpirationDate) ............. 23 15.5 Query API to Get Certificate Orders (GetCertificateOrders) ................................ 24 15.6 Query API to Reissue Certificates (ReIssue) ....................................................... 25 15.7 CSR Decoder and Error Checker (DecodeCSR) ................................................. 26 15.8 Turn Renewal Notice On/Off (ToggleRenewalNotice) ......................................... 27
16. Certificate Order Entry Parameters ................................................................................. 29
GlobalSign API for MSSL Certificates v1.2 Page 3 of 47
16.1 MSSL Profile and Domain ID’s ............................................................................. 29 16.2 Product Codes ...................................................................................................... 29 16.3 Validity Period ...................................................................................................... 29 16.4 Date/Time Formatting ........................................................................................... 29 16.5 Setting Validity Period of the Certificate (by Not before/Not after date) ............... 29 16.6 Order Type ........................................................................................................... 30 16.7 Options ................................................................................................................. 30 16.8 Licenses ............................................................................................................... 30 16.9 CreditAgency/OrganizationCode .......................................................................... 30 16.10 KeyLength ............................................................................................................ 30 16.11 OptionName ......................................................................................................... 31 16.12 Subject Alternative Names (SANs) Entry ............................................................. 31 16.13 Country ................................................................................................................. 31
17. Status Explanations .......................................................................................................... 34
17.1 Order/Certificate Status ........................................................................................ 34 17.2 ModificationEventName ....................................................................................... 35 17.3 MSSL Domain Status ........................................................................................... 35 17.4 MSSL Profile Status ............................................................................................. 36 17.5 ResendEmailType ................................................................................................ 36 17.6 Success / Error Codes ......................................................................................... 36
Client Error Codes ................................................................................................ 37 Server Error Codes .............................................................................................. 38
18. XML Field Definitions ........................................................................................................ 39
GlobalSign API for MSSL Certificates v1.2 Page 4 of 47
1. Outline
GlobalSign offers a Simple Object Access Protocol (SOAP) API for its partners and customers to directly order and manage certificates. Through this API, partners can perform functions such as ordering the different products, cancelling and fulfilling orders, and querying for order data.
The API is organized as two Web Services – ORDER and QUERY. The operations in the ORDER Web Service are focused around initiating and cancelling orders while the QUERY Web service is focused on checking status of orders, getting fulfillment information for orders, such as issued certificates, reports, and obtaining order details.
The API supports applications for SSL Certificates placed by customers using the SSL Managed service platform. Customers using the SSL Managed Service may use the API to place orders for certificates against the registered list of pre-vetted domains.
Typically an API user will retrieve issued certificates using the QUERY function and then use its own methods to install or communicate the certificate to the end customer. However the API also allows for orders to be emailed directly to end customers if desired.
2. SSL Product Type Explanations
OrganizationSSL:
OrganizationSSL is a feature rich high value organization validated certificate. When placing an OrganizationSSL order the applicant can either supply a CSR or request GlobalSign creates a CSR on the fly (AutoCSR). Certificates requested using AutoCSR are returned in a packaged PKCS#12 file containing both the Certificate file and private key. Certificates requested by supplying a customer generated CSR are returned as standard Certificate files.
To our partners these two products are known as OrganizationSSL and OrganizationSSL with Auto-CSR. Both of these product codes can be ordered as not only a standard and wildcard option, but also with certain SAN options. For the OrganizationSSL there are the following Subject Alternative Names options allowed:
Unified Communications support for owa, autodiscover and mail
Additional Subdomain support
Internal Hostname support
Public IP Address support
Additional Fully Qualified Domain Name support
These options can be added through both the OrganizationSSL product code, as well as the OrganizationSSL with Auto-CSR product code, in 1-5 year validity periods.
Note: the API product code specification OrganizationSSL is referenced as OV. The product code for applications using AutoCSR is referenced as OV_SKIP
Customers with SSL Managed Service accounts may obtain pre-vetted OrganizationSSL certificates by using the SSL Managed Service application calls.
Extended SSL:
ExtendedSSL is the product name for GlobalSign's Extended Validation (EV) SSL offering and is issued in strict adherence the published CA/B Forum EV SSL guidelines covering certificate profile format, vetting method and workflow. This product can be ordered as only a standard SSL Certificate with limited Subject Alternative Name support and does not support wildcard applications and globalip option, NOT as a wildcard option. This product can also work with all the SAN options. For the Extended SSL, the following SAN options allowed:
Unified Communications support for owa, autodiscover and mail
Additional Subdomain support
GlobalSign API for MSSL Certificates v1.2 Page 5 of 47
Additional Fully Qualified Domain Name support
This product can only be ordered in a 1-2 year validity period.
3. Web Service Functions – Order & Query Workflow Overview
Order processing for SSL Certificates and web identity products is asynchronous. For these types of orders an API client places an order and then later checks the server for the completed order. The specification document is split into two sections:
Managed SSL (MSSL) Functions: calls to place orders, modify or cancel orders, modify or query MSSL specific account information
Standard SSL Query Functions: calls needed to complete order calls, such as querying, and searching for complete orders (such as “getting” issued certificates)
The general approach for ordering is to place orders using an Order function, then periodically request the list of all orders that have changed status during a specified time interval (for example, the last four hours) using the Query function of “GetModifiedOrders”. This returns a list of all orders and detailed order information for orders that have changed status in the specified time interval. The status of all returned orders can then be updated locally and used as necessary.
An alternative to querying for a set of modified orders within a time period is to specifically request the status of a specific order. In this case the ordering flow consists of the following operations: place an order, and then periodically check the status of the specific order (GetOrderByOrderID). Once the order has been completed, the fulfillment information is returned with the GetOrderByOrderID operation. This approach is less efficient, but might be more appropriate when there is a low volume of certificates being managed.
3.1 Managed SSL Functions Functions
Function API Request
Get List of MSSL Profiles GetMSSLProfiles
Get List of MSSL Domains GetMSSLDomains
Order Pre-vetted SSL Certificate via SSL Managed Service account
GSPVOrder
Order Pre-vetted AutoCSR SSL Certificate via SSL Managed Service account
GSPVOrderWithoutCSR
Add domain to MSSL account AddMSSLDomain
Add profile to MSSL account AddMSSLProfile
Update existing MSSL Profile UpdateMSSLProfile
Modify Existing MSSL Order ModifyMSSLOrder
Modify Existing MSSL Domain ModifyMSSLDomain
3.2 Standard SSL Query functions
The following functions are not specific to MSSL, but are used across the range of SSL products.
Function API Request
Searching order information by Order ID
GetOrderByOrderID
Searching modified orders by modified date (from/to)
GetModifiedOrders
Getting order list GetCertificateOrders
Searching orders by order date (from/to)
GetOrderByDataRange
GlobalSign API for MSSL Certificates v1.2 Page 6 of 47
3.3 Issued Certificates
There are two methods for certificate delivery, either via the API or through email. Issued certificates can be delivered directly to the user specified in the appropriate Order functions. In the Order Requests, specify the end user who shall receive the certificate and their email address in the <ContactInfo> field.
4. API URL’s
4.1 GlobalSign URL
The following URL’s should be used to access the GlobalSign live API: MSSL: https://system.globalsign.com/kb/ws/v1/ManagedSSLService Query & General: https://system.globalsign.com/kb/ws/v1/GASService
4.2 Test Account URLs
The following URLs* should be used to access the GlobalSign Test API: MSSL: https://testsystem.globalsign.com/kb/ws/v1/ManagedSSLService
Query & General: https://testsystem.globalsign.com/kb/ws/v1/GASService
*Test system accounts are available to API customers upon request
5. WSDL Files
5.1 GlobalSign URL
GlobalSign’s WSDL files are available from:
MSSL: https://system.globalsign.com/kb/ws/v1/ManagedSSLService?wsdl Query & General: https://system.globalsign.com/kb/ws/v1/GASService?wsdl
5.2 Test Account URLs
Test account WSDL files are available from: MSSL: https://testsystem.globalsign.com/kb/ws/v1/ManagedSSLService?wsdl Query & General: https://testsystem.globalsign.com/kb/ws/v1/GASService?wsdl *Test system accounts are available to API customers upon request
GlobalSign API for MSSL Certificates v1.2 Page 7 of 47
6. Ordering MSSL OrganizationSSL Certificates
6.1 Ordering an MSSL OrganizationSSL Certificate
PVOrder Request
Input Type Size Req? Remarks
OrderRequestHeader Y
AuthToken Y
UserName String 30 Y
Password String 30 Y
OrderRequestParameter Y
ProductCode String Y "PV"
BaseOption -
OrderKind String Y New, Renewal, Transfer
Licenses
Options
Option +
OptionName
EXP: ExpressOption
INS: InsuranceOption
GSS: GSSupportOption
VPC: ValidityPeriodCustomizeOption,
SAN: SANOption
OptionValue Boolean true, false
ValidityPeriod Y
Months int 4 Y
NotBefore Date YYY-MM-DDTHH:MM:SS.000Z
NotAfter Date YYY-MM-DDTHH:MM:SS.000Z
CSR String 4000 Y
RenewalTargetOrderId String 50
TargetCert String 4000
SpecialIntructions String 4000
Coupon String 50
Campaign String 50
MssLProfileId String Y
MsslPDomainId String Y
SubId String 50
PVSealInfo String
AddressLine1 String 100
AddressLine2 String 100
AddressLine3 String 100
PostalCode String 20
Phone String 30
Fax String 30
ContactInfo
FirstName String 100 Y
Set order information and order
OrganizationSSL certificate PVOrder Response
(1) PVOrder Request
GlobalSign API for MSSL Certificates v1.2 Page 8 of 47
LastName String 100 Y
Phone String 30 Y
Email String 255 Y
SANEntries
SANEntry +
SANOptionType String
SANAltName String 4000 Y
ModifyOperations
PVOrder Response
Output Type Size Req? Remarks
OrderResponseHeader Y
SuccessCode int 2 Y
Errors N
Error Y
ErrorCode int 2 Y
ErrorField String 1000 N
ErrorMessage String 1000 Y
Timestamp DateTime Y YYYY-MM-DDTHH:MM:SS.000Z
GSPVOrderDetail N
CertificateInfo N
CertificateStatus int 5 Y
1: INITIAL,
2: Waiting for phishing check
3: Cancelled - not issued
4: Issue Completed
5: Cancelled - issued
6: Waiting for revocation
7: Revoked
StartDate Date Y YYYY-MM-DDTHH:MM:SS.000Z
EndDate Date Y YYYY-MM-DDTHH:MM:SS.000Z
CommonName String 64 Y
SerialNumber String 64 Y
SubjectName String 3000 Y
DNSNames String 300 N
Fulfillment N
CACerticates N
CACertificate Y
CACertType String Y Root, Inter
CACert String 4000 Y
ServerCertificate N
X509Cert String 4000 Y
PKCS7Cert String 4000 Y
GlobalSign API for MSSL Certificates v1.2 Page 9 of 47
7. Ordering MSSL OrganizationSSL Certificates using AutoCSR
Ordering an OrganizationSSL Certificate using AutoCSR
PVOrderWithoutCSR Request
Input Type Size Req? Remarks
OrderRequestHeader Y
AuthToken Y
UserName String 30 Y
Password String 30 Y
OrderRequestParameterWithoutCSR Y
ProductCode String Y PV_SKIP
BaseOption
OrderKind String Y New, Renewal, Transfer
Licenses
Options
Option +
OptionName
EXP: ExpressOption
INS: InsuranceOption
GSS: GSSupportOption
VPC:
ValidityPeriodCustomizeOption,
SAN: SANOption
OptionValue Boolean true, false
ValidityPeriod Y
Months int 4 Y
NotBefore Date YYYY-MM-DDTHH:MM:SS.000Z
NotAfter Date YYYY-MM-DDTHH:MM:SS.000Z
Pin String Y
KeyLength int Y 2048
RenewalTargetOrderId String 50
TargetCert String 4000
SpecialIntructions String 4000
Coupon String 50
Campaign String 50
MssLProfileID String Y
MsslPDomainID String Y
SubId String 50
PVSealInfo String
AddressLine1 String 100
Set order information and order
OrganizationSSL certificate PVOrderWithoutCSR Response
(1) PVOrderWithoutCSR Request
Retrieve Organization SSL
PKCS#12 Certificate GetOrderbyOrderID Response
(1) GetOrderbyOrderID Request
GlobalSign API for MSSL Certificates v1.2 Page 10 of 47
AddressLine2 String 100
AddressLine3 String 100
PostalCode String 20
Phone String 30
Fax String 30
OVCSRInfo Y
CommonName String Y
OrganizationUnit String
ContactInfo
FirstName String 100 Y
LastName String 100 Y
Phone String 30 Y
Email String 255 Y
SANEntries
SANEntry +
SANOptionType String
SANAltName String 4000
ModifyOperations
PVOrderWithoutCSR Response
Output Type Siz
e
Require
d Remarks
OrderResponseHeader Y
SuccessCode int 2 Y
Errors
Error Y
ErrorCode int 2 Y
ErrorField Strin
g
100
0
ErrorMessag
e
Strin
g
100
0 Y
Timestamp DateTime Y YYYY-MM-DDTHH:MM:SS.000Z
GSPVOrderDetai
l
CertificateInfo
CertificateStatus int 5 Y
1: INITIAL,
2: Waiting for phishing
check
3: Cancelled - not issued
4: Issue Completed
5: Cancelled - issued
6: Waiting for revocation
7: Revoked
StartDate Date Y YYYY-MM-DDTHH:MM:SS.000Z
EndDat
e Date Y YYYY-MM-DDTHH:MM:SS.000Z
CommonName Strin
g 64 Y
SerialNumber Strin
g 64 Y
SubjectName Strin
g
300
0 Y
DNSNames Strin
g 300
Fulfillment
CACerticates
CACertificate Y
Strin
g Y Root, Inter
Strin
g
400
0 Y
ServerCertificate
X509Cert Strin
g
400
0 Y
PKCS7Cert Strin
g
400
0 Y
8. Modify MSSL Order
ModifyMSSLOrder Request
GlobalSign API for MSSL Certificates v1.2 Page 11 of 47
Input Type Size Req?
