This is a series of articles dedicated to demonstrating how to get acquainted with Openprovider SSL API methods. If you want to go the beginning of this guide, please navigate to the article "1 Choosing a product".
To get more information about our API in general, please use our documentation portal as your reference.
"CSR" means "Certificate Signing Request" - it is a mandatory attribute of any SSL Certificate and it stores information about certificate requestor, protected domain(s), organization, department, etc.
CSR looks like a sequence of encoded symbols and included when SSL orders are submitted to the CA.
The Openprovider API allows you to create a unique CSR which can be used for ordering an SSL certificate.
POST {base_url}/ssl/csr
REQUEST VALUES↓
Name |
Type |
Values |
Description |
---|---|---|---|
bits | integer | 2048 or 4096 | Current browsers should all support certs up to 4096. Advisories recommend 2048 for now. Security experts are projecting that 2048 bits will be sufficient for commercial use until around the year 2030. Mandatory parameter. |
common_name | string | Value of domain name | The domain name you going to protect. Mandatory parameter. |
country | string | two letters | Company country code. Check available codes. Mandatory parameter. |
string | Email address value | Requester email address (e.g. director@comany.com). Mandatory parameter. |
|
locality | string | Text address data | Company location, e.g. street name and number. |
organization | string | Text organization name | Organization name, use legal entity. |
signature_hash_alogirth | string | sha1 (deprecated) or sha2 (default) | The redundant field can be used as 'sha2'. |
state | string | Text data | Used for locations with the state, but can be used as a city also. |
subjectAlternativeName | string | Text data | Additional domains in the case of Multi-domain. |
unit | string | Text data | Organization unit, if empty could be left blank or 'IT' used. |
with_config | boolean | true or false | Config file for OpenSSL command dumped out when subjectAlternativeName domains are included. Mandatory parameter. |
REQUEST EXAMPLE↓
curl -X POST \
https://api.openprovider.eu/v1beta/ssl/csr \
-H 'Authorization: Bearer 6bd4341f86e18e1b725b0ad2d72cce8d' \
-H 'Content-Type: application/json' \
-d '{
"bits": 2048,
"common_name": "ssl-123-domain.com",
"country": "NL",
"email": "admin@ssl-123-domain.com",
"locality": "Haalem",
"organization": "Openprovider B.V.",
"signature_hash_algorithm": "sha2",
"state": "Noord-Holland",
"subject_alternative_name": [
"www.ssl-123-domain.com"
],
"unit": "IT",
"with_config": false
}'
RESPONSE EXAMPLE↓
{
"data": {
"command": "openssl req -new -sha256
-newkey rsa:2048 -nodes -config alt.names.cfg
-out your.csr -keyout your.private.key
-subj
\"/C=NL/ST=Noord-Holland/L=Haalem/O=Openprovider
B.V./OU=IT/CN=ssl-123-domain.com/emailAddress=admin@ssl-123-domain.com\"",
"key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwg
gSkAgEAAoIBAQDNUhGr0aSbrb42\nC1bfvYzfbnDCR0PCYIqXsplAe4yx4EPTVa37ureKxZUMP
hfVbsZRpPG9zxWSlpy\nvMsF/mU47t4pCCCoG0pTkAk3wVHGsYwUFRj30PBBqrMAspkUkhjaF6
NkbcykS8mE\nkIHdam7a7Rx3lFwinauF4VmDKVERm+MtoaSiUKVAHEddivaXV2YZAc5i3cuu2b
gW\nkTFQfZ+JUJXAwzqFUd8Hf9GzbEK75q7t2xO6tNedaV7MaI2khcEs+7helaP8rWxE\nuEBA
6UI+/QD/1HcN2yF+lQV0hzL1s1wIigFf/CIB9dLpVb4C80tlwcDbZK8o+sxO\naOv5if6JAgMB
AAECggEBAJCTraXTZZnJ6hqcOXwrOTtLxVLIY8pHuM/BD3D8jsHi\nLWBvAKg1fnDVWHMD68EV
2T2fGQgNqAsLKE2K61s5G4XPjdhOxNAbB2d4EUWVd0P2\nWbD6ei5mjgdvb8SZ/nkhtyY7Zu6c