OrderRequestHeader AuthToken UserName String 30 Y
Password String 30 Y
OrderID String 50 Y
ModifyOrderOperation String 64 Y
APPROVE
CANCEL
REVOKE
ModifyMSSLOrder Response
Output Type Size Req?
OrderResponseHeader Y
SuccessCode int 2 Y
Errors
Error Y
ErrorCode int 2 Y
ErrorField String 1000
ErrorMessage String 1000 Y
Timestamp DateTime Y
9. Add MSSL Profile
AddMSSLProfile Request
Input Type Size Req?
OrderRequestHeader AuthToken UserName String 30 Y
Password String 30 Y
VettingLevel String 2 Y
MSSLOVProfileInfo MSSLOVProfile Country String 2 Y
StateOrProvince String 255 Y
Locality String 255 Y
OrganisationUnit
OrganizationName
String
String
255
255
N
Y
OVSealInfo StreetAddress1 String 100 Y
StreetAddress2 String 100 Y
PostalCode String 20 Y
OtherAddressInfo String 100 Y
Telephone String 30 Y
Fax String 30 Y
BusinessOVInfo CreditAgency String 50 Y
OrganizationCode String 50
MSSLEVProfileInfo MSSLEVProfile OrganizationName String 255 Y
OrganisationUnit
BusinessCategory
String
String
255
20
N
Y
JurisdictionInfo JurisdictionCountry String 30 Y
JurisdictionState String 255 Y
JurisdictionLocality String 200 Y
IncorporationAgency
RegistrationNumber String 100 Y
BusinessPlaceInfo StreetAddress1 String 100 Y
StreetAddress2 String 100 Y
BusinessCategory String 20 N
City String 200 Y
StateOrProvince String 255 Y
PostalCode String 20 Y
CountryCode String 2 Y
Telephone String 30 Y
Fax String 30 N
BusinessEVInfo BusinessAssumedName String 255 Y
CreditAgency String 50 Y
OrganizationCode String 50
CertificateApprover OrganizationName String 255 Y
JobTitle String 255 Y
ContractSigner OrganizationName String 100 Y
Department String 100 Y
FirstName String 100 Y
LastName String 100 Y
GlobalSign API for MSSL Certificates v1.2 Page 12 of 47
JobTitle String 255 Y
Telephone String 30 Y
EmailAddress String 30 Y
AddMSSLProfile Response
Output Type Siz
e
Req
?
OrderResponseHeader Y
SuccessCod
e int 2 Y
Errors
Erro
r Y
ErrorCode int 2 Y
ErrorField Strin
g
100
0
ErrorMessag
e
Strin
g
100
0 Y
Timestamp DateTime Y YYYY-MM-
DDTHH:MM:SS.000Z
MSSLProfileI
D String 50
10. Add MSSL Domain
AddMSSLDomain Request
Input Type Size Req? Validation
OrderRequestHeader AuthToken UserName String 30 Y required, maxlength
Password String 30 Y required, maxlength
MSSLProfileID String 50 Y maxlength
DomainName String 64 Y maxlength, format
AddMSSLDomain Response
Output Type Size Req?
OrderResponseHeader Y
SuccessCode int 2 Y
Errors
Error Y
ErrorCode int 2 Y
ErrorField String 1000
ErrorMessage String 1000 Y
Timestamp DateTime Y YYYY-MM-
DDTHH:MM:SS.000Z
DomainName String 64 Y
11. Update MSSL Profile
UpdateMSSLProfile Request
Input Type Size Req? Validation
OrderRequestHeader Y
AuthToken Y
UserName String 30 Y required, maxlength
Password String 30 Y required, maxlength
MSSLProfielID String 50 Y required, maxlength
MSSLEVProfileInfo
MSSLEVProfile Y
OrganizationName String 255 Y required, maxlength
BusinessCategory String 20 Y required, maxlength,
enumiccontains
JurisdictionInfo Y
JurisdictionCountry String 30 Y required, maxlength,
enumiccontains
GlobalSign API for MSSL Certificates v1.2 Page 13 of 47
JurisdictionState String 255 maxlength
JurisdictionLocality String 200 maxlength
IncorporationAgencyRegistrationNumber String 100 Y required, maxlength
BusinessPlaceInfo Y
StreetAddress1 String 100 Y required, maxlength
StreetAddress2 String 100 maxlength
City String 200 Y required, maxlength
StateOrProvince String 255 Y required, maxlength
PostalCode String 20 Y required, maxlength, postalcode
CountryCode String 2 Y required, maxlength,
enumiccontains
Telephone String 30 Y required, maxlength, tel
Fax String 30 maxlength, tel
BusinessEVInfo Y
BusinessAssumedName String 255 maxlength
CreditAgency String 50 maxlength, enumcontains
OrganizationCode String 50 maxlength
CertificateApprover Y
OrganizationName String 255 Y required, maxlength
JobTitle String 255 maxlength
ContractSigner Y
OrganizationName String 255 Y required, maxlength
Department String 100 Y required, maxlength
FirstName String 100 Y required, maxlength
LastName String 100 Y required, maxlength
JobTitle String 255 Y required, maxlength
Telephone String 30 Y required, maxlength, tel
EmailAddress String 30 Y required, maxlength, email
UpdateMSSLProfile Response
Output Type Size Req?
OrderResponseHeader Y
SuccessCode int 2 Y
Errors
Error Y
ErrorCode int 2 Y
ErrorField String 1000
ErrorMessage String 1000 Y
Timestamp DateTime Y
MSSLProfileID String 50 X
12. Get MSSL Profiles
GetMSSLProfile Request
Input Type Size Req? Validation
OrderRequestHeader Y
AuthToken Y
UserName String 30 Y required, maxlength
Password String 30 Y required, maxlength
MSSLProfileID String 50 maxlength
VettingLevel String 2 Y maxlength, enumiccontains
MSSLProfileStatus String 5 maxlength, enumiccontains
GetMSSLProfile Response
OutPut Type Size Req?
SearchMSSLProfileDetails
SearchMSSLProfileDetail Y
MSSLProfielID String 50 Y
VettingLevel String 2 Y
MSSLPlofileStatus String 5
docsubmission_date Date 25
pvrecieve_date Date 25
hold_end_date Date 25
request_date Date 25 Y
MSSLOVProfileInfo
MSSLOVProfile Y
Country String 2 Y
GlobalSign API for MSSL Certificates v1.2 Page 14 of 47
StateOrProvince String 255 Y
Locality String 255 Y
OrganizationName String 255 Y
OVSealInfo Y
StreetAddress1 String 100
StreetAddress2 String 100
PostalCode String 20
OtherAddressInfo String 100
Telephone String 30
Fax String 30
BusinessOVInfo Y
CreditAgency String 50
OrganizationCode String 50
MSSLEVProfileInfo
MSSLEVProfile Y
OrganizationName String 255 Y
BusinessCategory String 20 Y
JurisdictionInfo Y
JurisdictionCountry String 30 Y
JurisdictionState String 255
JurisdictionLocality String 200
IncorporationAgencyRegistrationNumber String 100 Y
BusinessPlaceInfo Y
StreetAddress1 String 100 Y
StreetAddress2 String 100
BusinessCategory String 20 Y
City String 200 Y
StateOrProvince String 255 Y
PostalCode String 20 Y
CountryCode String 2 Y
Telephone String 30 Y
Fax String 30
BusinessEVInfo Y
BusinessAssumedName String 255
CreditAgency String 50
OrganizationCode String 50
CertificateApprover Y
OrganizationName String 255 Y
JobTitle String 255
ContractSigner Y
OrganizationName String 255 Y
Department String 100
FirstName String 100 Y
LastName String 100 Y
JobTitle String 255 Y
Telephone String 30 Y
EmailAddress String 30 Y
13. Get MSSL Domain List
GetMSSLDomainList Request
Input Type Size Req?
OrderRequestHeader Y
AuthToken Y
UserName String 30 Y
Password String 30 Y
MSSLProfileID String 50
MSSLDomainID String 50
MSSLDomainName String 64
MSSLPlofileStatus String 5
GetMSSLDomainList Response
Output Type Size Req?
SearchMSSLDomainDetails
SearchMSSLDomainDetail
MSSLDomainID String 50 Y
MSSLProfielID String 17 Y
MSSLDomainName String 64 Y
GlobalSign API for MSSL Certificates v1.2 Page 15 of 47
MSSLDomainStatus String
NotBefore String
NotAfter String
delete_date String
SearchMSSLDomainDetail
SearchMSSLDomainDetails
14. Modify MSSL Domain
ModifyMSSLDomain Request
Input Type Size Req?
OrderRequestHeader AuthToken UserName String 30 Y
Password String 30 Y
OrderID String 50 Y
MSSLDomainID String 64 Y
ModifyDomainOperation String 64 Y DELETE
ModifyMSSLDomain Response
Output Type Size Req?
OrderResponseHeader Y
SuccessCode int 2 Y
Errors
Error Y
ErrorCode int 2 Y
ErrorField String 1000
ErrorMessage String 1000 Y
Timestamp DateTime Y
15. Query API Calls
15.1 Get Issued Certificate – Single Certificate (GetOrderByOrderID)
GetOrderByOrderID Request
<GetOrderByOrderID xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Request>
<QueryRequestHeader>
<AuthToken>
<UserName> 30 String
<Password> 30 String
</AuthToken>
</QueryRequestHeader>
<OrderID> 50 String
(<OrderQueryOption>
(<OrderStatus>)? <!- N/A -->
(<ReturnOrderOption>)? 5 String true, false
(<ReturnCertificateInfo>)? 5 String true, false
(<ReturnFulfillment>)? 5 String true, false
(<ReturnCACerts>)? 5 String ReturnFulfillment
true
</OrderQueryOption>)?
</Request>
GlobalSign API for MSSL Certificates v1.2 Page 16 of 47
</GetOrderByOrderID>
GetOrderByOrderID Response
GetOrderByOrderID xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Response>
<QueryResponseHeader>
<SuccessCode> 2
(<Errors>
(<Error>
<ErrorCode> 5
<ErrorMessage> 1000 String
</Error>)+
</Errors>)?
<Timestamp> 25 YYYY-MM-DDTHH:MM:SS.000Z
<ReturnCount> 5
</QueryResponseHeader>
<OrderID>? 50 String
(<Pkcs12File>)? 4000 String
(<OrderDetail>
<OrderInfo>
<OrderID> 50 String
<ProductCode> 20 String
(<BaseOption>)? 20 String
<OrderKind> 10 String
<Licenses> 3
(<ExpressOption>)? 5 String
(<ValidityPeriodCustomizeOption>)? 5 String
(<InsuranceOption>)? 5 String
(<GSSupportOption>)? 5 String
(<RenewalExtentionOption>)? 5 String
<DomainName> 255 String
<OrderDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderCompleteDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderCanceledDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderDeactivatedDate>)? 25 YYYY-MM-
DDTHH:MM:SS.000Z
<OrderStatus> 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
5: Cancelled - Issued
6: Waiting for revocation
7: Revoked
<Price> 10
<Currency> 10 String
<ValidityPeriod>
<Months> 4
(<NotBefore>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<NotAfter>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
</ValidityPeriod>
(<SpecialInstructions>)? 4000 String
</OrderInfo>
<OrderSubInfo>
<CSRSkipOrderFlag> 5 String true,false
<DNSOrderFlag> 5 String true,false
<TrustedOrderFlag> 5 String true,false
(<P12DeleteStatus>)? 5
(<P12DeleteDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<VerificationUrl>)? 300 String
<SubId> 50 String
</OrderSubInfo>
(<OrderOption>
<ApproverNotifiedDate>? 25 YYYY-MM-
DDTHH:MM:SS.000Z
<ApproverConfirmDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z
<ApproverEmailAddress>? 255 String
<OrganizationInfo>
<OrganizationName> 255 String
(<CreditAgency>)? 50 String
GlobalSign API for MSSL Certificates v1.2 Page 17 of 47
(<OrganizationCode>)? 50 String
(<BusinessAssumedName>)? 255 String
(<BusinessCategoryCode>)? 20 String
<OrganizationAddress>
<AddressLine1> 100 String
(<AddressLine2>)? 100 String
(<AddressLine3>)? 100 String
<City> 200 String
<Region> 255 String
<PostalCode> 20 String
<Country> 30 String
<Phone> 30 String
(<Fax>)? 30 String
</OrganizationAddress>
</OrganizationInfo>
(<RequestorInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
<OrganizationName> 255 String
<OrganizationUnit> 100 String
<Phone> 30 String
<Email> 255 String
</RequestorInfo>)?
(<ApproverInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
<OrganizationName> 255 String
(<OrganizationUnit>)? 100 String
<Phone> 30 String
<Email> 255 String
</ApproverInfo>)?
(<AuthorizedSignerInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
<Phone> 30 String
<Email> 255 String
</AuthorizedSignerInfo>)?
(<JurisdictionInfo>
<Country> 30 String
<StateOrProvince> 255 String
<Locality> 200 String
<IncorporatingAgencyRegistrationNumber> 100 String
</JurisdictionInfo>)?
(<ContactInfo>
<FirstName> 100 String
<LastName> 100 String
<Phone> 30 String
<Email> 255 String
</ContactInfo>)?
</OrderOption>)?
(<CertificateInfo>
<CertificateStatus> 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
6: Waiting for revocation
7: Revoked
<StartDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
<EndDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
<CommonName> 64 String
<SerialNumber> 64 String
<SubjectName> 3000 String
(<DNSNames>)? 300 String
</CertificateInfo>)?
(<Fulfillment>
(<CACertificates>
(<CACertificate>
<CACertType> 15 String Root,Inter
GlobalSign API for MSSL Certificates v1.2 Page 18 of 47
<CACert> 4000 String
</CACertificate>)+
</CACertificates>)?
(<ServerCertificate>
<X509Cert> 4000 String
<PKCS7Cert> 4000 String
</ServerCertificate>)?
</Fulfillment>)?
<ModificationEvents>
(<ModificationEvent>
<ModificationEventName> 5
<ModificationEventTimestamp>25 YYYY-MM-
DDTHH:MM:SS.000Z
</ModificationEvent>)+
</ModificationEvents>?
</OrderDetail>)?
</Response>
</GetOrderByOrderID>
15.2 Query API to get Issued Certificate - Multiple Orders (GetOrderByDateRange)
GetOrderByDateRange Request
<GetOrderByDateRange xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Request>
<QueryRequestHeader>
<AuthToken>
<UserName> 30
<Password> 30
</AuthToken>
</QueryRequestHeader>
<FromDate> YYYY-MM-DDTHH:MM:SS.000Z
<ToDate> YYYY-MM-DDTHH:MM:SS.000Z
(<OrderQueryOption>
(<OrderStatus>)? 5 String true, false
(<ReturnOrderOption>)? 5 String true, false
(<ReturnCertificateInfo>)? 5 String true, false
(<ReturnFulfillment>)? 5 String true, false
(<ReturnCACerts>)? 5 String
</OrderQueryOption>)?
</Request>
</GetOrderByDataRange>
GetOrderByDateRange Response
<GetOrderByDateRange xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Response>
<QueryResponseHeader>
<SuccessCode> 2
(<Errors>
(<Error>
<ErrorCode> 5
<ErrorMessage> 1000 String
</Error>)+
</Errors>)?
<Timestamp> 25 YYYY-MM-DDTHH:MM:SS.000Z
<ReturnCount> 5
</QueryResponseHeader>
<FromDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z
<ToDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderDetails>
(<OrderDetail>
<OrderInfo>
<OrderID> 50 String
<ProductCode> 20 String
(<BaseOption>)? 20 String
<OrderKind> 10 String
<Licenses> 3
(<ExpressOption>)? 5 String
GlobalSign API for MSSL Certificates v1.2 Page 19 of 47
(<ValidityPeriodCustomizeOption>)?5 String
(<InsuranceOption>)? 5 String
(<GSSupportOption>)? 5 String
(<RenewalExtentionOption>)?5 String
<DomainName> 255 String
<OrderDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderCompleteDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderCanceledDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderDeactivatedDate>)? 25 YYYY-MM-
DDTHH:MM:SS.000Z
<OrderStatus> 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
5: Cancelled - Issued
6: Waiting for revocation
7: Revoked
<Price> 10
<Currency> 10 String
<ValidityPeriod>
<Months> 4
(<NotBefore>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<NotAfter>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
</ValidityPeriod>
(<SpecialInstructions>)? 4000 String
</OrderInfo>
<OrderSubInfo>
<CSRSkipOrderFlag> 5 String true,false
<DNSOrderFlag> 5 String true,false
<TrustedOrderFlag> 5 String true,false
(<P12DeleteStatus>)? 5
(<P12DeleteDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<VerificationUrl>)? 300 String
<SubId> 50 String
</OrderSubInfo>
(<OrderOption>
<ApproverNotifiedDate>? 25 YYYY-MM-
DDTHH:MM:SS.000Z
<ApproverConfirmDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z
<ApproverEmailAddress>? 255 String
<OrganizationInfo>
<OrganizationName> 255 String
(<CreditAgency>)? 50 String
(<OrganizationCode>)? 50 String
(<BusinessAssumedName>)? 255 String
(<BusinessCategoryCode>)? 20 String
<OrganizationAddress>
(<AddressLine1>)? 100 String
(<AddressLine2>)? 100 String
(<AddressLine3>)? 100 String
<City> 200 String
<Region> 255 String
(<PostalCode>)? 20 String
<Country> 30 String
<Phone> 30 String
(<Fax>)? 30 String
</OrganizationAddress>
</OrganizationInfo>
(<RequestorInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
<OrganizationName> 255 String
<OrganizationUnit> 100 String
<Phone> 30 String
<Email> 255 String
</RequestorInfo>)?
(<ApproverInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
GlobalSign API for MSSL Certificates v1.2 Page 20 of 47
<OrganizationName> 255 String
(<OrganizationUnit>)? 100 String
<Phone> 30 String
<Email> 255 String
</ApproverInfo>)?
(<AuthorizedSignerInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
<Phone> 30 String
<Email> 255 String
</AuthorizedSignerInfo>)?
(<JurisdictionInfo>
<Country> 30 String
<StateOrProvince> 255 String
<Locality> 200 String
<IncorporatingAgencyRegistrationNumber>100 String
</JurisdictionInfo>)?
(<ContactInfo>
<FirstName> 100 String
<LastName> 100 String
<Phone> 30 String
<Email> 255 String
</ContactInfo>)?
</OrderOption>)?