8nDufOQ/7XJAM/cs59K8QXSOme0YFbPqMA+4\n9n1jD6XvoXDJKKaJu2kBJJWo4YBUposUoe5
oLN6BhwbFJpMlHfiGYIf8xfWZCYyE\nweRBBSi/vcQbpXxzve6jz4IT1Ag1TkjovrnGKZwZea
DGXjqWQEFAFcxpvHtZ9WXW\no+ffHrEi1BbDKlzpJMKDzxvvrwfU9gCgc7nue2gsghECgYEA6
WTmTv+gJS2gfRtV\nsD/sYTqGm3x+ziScLP18P6c/BNNonkE87vcKDImKlomqQr16RV8HPKRKj
T74cWkh\naxKZJWT6q92EmL1SSeRJjUXfVrVNc0uSmMwtgpHl4I0FojftGaz8AA9LqQBWj1zC\
nbI+Jde9kmtssrJG5rS8/qnovV6sCgYEA4TUTCzTbBM6uJvfLJ2Tn+zkpWLQ7q8X0\n9Lmnxpl
BPIO8Fzo6gwrlDQ8i7j3Bj5hzNgzvs8vl3zd9og3RwvyaAeMDKtZESa0n\nqB7yQ5Ova/rw3Nl
ERWVhEodp+X7kMYcCt0KTI41Y0URqpXiKhZkWhokqQGMHUPSM\nKhegbZhtvpsCgYEA5MzUdod
kgG3tUhgU9baEzYApa44tZXtAW16YinIzdlCl09aS\nnJUzlbzUTuVgMxM7JXyWRJ2utC8SMWP
lrejKl30ZvJhpn66hV+zjKgpgesk7xxZD\n/WTUDJdoqqy05CU9W5lYZdqYynGZaet+chx4nlP
z5VeNwRMO2jdii4ZCmQcCgYBt\naNqCpEAPWtWyqsmwrs4g98lFhfJDZl22EwgWbNgLrThQ1II
erclPid3/flMuDvNR\n/ADsCY/43L2VYD9bCltLtV0Rj50Hai8M91PdTr93pycjNA595F2/obf
zdRkpkpzY\nKWjQadgPeryQ/TnW4+PUooi7VSD1zIjX3jibZeVTJwKBgEwHwKQo8XUP1PQ9ogP
Q\nLZQElwlzKrCuzIgYgAhxtohF/7mpohPg15SWgf6cztgUVka/jBObZV0tLnNykWU3\n5wnF6
rSUD4TECZLU0dA4o4Js8cXjnypFMAMfL6sxqCA1qVGLaZFiUcFYf8wA1IEP\ndJ9rB7SWCEtiM
53WVQrPLdkD\n-----END
PRIVATE KEY-----\n",
"csr": "-----BEGIN CERTIFICATE REQUEST-----
MIIDNzCCAh8CAQAwgaUxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1Ib2xs
YW5kMQ8wDQYDVQQHEwZIYWFsZW0xGjAYBgNVBAoTEU9wZW5wcm92aWRlciBCLlYu
MQswCQYDVQQLEwJJVDEbMBkGA1UEAxMSc3NsLTEyMy1kb21haW4uY29tMScwJQYJ
KoZIhvcNAQkBFhhhZG1pbkBzc2wtMTIzLWRvbWFpbi5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQD4t7KW7vJ8Zjw9xZMo1iU4ez7pdPPglmSNNRAk
iJXzTda9cIYPjwxduUR7A8EsgxFT/jQ99Gmjyq85liSX45z88eT5a7f84alEfCui
MzZh9DUK6Y8nigATFnjOohJhkEXXay8K0fY7/DXD6dSqJYJkhqULedsvB64ofip0
0ab8PlgOkdphcLUxKOGcpt8xWpzgKpMTJJnmRVkI7rkikYAU7BWxtJ5tcg/lEFcl
ruh/WUxeBH6qJMZ5xHZ2Z1EWLjiVGb6Mw+sYBUky4WDX9xefv2wl48dEA3opWR9e
vTL/8Omo7xDk3vN4nEOAl9cT8gidVHuA+YOLMczLLrhP8LRPAgMBAAGgTDBKBgkq
hkiG9w0BCQ4xPTA7MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMCEGA1UdEQQaMBiC
Fnd3dy5zc2wtMTIzLWRvbWFpbi5jb20wDQYJKoZIhvcNAQELBQADggEBAJVyt+D8
BDxcQhuT4kOd8A2u0a+T0PAXX7uJcu1AkJr1gMS6tym118nmjXLilgSsL3IarRq2
1taUMoxlyZuXe38IztCBuUxpKiZz6Ltx5yUrQZaFNNOVsHNjXHe5oajVA1f7dmoI
Ia3E/fpeHpoPzbWdTv1bfMHuAfHIRqVuTHG78T4fJh4JFXfyHfVbLUN5wc9D7oPo
amGOFSUZoY/HLwfGf1zJMqsF9HEreCVmhWGoIHknzKbIhe7sngzR1We3aafNAUOd
Q3gov4okpEI8yurKRrGSSo1ZzWqiIew5qEkm6gNGAwVWYgZ0kgadXjJQEBdx6deZ
4eJiaV7IwubPS78=
-----END CERTIFICATE REQUEST-----"
}
}
RESPONSE VALUES↓
Name |
Values |
Description |
---|---|---|
code |
Result code number. |
API Result with code returned. 0 = Success with no errors. |
1. data | set of values | Lists CSR Generator command response data. |
1.1 command | string | OpenSSL command used to generate CSR. |
1.2 csr | string | CSR Code output. |
1.3 key | string | The individual private key for new CSR generated below. |
desc | string | The description. |
maintenance | boolean | Indicates if Openprovider is under maintenance mode. |
2. warnings | array | An array of warning messages |
2.1 code | integer | Code (digits). |
2.2 data | string | Data returned. |
2.3 desc | string | Description returned. |
After we successfully created CSR code we could submit SSL order requests.
Please note you could also transcript CSR before creating SSL order - especially if you had CSR generated on non-Openprovider sources.
That is not mandatory, but if you want please refer to CSR decode method.
Let us retrieve list of the available approvers email list in next method
"3 Retrieving list of an approver emails".