(<CertificateInfo>
<CertificateStatus> 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
6: Waiting for revocation
7: Revoked
<StartDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
<EndDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
<CommonName> 64 String
<SerialNumber> 64 String
<SubjectName> 3000 String
(<DNSNames>)? 300 String
</CertificateInfo>)?
(<Fulfillment>
(<CACertificates>
(<CACertificate>
<CACertType> 15 String Root,Inter
<CACert> 4000 String
</CACertificate>)+
</CACertificates>)?
(<ServerCertificate>
<X509Cert> 4000 String
<PKCS7Cert> 4000 String
</ServerCertificate>)?
</Fulfillment>)?
<ModificationEvents>
(<ModificationEvent>
<ModificationEventName> 5
<ModificationEventTimestamp>25 YYYY-MM-
DDTHH:MM:SS.000Z
</ModificationEvent>)+
</ModificationEvents>?
</OrderDetail>)+
</OrderDetails>)?
</Response>
</GetOrderByDataRange>
15.3 Query API to Get Recently Modified Orders (GetModifiedOrders)
As mentioned above the GetModifiedOrders API will return a list of orders modified within a specified time frame.
GlobalSign API for MSSL Certificates v1.2 Page 21 of 47
GetModifiedOrders Request
<GetModifiedOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Request>
<QueryRequestHeader>
<AuthToken>
<UserName>
<Password>
</AuthToken>
</QueryRequestHeader>
<FromDate> YYYY-MM-DDTHH:MM:SS.000Z
<ToDate> YYYY-MM-DDTHH:MM:SS.000Z
(<OrderQueryOption>
(<OrderStatus>)? 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
5: Cancelled - Issued
6: Waiting for revocation
7: Revoked
(<ReturnOrderOption>)? true,false
(<ReturnCertificateInfo>)? true,false
(<ReturnFulfillment>)? true,false
(<ReturnCACerts>)? true,false
</OrderQueryOption>)?
</Request>
</GetModifiedOrders>
GetModifiedOrders Response
<GetModifiedOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Response>
<QueryResponseHeader>
<SuccessCode> 2
(<Errors>
(<Error>
<ErrorCode> 5
<ErrorMessage> 1000 String
</Error>)+
</Errors>)?
<Timestamp> 25 YYYY-MM-DDTHH:MM:SS.000Z
<ReturnCount> 5
</QueryResponseHeader>
<FromDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z
<ToDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderDetails>
(<OrderDetail>
<OrderInfo>
<OrderID> 50 String
<ProductCode> 20 String
(<BaseOption>)? 20 String
<OrderKind> 10 String
<Licenses> 3
(<ExpressOption>)? 5 String
(<ValidityPeriodCustomizeOption>)?5 String
(<InsuranceOption>)? 5 String
(<GSSupportOption>)? 5 String
(<RenewalExtentionOption>)?5 String
<DomainName> 255 String
<OrderDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderCompleteDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderCanceledDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderDeactivatedDate>)? 25 YYYY-MM-
DDTHH:MM:SS.000Z
<OrderStatus> 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
GlobalSign API for MSSL Certificates v1.2 Page 22 of 47
5: Cancelled - Issued
6: Waiting for revocation
7: Revoked
<Price> 10
<Currency> 10 String
<ValidityPeriod>
<Months> 4
(<NotBefore>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<NotAfter>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
</ValidityPeriod>
(<SpecialInstructions>)? 4000 String
</OrderInfo>
<OrderSubInfo>
<CSRSkipOrderFlag> 5 String true,false
<DNSOrderFlag> 5 String true,false
<TrustedOrderFlag> 5 String true,false
(<P12DeleteStatus>)? 5
(<P12DeleteDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
(<VerificationUrl>)? 300 String
<SubId> 50 String
</OrderSubInfo>
(<OrderOption>
<ApproverNotifiedDate>? 25 YYYY-MM-
DDTHH:MM:SS.000Z
<ApproverConfirmDate>? 25 YYYY-MM-DDTHH:MM:SS.000Z
<ApproverEmailAddress>? 255 String
<OrganizationInfo>
<OrganizationName>255 String
(<CreditAgency>)? 50 String
(<OrganizationCode>)? 50 String
(<BusinessAssumedName>)? 255 String
(<BusinessCategoryCode>)? 20 String
<OrganizationAddress>
(<AddressLine1>)? 100 String
(<AddressLine2>)? 100 String
(<AddressLine3>)? 100 String
<City> 200 String
<Region> 255 String
(<PostalCode>)? 20 String
<Country> 30 String
<Phone> 30 String
(<Fax>)? 30 String
</OrganizationAddress>
</OrganizationInfo>
(<RequestorInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
<OrganizationName> 255 String
<OrganizationUnit> 100 String
<Phone> 30 String
<Email> 255 String
</RequestorInfo>)?
(<ApproverInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
<OrganizationName> 255 String
(<OrganizationUnit>)? 100 String
<Phone> 30 String
<Email> 255 String
</ApproverInfo>)?
(<AuthorizedSignerInfo>
<FirstName> 100 String
<LastName> 100 String
<Function> 255 String
<Phone> 30 String
<Email> 255 String
</AuthorizedSignerInfo>)?
(<JurisdictionInfo>
GlobalSign API for MSSL Certificates v1.2 Page 23 of 47
<Country> 30 String
<StateOrProvince> 255 String
<Locality> 200 String
<IncorporatingAgencyRegistrationNumber>100 String
</JurisdictionInfo>)?
(<ContactInfo>
<FirstName> 100 String
<LastName> 100 String
<Phone> 30 String
<Email> 255 String
</ContactInfo>)?
</OrderOption>)?
(<CertificateInfo>
<CertificateStatus> 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
6: Waiting for revocation
7: Revoked
<StartDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
<EndDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
<CommonName> 64 String
<SerialNumber> 64 String
<SubjectName> 3000 String
(<DNSNames>)? 300 String
</CertificateInfo>)?
(<Fulfillment>
(<CACertificates>
(<CACertificate>
<CACertType> 15 Root,Inter
<CACert> 4000 String
</CACertificate>)+
</CACertificates>)?
(<ServerCertificate>
<X509Cert> 4000 String
<PKCS7Cert> 4000 String
</ServerCertificate>)?
</Fulfillment>)?
<ModificationEvents>
(<ModificationEvent>
<ModificationEventName> 5
<ModificationEventTimestamp> YYYY-MM-
DDTHH:MM:SS.000Z
</ModificationEvent>)+
</ModificationEvents>?
</OrderDetail>)+
</OrderDetails>)?
</Response>
</GetModifiedOrders>
15.4 Query to Determine Upcoming Renewals (GetOrderByExpirationDate)
Request to query for orders with certificates expiring in date range.
GetOrderByExpirationDate Request
<GetOrderByExpirationDate >
<Request>
<QueryRequestHeader>
<AuthToken>
<UserName>
<Password>
</AuthToken>
</QueryRequestHeader>
(<ExpirationFromDate>)? YYYY-MM-DDTHH:MM:SS.000Z
(<ExpirationToDate>)? YYYY-MM-DDTHH:MM:SS.000Z
(<FQDN>)? 64 String
(<OrderKind>)? 10 String
GlobalSign API for MSSL Certificates v1.2 Page 24 of 47
(<OrderStatus>)? 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
5: Cancelled - Issued
6: Waiting for revocation
7: Revoked
(<SubID>)? 50 String
</Request>
</GetCertificateOrders>
GetOrderByExpirationDate Response
<GetCertificateOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Response>
<QueryResponseHeader>
<SuccessCode> 2
(<Errors>
(<Error>
<ErrorCode> 5
<ErrorMessage> 1000 String
</Error>)+
</Errors>)?
<Timestamp> 25 YYYY-MM-DDTHH:MM:SS.000Z
<ReturnCount> 5
</QueryResponseHeader>
(<SearchOrderDetails>
(<SearchOrderDetail>
<OrderID> 50 String
(<BaseOption>)? 20 String
<OrderKind> 10 String
<RequestKind> 10 String
<Licenses> 3
<OrderRequestDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
<OrderIssueDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
(<OrderCanceledDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
<OrderStatus> 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
5: Cancelled - Issued
6: Waiting for revocation
7: Revoked
<OrganizationName> 255 String
<Months> 4
<SubId> 50 String
<FQDN> 64 String
</SearchOrderDetail>)+
</SearchOrderDetails>)?
</Response>
</GetCertificateOrders>
15.5 Query API to Get Certificate Orders (GetCertificateOrders)
As mentioned above the GetCertificateOrders API will return a list of orders.
GetCertificateOrders Request
<GetCertificateOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Request>
<QueryRequestHeader>
<AuthToken>
<UserName>
GlobalSign API for MSSL Certificates v1.2 Page 25 of 47
<Password>
</AuthToken>
</QueryRequestHeader>
(<FromDate>)? YYYY-MM-DDTHH:MM:SS.000Z
(<ToDate>)? YYYY-MM-DDTHH:MM:SS.000Z
(<FQDN>)? 64 String
(<OrderKind>)? 10 String
(<OrderStatus>)? 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
5: Cancelled - Issued
6: Waiting for revocation
7: Revoked
(<SubID>)? 50 String
</Request>
</GetCertificateOrders>
GetCertificateOrders Response
<GetCertificateOrders xmlns="http://stub.query.gasapiserver.esp.globalsign.com">
<Response>
<QueryResponseHeader>
<SuccessCode> 2
(<Errors>
(<Error>
<ErrorCode> 5
<ErrorMessage> 1000 String
</Error>)+
</Errors>)?
<Timestamp> 25 YYYY-MM-DDTHH:MM:SS.000Z
<ReturnCount> 5
</QueryResponseHeader>
(<SearchOrderDetails>
(<SearchOrderDetail>
<OrderID> 50 String
(<BaseOption>)? 20 String
<OrderKind> 10 String
<RequestKind> 10 String
<Licenses> 3
<OrderRequestDate> 25 YYYY-MM-DDTHH:MM:SS.000Z
<OrderIssueDate> 25 YYYY-MM-
DDTHH:MM:SS.000Z
(<OrderCanceledDate>)? 25 YYYY-MM-DDTHH:MM:SS.000Z
<OrderStatus> 5 1: INITIAL
2: Waiting for phishing check
3: Cancelled - Not Issued
4: Issue completed
5: Cancelled - Issued
6: Waiting for revocation
7: Revoked
<OrganizationName> 255 String
<Months> 4
<SubId> 50 String
<FQDN> 64 String
</SearchOrderDetail>)+
</SearchOrderDetails>)?
</Response>
</GetCertificateOrders>
15.6 Query API to Reissue Certificates (ReIssue)
Use the Reissue API to Re-order a certificate.
GlobalSign API for MSSL Certificates v1.2 Page 26 of 47
"HashAlgorithm" is a newly added field in the API for reissue.
- If this is not specified, certificates will be issued based on the hash algorithm of the certificate being reissued.
- If "SHA1" is specified, SHA1 certificates will be issued. - If "SHA256" is specified, SHA-256 certificates will be issued. -
However, when reissuing certificates from SHA-256 to SHA1, issuing certificates which exceeds the
SHA-1 maximum validity period will be truncated. SHA-1 to SHA-1 certificate reissuance will not be
affected.
Example: Request a 5 year SHA-256 certificate. If you re-issue to SHA-1, you will receive a maximum
39 month certificate which could result in the loss of up to 21 months of validity period.
Recommendation: By requesting a maximum of a 3-year certificate you can avoid any loss of validity
period when performing reissues.
ReIssue Request
<ReIssue xmlns="http://stub.order.gasapiserver.esp.globalsign.com">
<Request>
<OrderRequestHeader>
<AuthToken>
<UserName> 30
<Password> 30
</AuthToken>
</OrderRequestHeader>
<OrderParameter>
<CSR> 4000 String
(<DNSNames>)? 300 String
</OrderParameter>
<TargetOrderID> 50 String
<HashAlgorithm> SHA1, SHA256
</Request>
</ReOrder>
ReIssue Response
< ReIssue xmlns="http://stub.order.gasapiserver.esp.globalsign.com">
<Response>
<OrderResponseHeader>
<SuccessCode> 2
(<Errors>
(<Error>
<ErrorCode> 5
(<ErrorField>)? 1000 String
<ErrorMessage> 1000 String
</Error>)+
</Errors>)?
<Timestamp> YYYY-MM-DDTHH:MM:SS.000Z
</OrderResponseHeader>
<OrderID>? 50 String
<TargetOrderID>? 50 String
</Response>
</ ReIssue >
15.7 CSR Decoder and Error Checker (DecodeCSR)
Request to allow submission of CSR for parsing and error checking.
GlobalSign API for MSSL Certificates v1.2 Page 27 of 47
DecodeCSR Request
<DecodeCSR>
<Request >
<OrderRequestHeader>
<AuthToken>
<UserName> 30 String
<Password> 30 String
</AuthToken>
</OrderRequestHeader>
<CSR> 50 String
<ProductType> DV_LOW,DV OV, EV
</Request >
</DecodeCSR>
DecodeCSR Response
<DecodeCSR>
<Response>
<OrderResponseHeader>
<SuccessCode> 2
(<Errors>
(<Error>
<ErrorCode> 5
(<ErrorField>)? 1000 String
<ErrorMessage> 1000 String
</Error>)+
</Errors>)?
<Timestamp> YYYY-MM-DDTHH:MM:SS.000Z
</OrderResponseHeader>
<CSRData>
(<CommonName>)? 255 String
(<Organization>)? 255 String
(<OrganizationUnit>)? 255 String
(<Locality>)? 255 String
(<State>)? 255 String
(<Country>)? 30 String
(<EmailAddress>)? 255 String
(<KeyLength>)? 30 String
</CSRData>
<CertificatePreview>
(<CommonName>)? 255 String
(<Organization>)? 255 String
(<OrganizationUnit>)? 255 String
(<Locality>)? 255 String
(<State>)? 255 String
(<Country>)? 30 String
(<EmailAddress>)? 255 String
(<KeyLength>)? 30 String
</CertificatePreview>
</Response>
</DecodeCSR>
15.8 Turn Renewal Notice On/Off (ToggleRenewalNotice)
Toggle Renewal Notice Request
<ToggleRenewalNotice>
<Request>
<OrderRequestHeader>
<AuthToken>
<UserName> 30 String
<Password> 30 String
GlobalSign API for MSSL Certificates v1.2 Page 28 of 47
</AuthToken>
</OrderRequestHeader>
<OrderID> 30 String
<RenewalNotice> true, false
</Request>
</ ToggleRenewalNotice >
Toggle RenewalNotice Response
< ToggleRenewalNotice >
<Response>
<OrderResponseHeader>
<SuccessCode> 2
(<Errors>
(<Error>
<ErrorCode> 5
(<ErrorField>)? 1000 String
<ErrorMessage> 1000 String
</Error>)+
</Errors>)?
<Timestamp> YYYY-MM-DDTHH:MM:SS.000Z
</OrderResponseHeader>
<OrderID>? 50 String
</Response>
</ ToggleRenewalNotice >
GlobalSign API for MSSL Certificates v1.2 Page 29 of 47
16. Certificate Order Entry Parameters
16.1 MSSL Profile and Domain ID’s
To order MSSL Certificates, an MSSLProfileID and MSSLDomainID must be provided. To obtain these
values from the GUI, login to your account, navigate to the “Manage Domains & Profiles” section, and
then click the “Toggle display of Profile ID & Domain ID” link at the bottom of the table. This will then
show the IDs for each of your profiles and domains.
16.2 Product Codes
The product code is a necessary item in most of the API calls above, the code you enter should match
the type of certificate your client requires.
Code Certificate Type PV OrganizationSSL
PV_SKIP OrganizationSSL using AutoCSR
16.3 Validity Period
You can control the validity period of ordered certificates by setting the number of months.
Number Of Months Certificate Validity Period (days) 6* 184*
12 366
24 731
36 1096
48 1461
60 1826
16.4 Date/Time Formatting
Date/Time is based on UTC and includes millisecond. eg: 2006-12-07T18:16:33.594Z This format is defined* as “xsd:dateTime XML Simple Type” * http://www.w3.org/TR/xmlschema-2/#dateTime
16.5 Setting Validity Period of the Certificate (by Not before/Not after date)
You can control the validity period of a certificate by modifying the Not before (N/B) and Not after (N/A) dates, these dates represent Valid From and Valid To in the final certificate. You can set either N/B and N/A dates, or just one of them. Restrictions are follows:
N/B should be at least 3 days after the ordering date for GSDVOrders, and at least 7 days after for GSOVOrders.
N/A should be as follows:
Number of Months Restrictions for N/A
GlobalSign API for MSSL Certificates v1.2 Page 30 of 47
6 DomainSSL : 4 days after or later from the ordering date and within 184 days
OV : 8 days after or later from the ordering date and within 184 days
12 185 days after or later from the ordering date and within 366 days
24 367 days after or later from the ordering date and within 731 days
36 732 days after or later from the ordering date and within 1096 days
48 1097 days after or later from the ordering date and within 1461 days
60 1462 days after or later from the ordering date and within 1826 days
16.6 Order Type
The following OrderTypes can be ordered through the API.
No. OrderKind Notes 1 New A new order
2 Renewal A renewal order for replacing an expiring certificate
3 Transfer A competitive switch – a certificate is being traded in from another SSL provider
16.7 Options
BaseOptions can be added to the certificate order if it is for a specific type of certificate, the following
BaseOptions are currently available.
BaseOption Supported Product Notes wildcard OrganizationSSL (both with or without
using AutoCSR) Common Name must contain the * character in place of the
subdomain
globalip OrganizationSSL (both with or without using AutoCSR)
Common Name must contain a publicly accessible IP address
16.8 Licenses
GlobalSign has moved to an unlimited server licensing model for its SSL certificates. The values passed via the API in the license field are thus irrelevant. For new implementations, the request should be configured to submit a value of 1 licenses.
16.9 CreditAgency/OrganizationCode
CreditAgency/OrganizationCode is added to help GlobalSign validate the customers Organization. If the
customer has one of these numbers it should just be flagged as available, the actual code is not to be
entered.
No. Credit Agency Value 1 Dunn and Bradstreet number 1
2 Teikoku Databank code 2
16.10 KeyLength
This reflects the Key Length to be used if the certificate is being created on GlobalSign servers. Valid
values 2048 or 4096.
GlobalSign API for MSSL Certificates v1.2 Page 31 of 47
16.11 OptionName
The following option types must be added for ordering certificates with extended options. Set to TRUE to
activate.
OptionName Description SAN SAN: SANOption Activates the Subject Alternative
Name (SANs) options – see section on Subject Alternative Names (SANs) Entry
REX REX: RenewalExtentionOption Optionally adds an additional 30 days to a Renewal order
VPC VPC:ValidityPeriodCustomizeOption Allows the start date and end date of the Certificate to be customized – see section on Setting validity period of the certificate (by Not before/Not after date)
16.12 Subject Alternative Names (SANs) Entry
SANs entries should be added with a combination of OptionName set to SAN and SANOptionType set to
one of the following together with the full SAN name in SubjectAltName.
16.13 Country
List of country two digit codes and currently supported status, Y = supported N = not supported.
Code Name Status
AD ANDORRA Y
AE UNITED ARAB EMIRATES Y
AF AFGHANISTAN N
AG ANTIGUA AND BARBUDA Y
AI ANGUILLA Y
AL ALBANIA Y
AM ARMENIA Y
AN NETHERLANDS ANTILLES Y
AO ANGOLA N
AQ ANTARCTICA Y
AR ARGENTINA Y
AS AMERICAN SAMOA Y
AT AUSTRIA Y
AU AUSTRALIA Y
Code Name Status
AW ARUBA Y
AX ALANDS ISLANDS Y
AZ AZERBAIJAN Y
BA BOSNIA AND HERZEGOVINA
Y
BB BARBADOS Y
BD BANGLADESH Y
BE BELGIUM Y
BF BURKINA FASO Y
BG BULGARIA Y
BH BAHRAIN Y
BI BURUNDI Y
BJ BENIN Y
BM BERMUDA Y
BN BRUNEI DARUSSALAM Y
No. SAN OptionType Explanation Value 1 1:UC cert option Unified Communication Cert Option –
allows only owa, mail or autodiscover subdomains to be added
1
2 2:Subdomain SAN option Additional Subdomain Option 2
3 3:GIP SAN option Public IP Option 3
4 4:Internal SAN option Internal Hostname or non-public IP Option
4
7 7:FQDN SAN option Additional Fully Qualified Domain Option
7
GlobalSign API for MSSL Certificates v1.2 Page 32 of 47
Code Name Status
BO BOLIVIA Y
BR BRAZIL Y
GW GUINEA-BISSAU Y
GY GUYANA Y
HK HONG KONG Y
HM HEARD ISLAND AND MCDONALD ISLANDS
Y
HN HONDURAS Y
HR CROATIA Y
HT HAITI Y
HU HUNGARY Y
ID INDONESIA Y
IE IRELAND Y
IL ISRAEL Y
IM ISLE OF MAN Y
IN INDIA Y
IO BRITISH INDIAN OCEAN TERRITORY
Y
IQ IRAQ N
IR IRAN, ISLAMIC REPUBLIC OF
N
IS ICELAND Y
IT ITALY Y
JE JERSEY Y
JM JAMAICA Y
JO JORDAN Y
JP JAPAN Y
KE KENYA Y
KG KYRGYZSTAN Y
KH CAMBODIA Y
KI KIRIBATI Y
KM COMOROS Y
KN SAINT KITTS AND NEVIS Y
KP NORTH KOREA (DEMOCRATIC PEOPLE’S REPUBLIC OF KOREA)
N
BS BAHAMAS Y
BT BHUTAN Y
BV BOUVET ISLAND Y
BW BOTSWANA Y
BY BELARUS Y
BZ BELIZE Y
CA CANADA Y
CC COCOS (KEELING) ISLANDS
Y
CD CONGO, THE DEMOCRATIC REPUBLIC OF THE
Y
Code Name Status
CF CENTRAL AFRICAN REPUBLIC
Y
CG CONGO Y
CH SWITZERLAND Y
CI COTE D’IVOIRE Y
CK COOK ISLANDS Y
CL CHILE Y
CM CAMEROON Y
CN CHINA Y
CO COLOMBIA Y
CR COSTA RICA Y
CU CUBA N
CV CAPE VERDE Y
CX CHRISTMAS ISLAND Y
CY CYPRUS Y
CZ CZECH REPUBLIC Y
DE GERMANY Y
DJ DJIBOUTI Y
DK DENMARK Y
DM DOMINICA Y
DO DOMINICAN REPUBLIC Y
DZ ALGERIA Y
KR KOREA, REPUBLIC OF Y
KW KUWAIT Y
KY CAYMAN ISLANDS Y
KZ KAZAKSTAN Y
LA LAO PEOPLE’S DEMOCRATIC REPUBLIC
Y
LB LEBANON Y
LC SAINT LUCIA Y
LI LIECHTENSTEIN Y
LK SRI LANKA Y
LR LIBERIA N
LS LESOTHO Y
LT LITHUANIA Y
LU LUXEMBOURG Y
LV LATVIA Y
LY LIBYAN ARAB JAMAHIRIYA N
MA MOROCCO Y
MC MONACO Y
MD MOLDOVA, REPUBLIC OF Y
ME MONTENEGRO N
MG MADAGASCAR Y
MH MARSHALL ISLANDS Y
MK MACEDONIA, THE FORMER YUGOSLAV REPUBLIC OF
Y
GlobalSign API for MSSL Certificates v1.2 Page 33 of 47
Code Name Status
ML MALI Y
MM MYANMAR Y
MN MONGOLIA Y
MO MACAU Y
MP NORTHERN MARIANA ISLANDS
Y
MQ MARTINIQUE Y
MR MAURITANIA Y
EC ECUADOR Y
EE ESTONIA Y
EG EGYPT Y
EH WESTERN SAHARA Y
ER ERITREA Y
ES SPAIN Y
ET ETHIOPIA Y
FI FINLAND Y
FJ FIJI Y
FK FALKLAND ISLANDS (MALVINAS)
Y
FM MICRONESIA, FEDERATED STATES OF
Y
FO FAROE ISLANDS Y
FR FRANCE Y
GA GABON Y
GB UNITED KINGDOM Y
GD GRENADA Y
GE GEORGIA Y
GF FRENCH GUIANA Y
GG GUERNSEY Y
GH GHANA Y
GI GIBRALTAR Y
GL GREENLAND Y
GM GAMBIA Y
GN GUINEA Y
GP GUADELOUPE Y
GQ EQUATORIAL GUINEA Y
GR GREECE Y
GS SOUTH GEORGIA AND THE SOUTH SANDWICH ISLANDS
Y
GT GUATEMALA Y
GU GUAM Y
MS MONTSERRAT Y
MT MALTA Y
MU MAURITIUS Y
MV MALDIVES Y
MW MALAWI Y
MX MEXICO Y
Code Name Status
MY MALAYSIA Y
MZ MOZAMBIQUE Y
NA NAMIBIA Y
NC NEW CALEDONIA Y
NE NIGER Y
NF NORFOLK ISLAND Y
NG NIGERIA Y
NI NICARAGUA Y
NL NETHERLANDS Y
NO NORWAY Y
NP NEPAL Y
NR NAURU Y
NU NIUE Y
NZ NEW ZEALAND Y
OM OMAN Y
PA PANAMA Y
PE PERU Y
PF FRENCH POLYNESIA Y
PG PAPUA NEW GUINEA Y
PH PHILIPPINES Y
PK PAKISTAN Y
PL POLAND Y
PM SAINT PIERRE AND MIQUELON
Y
PN PITCAIRN Y
PR PUERTO RICO Y
PS PALESTINIAN TERRITORY, OCCUPIED
Y
PT PORTUGAL Y
PW PALAU Y
PY PARAGUAY Y
QA QATAR Y
RE REUNION Y
RO ROMANIA Y
RS SERBIA N
RU RUSSIAN FEDERATION Y
RW RWANDA N
SA SAUDI ARABIA Y
SB SOLOMON ISLANDS Y
SC SEYCHELLES Y
SD SUDAN N
SE SWEDEN Y
SG SINGAPORE Y
SH SAINT HELENA Y
SI SLOVENIA Y
SJ SVALBARD AND JAN MAYEN
Y
GlobalSign API for MSSL Certificates v1.2 Page 34 of 47
Code Name Status
SK SLOVAKIA Y
SL SIERRA LEONE N
SM SAN MARINO Y
SN SENEGAL Y
SO SOMALIA N
SR SURINAME Y
ST SAO TOME AND PRINCIPE Y
SV EL SALVADOR Y
SY SYRIAN ARAB REPUBLIC N
SZ SWAZILAND Y
TC TURKS AND CAICOS ISLANDS
Y
TD CHAD Y
TF FRENCH SOUTHERN TERRITORIES
Y
TG TOGO Y
TH THAILAND Y
TJ TAJIKISTAN Y
TK TOKELAU Y
TL TIMOR-LESTE Y
TM TURKMENISTAN Y
TN TUNISIA Y
TO TONGA Y
TR TURKEY Y
TT TRINIDAD AND TOBAGO Y
TV TUVALU Y
Code Name Status
TW TAIWAN, PROVINCE OF CHINA
Y
TZ TANZANIA, UNITED REPUBLIC OF
Y
UA UKRAINE Y
UG UGANDA Y
UM UNITED STATES MINOR OUTLYING ISLANDS
Y
US UNITED STATES Y
UY URUGUAY Y
UZ UZBEKISTAN Y
VA HOLY SEE (VATICAN CITY STATE)
Y
VC SAINT VINCENT AND THE GRENADINES
Y
VE VENEZUELA Y
VG VIRGIN ISLANDS, BRITISH Y
VI VIRGIN ISLANDS, U.S. Y
VN VIET NAM Y
VU VANUATU Y
WF WALLIS AND FUTUNA Y
WS SAMOA Y
YE YEMEN Y
YT MAYOTTE Y
ZA SOUTH AFRICA Y
ZM ZAMBIA Y
ZW ZIMBABWE Y
17. Status Explanations
17.1 Order/Certificate Status
Order/Certificate status of any certificate request can be obtained at any time, via GetModifiedOrders API
call.
No. Order Status Value 1 INITIAL 1
2 Waiting for phishing check 2
3 Cancelled – Not Issued 3
4 Issue completed 4
5 Cancelled - Issued 5
6 Waiting for revocation 6
7 Revoked 7
GlobalSign API for MSSL Certificates v1.2 Page 35 of 47
17.2 ModificationEventName
ModificationEventName is returned from GetModifiedOrders. At any time all modified orders and their modification can be returned from the API. ModificationEventName is a combination of Action code and result code.
e.g.: 1,0 - means Certificate Confirmed is succeeded.
Action Code Description 0 Initial (no requested for RA)
1 Certificate Confirmed
2 Certificate Rejected
3 Certificate phishing OK
4 Certificate phishing NG
5 Certificate requested for RA
6 Certificate Approver Cancelled
7 Certificate issued
8 Certificate Cancelled(before issue)
9 Certificate Cancelled(after issue)
10 Certificate mail re-issue
11 Certificate Revoke request
12 Certificate Revoked
13 Certificate re-issue request
14 Certificate re-issued
15 Certificate transference
16 Certificate re-request Cancelled
17 Certificate error recover
18 Certificate requested for RA(manual request)
19 Certificate status updated
20 Certificate requested for RA(partner)
21 Certificate requested for RA(TP)
22 EV 1st document vetting is OK
23 Certificate Revoke Cancelled
27 SAN option changed(original order).
39 Changing SAN option requested.
41 Changing SAN option requested for RA.
Result Code Description 0 Succeed
1 Warning
-1 Error
17.3 MSSL Domain Status
Domain Vetting status of any domain in the account can be obtained at any time, via GetMSSLDomains
API call.
No. Order Status Value 1 INITIAL / Vetting in Progress 1
2 Vetting in Progress 2
3 Vetting Completed / Available 3
5 Cancelled / Suspended 5
6 Domain Rejected 6
GlobalSign API for MSSL Certificates v1.2 Page 36 of 47
17.4 MSSL Profile Status
Profile Vetting status of any domain in the account can be obtained at any time, via GetMSSLProfiles API
call.
17.5 ResendEmailType
The following Emails can be resent via the API.
Value Description APPROVEREMAIL Resend the approver email for GSDVOrder, GSDVOrderWithoutCSR
17.6 Success / Error Codes
A SuccessCode is always returned from the API, if the SuccessCode is 0 or 1, the order will normally be
able to continue. A SuccessCode of -1 will be a terminating point and will be combined in the reply with
one or more ErrorCodes. ErrorCodes provide more information on the Error created with the API call. In
addition to the error message documentation below, the API returns more specific error details regarding
the specific fields that may be causing problems in the XML response.
There are two types of errors: Client Error and Server Error.
Client error codes suggest that the error was caused by something on the client end. These issues are
often due to malformed XML requests, incorrect or missing data, or other API implementation issues. A
client error code indicates that the request has not been accepted and the user must make changes and
resubmit.
Server error codes suggest a server-side issue caused the error and should be reported to
api@globalsign.com. The request is received but it may not be processed immediately or the request
cannot received by GAS system. A server error code is received, please view compare the error code
and the table in section Error! Reference source not found..
Success Codes
Code Code Details Notes 0 Success
-1 Failure The order/request has failed; please consult the Error Code list, as well as the error message in the XML response for remedial actions.
1 Warning
Indicates order has been flagged for Phishing. The order is valid, but will experience a delay in processing until the GlobalSign vetting team manually reviews and clears the order’s phishing flag
No. Order Status Value 1 INITIAL / Vetting in Progress 1
2 Vetting in Progress 2
3 Vetting Completed / Available 3
5 Cancelled / Suspended 5
6 Profile Rejected 6
GlobalSign API for MSSL Certificates v1.2 Page 37 of 47
Client Error Codes
Success Code
Error Code
Description Notes
0 - Success -
-1 -1
Internal system error. Please re-execute what you were doing. If error persists, please contact GlobalSign Support
If the error is a Gas Error or the system cannot find the specific error code for it
-1 -2 RA Communication Fault was encountered
If the API failed to connect to the RA Server
-1 -102 Mandatory parameter missing If input is null and field is required
-1 -103 Parameter length check error If input exceeds allowed length
-1 -104 Parameter format check error If input is invalid or in wrong format
-1 -105 Invalid parameter combination If the combination of an input and another input is incorrect
-1 -201 Failed database operation If there is an error in the database
-1 -300
Database Error. Please retry and if the issue persists contact support with detailed information concerning the issue.
If partner/contractor cannot be found
-1 -4001 Login failure invalid user ID If username or password used is incorrect or does not exists
-1 -4007 The CSR used when ordering a certificate is invalid. Please recheck your CSR.
If CSR is used for ordering a certificate is invalid
-1 -4008
The certificate is either expired, does not meet the requirements of transfer, or is inaccessible on the CN by the GlobalSign system. Please ensure that the certificate is correct and try again
If switching and system cannot connect to the switching server to verify the certificate If the CSR used for switching is expired If the certificate used for switching is not verified If the certificate used for switching is invalid
-1 -6001 There was an error when trying to parse the supplied CSR. Please recheck the CSR used
If there is an error while parsing the CSR
-1 -6101 The account used does not have enough balance to order a certificate
If Deposit balance is not enough to order a certificate
-1 -6102
The renewal of the certificate failed. There may be lacking or incorrect information that is required for the renewal of the certificate
If renewing of certificate failed
-1 -9401 No profile was found using the supplied MSSLProfileID. Please make sure that the supplied MSSLProfileID is correct.
If profileId supplied is invalid or does not exists
-1 -9403
The account used does not have MSSL rights. Please make sure you are using. Please make sure you are using an account with MSSL rights.
If the account used does not have MSSL access
-1 -9431 The account used does not have access to the profile associated with the supplied MSSLProfileID
If the profile retrieved does not belong to the current partner
-1 -9440
No domain was found using the supplied MSSLDomainID. Please make sure that the supplied MSSLDomainID is correct.
If domainId supplied is invalid or does not exists
-1 -9443 The account used does not have access to the domain associated with the supplied MSSLDomainID
If the domain retrieved does not belong to the current partner
-1 -9450 Cannot request a certificate order. Please try again.
If the user may have limited rights/privilege when ordering a certificate
-1 -9452
The CN in the CSR is not the same or is not a subdomain of the domain name associated with the supplied MSSLDomainID. Please recheck your CSR or your MSSLDomainID
If the CN in CSR and domain name is not equal
-1 -9900 IP Address out of Range If user is not allowed to use API
-1 -9913 No valid coupons were found. Please recheck the supplied coupon.
If system cannot find a valid coupon supplied in the request
-1 -9914 No valid campaigns were found, Please recheck the supplied campaign.
If system cannot find a valid campaign supplied in the request
GlobalSign API for MSSL Certificates v1.2 Page 38 of 47
Success Code
Error Code
Description Notes
-1 -9915 Certificate was already canceled If certificate was already canceled
-1 -9916 Cannot find the certificate that is associated with the order id you have supplied
When renewal, If order cannot be found through RenewalTargetOrderID or TargetCERT
-1 -9918 The coupon or campaign you supplied is invalid
If campaign/coupon exists but is not valid
-1 -9919 The coupon or campaign you supplied is already used
If campaign/coupon is already used
-1 -9920 The coupon or campaign you supplied is not allowed to be used
if campaign/coupon is not permitted to be used
-9922 The coupon or campaign's currency is not the same with the currency of your user
If campaign/coupon's currency and account currency does not match
-1 -9933 The expiration date you have entered is not compatible with the product you have selected
If NotAfter does not match with the type of order
-1 -9936
GlobalSign operates a security and vulnerability scan of the public key component of the CSR you have just submitted.
If the Debian Security Hole DSA_1571_1 validation failed
-1 -9938 The status of the certificate has already been changed
If the state of the certificate has been changed
-1 -9942 A problem was encountered when trying to request the certificate in the RA System
If the RAOrderNo returned by the RA Server is a GAS OrderNo If the OrderStatus in the RA is not APPROVE If the certificate order state is REVOKE_REQUESTED
-1 -9943 A problem was was encountered when trying to issue the certificate in the RA System
If order cannot be issued
Server Error Codes
Success Code
Error Code
Description Notes
-1 -1 Internal system error The system has experienced an internal error. Please try to do what you were doing again, and if the problem persists, please report this error code to GlobalSign Support.
-1 -2 Network Connection Error
The GlobalSign system has experienced a network error. Please try to do what you were doing again, and if the problem persists, please report this error code to GlobalSign Support.
-1
-201 -204 -300 -301
Internal system error - Failed database operation
The system has experienced an internal error updating the database. Please try to do what you were doing again, and if the problem persists, please report the following error code to GlobalSign Support.
-1 -1001 Internal system error - CA connection error
The CA system has experienced a communication error. Your Order has been accepted and will be processed when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -1002 Internal system error - CA issuing error
The CA system has experienced an issuance process error. Your Order has been accepted and will be processed when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -1003 Internal system error - CA revoke error
The CA system has experienced a revocation process error. Your Order has been accepted and will be processed when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -1004 Internal system error - CA connection error
The CA system has experienced a communication error. Your Order has been accepted and will be processed when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -2001 Internal system error - Email sending warning
The CA system has experienced an email sending error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -4010 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
GlobalSign API for MSSL Certificates v1.2 Page 39 of 47
Success Code
Error Code
Description Notes
-1 -4059 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -4064 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -4065 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -4066 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -4071 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -4072 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -6004 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -6005 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
-1 -6006 Internal system error
The system has experienced an internal error. Your Order has been accepted and the email will be automatically sent when the system recovers. This process may take some time. If the problem persists, please report the following error code to GlobalSign Support.
18. XML Field Definitions
This table lists all of the data types used in the API specification in alphabetical order.
DataType Description
String fixed-length character string
Boolean logical Boolean (true/false)
Int signed four-byte integer
DateTime YYYY-MM-DDTHH:MM:SS.000Z
XML Structure Description Type/Length AddressLine1 Part of the Address structure. Contains the first line of the
address.
String/100
AddressLine2 Part of the Address structure. Contains the second line of the address.
String/100
AddressLine3 Part of the Address structure. Contains the third line of the address.
String/100
Approver
ApproverType
ApproverEmail
Approver
This is the Approver information for each Approver in the ApproverList. Today only the e-mail address is returned, but there could be other fields returned in the future.
GlobalSign API for MSSL Certificates v1.2 Page 40 of 47
XML Structure Description Type/Length ApproverEmail This is the email of the Approver – For DomainSSL and
DV_LOW products the person responsible for approving the certificate order.
String/255
ApproverEmailAddress This is the email of the Approver – For DomainSSL and DV_LOW products the person responsible for approving the certificate order.
String/255
ApproverType The type of Approver email address. One of the following: Domain – From WHOIS data Generic – From the computed list
String/10
Approvers
Approver
Approvers
ApproverInfo
FirstName
Function
LastName
OrganizationName
OrganizationUnit
Phone
ApproverInfo
Approver Information for an EV certificate request
AuthorizedSignerInfo
FirstName
LastName
Function
Phone
AuthorizedSignerInfo
Authorized Signer Details
AuthToken
UserName
Password
AuthToken
Used for partner authentication on each message posted to GlobalSign. This partner has to be set up by GlobalSign for API access.
BaseOption Options for the certificate. Currently allowed fields are: wildcard – certificate with * globalip – certificate with global ip address subaltname – certificate with alternative subject names
String /20
BusinessAssumedName String/255
BusinessCategoryCode Business Type String /20
CACert This is the content of a CA certificate in the certificate chain for the server certificate in Base64 encoded format.
String/4000
CACertificate
CACertType
CACert
CACertificate
This identifies the type of certificate for each CA certificate in the chain, and also contains the actual certificate.
CACertificates
CACertificate
CACertType
CACert
CACertificate
CACertificates
This is the list of CA certificates associated with the server certificate. If present, there must be one or more CACertificate fields in this structure. The Root certificate will always be present in this structure, and there may be one or more intermediate CA certificates.
CACertType The Type of CA certificate: ROOT or INTER String/15
Campaign Campaign can be used for payment。 String/50
CertificateInfo
DNSNames
CertificateStatus
CommonName
EndDate
SerialNumber
StartDate
SubjectName
CertificateInfo
This structure contains information stored related to the certificate in various Query operations.
CertificateStatus The current status of a certificate. 1 - INITIAL 2 - Waiting for phishing check 3 - Cancelled - Not Issued 4 - Issue completed 6 - Waiting for revocation 7 - Revoked
Int
CommonName The common name in certificate. String/255
CSRSkipOrderFlag Boolean
City Part of the Address structure. String/200
GlobalSign API for MSSL Certificates v1.2 Page 41 of 47
XML Structure Description Type/Length ContactInfo
FirstName
LastName
Phone
ContactInfo
Contact Information of for a certificate request
Country Part of the Organization Address structure. The Country of the Organization. Must be a valid ISO country code.
String/2
Coupon Coupons can be used for payment。 String/50
CreditAgency The Organizations name. 1 – DUNS No. 2 – TDB code
String/50
Currency The Currency of the transaction String/10
CSR Certificate Signing Request. This is the Base64 encoded X.509 digital certificate signing request typically generated by the end user on their target web server. This is a critical element for all SSL orders.
String/4000
DNSOrderFlag Boolean
DNSNames Contains one or more DNSName values to be put into the certificate SubjectAltName extension. Each can be up to 64 characters. Values are comma delimited. Each DNSName may only contain alphanumeric values, plus dash and under bar – No periods.
String/300
DomainName The domain name for an Order. For an SSL Order this can be a fully qualified Domain (e.g., www.globasign.com) or possibly a wildcard domain (e.g., *.globalsign.com.
String/255
DVCSRInfo
Country
DVCSRInfo
CSR information for SKIP GSDVOrders.
EndDate Expired date of certificate. DateTime
Email From the ContactInfo structure. The Email Address of the contact.
String/255
Error
ErrorCode
ErrorField
ErrorMessage
Error
A structure that contains an ErrorCode and an ErrorMessage. Error is part of the Errors structure.
ErrorCode A unique code identifying the error. Int
ErrorField When there is a specific field that has caused the error, the XML tag for that field is placed in this structure. Where the tag is not unique in the entire message, one or more tags precede this so this field can be uniquely identified. For example, if the Phone field was invalid in the AdminContact structure, the return code would have AdminContactPhone.
String/1000
ErrorMessage A message describing an error in more detail. ErrorMessage is a part of the Error Structure
String/1000
Errors
Error
ErrorCode
ErrorField
ErrorMessage
Error
Errors
A list of the errors returned from a request. An Errors structure can have multiple Error elements. Errors is a part of the OrderResponseHeader structure. If present, this structure contains one or more errors.
ErrorCode Int
ErrorField String/1000
ErrorMessage String/1000
ExpressOption To add Express Options set to true. If not false. Boolean
Fax From the OrganizationAddress structure. The Fax number for the organization.
String/30
FirstName From one of the Contact structures. The First Name of the contact.
String/100
FQDN Fully Qualified Domain Name String/255
FromDate The starting date used in various queries. DateTime
GlobalSign API for MSSL Certificates v1.2 Page 42 of 47
XML Structure Description Type/Length Fulfillment
CACertificates
CACertificate
CACertType
CACert
CACertificate
CACertificates
ServerCertificate
x509Cert
PKCS7Cert
ServerCertificate
Fulfillment
Contains the CA certificate(s) and/or the ServerCertificate (in x509 and/or PKCS7 formats).
Function Requestor job function String/255
GSSupportOption To add GS Support set to true. If not false. Boolean
IncorporatingAgencyRegistrationN
umber
String/100
InsuranceOption To add Insurance Options set to true.If not false. Boolean
IsValidDomainName Returns true if the domain name is valid for a certificate orders
Boolean
JurisdictionInfo
Country
StateOrProvince
Locality
IncorporatingAgencyRegistrationN
umber
JurisdictionInfo
Jurisdiction of Incorporation Details
KeyLength String/4
LastName From one of the Contact structures. The Last Name of the contact.
String/100
Licenses This is the Number of Licenses. Int
1-99 Only
Locality The Locality field from the CSR or Certificate String/255
ModificationEvent One event in the set of ModificationEvents
ModificationEventName The name of the event. Examples include: Approver Confirmed Approver Rejected Certificate Cancelled Certificate Created Certificate Revoked Order Cancelled Order Completed Order Created Order Refunded
Int
ModificationEvents
ModificationEvent
ModificationEventName
ModificationEventTimestamp
ModificationEvent
ModificationEvents
The set of events for the order that caused the status to be changed within the specified time period. This is contained in OrderDetail. Used only in GetModifiedOrders.
ModificationEventTimestamp The time of the event DateTime
ModifyOrderOperation Specifies the operation to be performed on the order or certificate. APPROVE CANCEL REVOKE
String/20
Months The number of months that a certificate will be valid for. Int/4
MSSLProfileID ID associated with the Profile you are using String/50
MSSLDomaindID ID associated with the Domain being used String/50
MSSLDomainName Domain name being queried String/64
MSSLProfileStatus Status of profile String/5
NotAfter DateTime
NotBefore DateTime
OrderDate The date the order was created. DateTime
OrderDetail
OrderInfo
OrderOption
CertificateInfo
(Fulfillment
ModificationEvents
OrderDetail
OrderDetail is returned in many Order Query operations. The specific content is dependent on the values in the request ModificationEvents is only returned (and only returned) in GetModifiedOrders.
GlobalSign API for MSSL Certificates v1.2 Page 43 of 47
XML Structure Description Type/Length OrderKind Type of order:
new: a new request renewal: renewal of current certificate transfer: a commercial upgrade of a current valid certificate
String/10
OrderID This is the OrderID assigned by GlobalSign to the order and provided to the person requesting the certificate.
String/50
OrderInfo
OrderID
ProductCode
BaseOption
OrderKind
Licenses
ExpressOption
ValidityPeriodCustomizeOption
InsuranceOption
GSSupportOption
RenewalExtentionOption
DomainName
OrderDate
OrderCompleteDate
OrderCanceledDate
OrderDeactivatedDate
OrderStatus
Price
Currency
ValidityPeriod
Months
NotBefore
NotAfter
ValidityPeriod
SpecialInstructions
OrderInfo
This structure contains basic information that apply to most orders and is profiled within each order response structure.
OrderOption
ApproverNotifiedDate
ApproverConfirmDate
ApproverEmailAddress
OrganizationInfo
OrganizationName
CreditAgency
OrganizationCode
OrganizationAddress
AddressLine1
AddressLine2
AddressLine3
City
Region
PostalCode
Country
Phone
Fax
OrganizationAddress
OrganizationInfo
ContactInfo
FirstName
LastName
Phone
ContactInfo
OrderOption
This structure is in many order request messages and contains basic order information common to all types of orders.
GlobalSign API for MSSL Certificates v1.2 Page 44 of 47
XML Structure Description Type/Length OrderParameter
ProductCode
BaseOption
OrderKind
Licenses
ExpressOption
ValidityPeriodCustomizeOption
InsuranceOption
GSSupportOption
RenewalExtentionOption
ValidityPeriod
Months
NotBefore
NotAfter
ValidityPeriod
CSR
RenewalTergetOrderID)?
TargetCERT
DNSNames
SpecialInstructions
Coupon
Campaign
OrderParameter
This structure is part of the order validation and order processes. It includes all details relating to the order and also the CSR for parsing.
OrderParameterWithoutCSR
ProductCode
BaseOption
OrderKind
Licenses
ExpressOption
ValidityPeriodCustomizeOption
InsuranceOption
GSSupportOption
RenewalExtentionOption
ValidityPeriod
Months
NotBefore
NotAfter
ValidityPeriod
PIN
KeyLength
RenewalTergetOrderID)?
TargetCERT
DNSNames
SpecialInstructions
Coupon
Campaign
OrderParameterWithoutCSR
This structure is part of the order validation and order processes. It includes all details relating to the order without a CSR.
OrderQueryOption
OrderStatus)
ReturnOrderOption)
ReturnCertificateInfo)
ReturnFulfillment)
ReturnCACerts)
OrderQueryOption
Specifies what is returned in the response message. All values default to false if not supplied so the corresponding data structure will not appear in the response.
OrderRequestHeader
AuthToken
UserName
Password
AuthToken
OrderRequestHeader
The OrderRequestHeader is used in all of the order operations.
GlobalSign API for MSSL Certificates v1.2 Page 45 of 47
XML Structure Description Type/Length OrderResponseHeader
SuccessCode
Errors
Error
ErrorCode
ErrorField
ErrorMessage
Error
Errors)*
Timestamp
OrderResponseHeader
This is the header returned in all Order operations.
OrderStatus
The current status of an Order. 1 - INITIAL 2 - Waiting for phishing check 3 - Cancelled - Not Issued 4 - Issue completed 5 - Cancelled - Issued 6 - Waiting for revocation 7 - Revoked
Int
OrderSubInfo
CSRSkipOrderFlag
DNSOrderFlag
TrustedOrderFlag
P12DeleteStatus
P12DeleteDate
VerificationUrl
SubId
OrderSubInfo
Organization The Organization field from the certificate String/255
OrganizationCode Can be used to indicate company numbers lookup eg. For DUNS enter 1 in this field.
String/50
OrganizationInfo
OrganizationName
CreditAgency
OrganizationCode
OrganizationAddress
AddressLine1
AddressLine2
AddressLine3
City
Region
PostalCode
Country
Phone
Fax
OrganizationAddress
OrganizationInfo
Organization Info sent with Certificate request.
OrganizationInfoEV
CreditAgency
OrganizationCode
BusinessAssumedName
BusinessCategoryCode
OrganizationAddress
AddressLine1
AddressLine2
AddressLine3
City
Region
PostalCode
Country
Phone
Fax
OrganizationAddress
OrganizationInfoEV
Organization Info sent with Certificate request.
OrganizationName The name of the Organization applying for a certificate. String/255
OrganizationUnit The OrganizationalUnit name from the CSR. . String/255
GlobalSign API for MSSL Certificates v1.2 Page 46 of 47
XML Structure Description Type/Length OVCSRInfo
CommonName
OrganizationName
OrganizationUnit
Locality
StateOrProvince
Country
OVCSRInfo
Info to be used in the creation of the Certificate
ParsedCSR
DomainName
Country
Locality
Organization
OrganizationUnit
State
IsValidDomainName
ParsedCSR
Details from the CSR
Password Required for user authentication over the API String/30
Phone From one of the Contact or OrganizationAddress structures. String/30
P12DeleteDate DateTime
P12DeleteStatus Int
PKCS12File A bese64-encoded PKCS#12 String/4000
PKCS7Cert A Base64-encoded PKCS#7 String/20000
PostalCode From the Address structure. The Postal Code (e.g., Zip Code in the U.S.) for the Address
String/20
ProductCode A code for the product that a particular request relates to. Note that a partner must have a valid contract for a product code for it to be valid in a request. Also, a product code must be valid for the context of the request.
String/20
QueryRequestHeader
AuthToken
UserName
Password
AuthToken
QueryRequestHeader
The header on all Query Request operations.
QueryResponseHeader
Errors
ReturnCount
SuccessCode
Timestamp
OrderResponseHeader
Region Region, state/prov From the Address structure. This is the region of the address such as state or province. If this is a U.S. state it must have a valid 2 character abbreviation
String/255
RenewalExtentionOption To add bonus to validity period set to true. If not false. Boolean
ReOrderParameter
CSR
DNSNames
ReOrderParameter
ReOrderParameterWithoutCSR
DNSNames
PIN
KeyLength
ReOrderParameterWithoutCSR
RenewalTergetOrderID Original OrderID for renewal orders. String/50
RequestorInfo
FirstName
LastName
Function
OrganizationName
OrganizationUnit
Phone
RequestorInfo
Certificate Requestor Information
GlobalSign API for MSSL Certificates v1.2 Page 47 of 47
XML Structure Description Type/Length ResendEmailType Current values are:
ApproverEmail – resend the approver email for any QuickSSL order.
String/20
ReturnCACerts If set to true in the request message, the CACerts structure is populated in the Fulfillment structure of the response message.
Boolean
ReturnCertificateInfo If set to true in the request message, the CertificateInfo structure appears in the response message.
Boolean
ReturnCount The number of items returned in the message Int
ReturnFulfillment If set to true in the request message, the Fulfillment structure appears in the response message.
Boolean
ReturnOrderOption In the response, product information will be in details if set to true.
Boolean
SearchOrderDetail
OrderID
BaseOption
OrderKind
RequestKind
Licenses
OrderRequestDate
OrderIssueDate
OrderCanceledDate
OrderStatus
OrganizationName
Months
SubId
FQDN
SearchOrderDetail
SerialNumber The serial number of a certificate specified as a hex string. String/64
ServerCertificate
X509Cert
PKCS7Cert
ServerCertificate
SpecialInstructions Special Instructions for the order String/4000
StartDate Start date of certificate. DateTime
State The value of the State in the ParseCSRResponse. String/255
StateOrProvince String/255
SubID String/50
SubjectName The SubjectName in certificate. String/255
SuccessCode Code in the Order and Query Response Headers which indicates the success of failure of the request. A zero SuccessCode indicates a success with no warnings. A positive SuccessCode indicates a success with warnings. A negative SuccessCode indicates a failure. Note that if the Success in non-zero an accompanying Errors structure will be present.
Int
TargetCERT String/4000
TargetOrderID String/50
Timestamp A date timestamp used in a variety of contexts. Note that the XML format is: YYYY-MM-DDTHH:MM:SS.000Z (for example, 2001-01-01T24:00:00:000Z is for Jan 1, 2001 at midnight).
DateTime
TrustedOrderFlag Boolean
UserName Required for user authentication String/30
ValidityPeriod
Months
NotBefore
NotAfter
ValidityPeriod
The number of months that a certificate or site seal will be valid for. Defaults to 12 if not present.
ValidityPeriodCustomizeOption To customize the validity period set to true. If not false. Boolean
VerificationUrl OneClickSSL - A mechanism whereby a web server publishes a CSR which is randomly named, allowing for an automated verification by an external RA system. The verification url includes the location of the randomly named CSR.
String/300
X509Cert A base64-encoded certificate. String/4000
Recommended