Knowledge Base

Check for answers to your questions by searching by keywords, or check categories below.

2 Creating a CSR

This is a series of articles dedicated to demonstrating how to get acquainted with Openprovider SSL API methods. If you want to go the beginning of this guide, please navigate to the article "1 Choosing a product".

To get more information about our API in general, please use our documentation portal as your reference.

Using the previous method "1 Choosing a product" we retrieved all appropriate "RapidSSL" product parameters.
"CSR" means "Certificate Signing Request" - it is a mandatory attribute of any SSL Certificate and it stores information about certificate requestor, protected domain(s), organization, department, etc.
CSR looks like a sequence of encoded symbols and included when SSL orders are submitted to the CA.
The Openprovider API allows you to create a unique CSR which can be used for ordering an SSL certificate.

Important: once you have got the response you should store the returned value of the Private key. It will be required to set up the issued certificate on the server.
Entering Geo Fence iconUse endpoint path below. Base URL is determined by both the target environment and API version.
POST {base_url}/ssl/csr

REQUEST VALUES

 Name

Type

Values

Description

 bits  integer  2048 or 4096  Current browsers should all support certs up to 4096. Advisories recommend 2048 for now. Security experts are projecting that 2048 bits will be sufficient for commercial use until around the year 2030.
Mandatory parameter.
 common_name  string  Value of domain name  The domain name you going to protect.
Mandatory parameter.
 country  string  two letters  Company country code.
Check available codes.
Mandatory parameter.
 email  string  Email address value  Requester email address
(e.g. director@comany.com).
Mandatory parameter.
 locality  string  Text address data  Company location, e.g. street name and number.
 organization   string  Text organization name  Organization name, use legal entity.
 signature_hash_alogirth  string  sha1 (deprecated) or sha2 (default)  The redundant field can be used as 'sha2'.
 state  string  Text data  Used for locations with the state, but can be used as a city also.
 subjectAlternativeName  string   Text data  Additional domains in the case of Multi-domain.
 unit  string  Text data  Organization unit, if empty could be left blank or 'IT' used.
 with_config  boolean  true or false  Config file for OpenSSL command dumped out when subjectAlternativeName domains are included.
Mandatory parameter.

REQUEST EXAMPLE

curl -X POST \
https://api.cte.openprovider.eu/v1beta/ssl/csr \
-H 'Authorization: Bearer 6bd4341f86e18e1b725b0ad2d72cce8d' \
-H 'Content-Type: application/json' \
-d '{
"bits": 2048,
"common_name": "ssl-123-domain.com",
"country": "NL",
"email": "admin@ssl-123-domain.com",
"locality": "Haalem",
"organization": "Openprovider B.V.",
"signature_hash_algorithm": "sha2",
"state": "Noord-Holland",
"subject_alternative_name": [
"www.ssl-123-domain.com"
],
"unit": "IT",
"with_config": false
}'

RESPONSE EXAMPLE

{
"data": {
"command": "openssl req -new -sha256
-newkey rsa:2048 -nodes -config alt.names.cfg
-out your.csr -keyout your.private.key
-subj
\"/C=NL/ST=Noord-Holland/L=Haalem/O=Openprovider
B.V./OU=IT/CN=ssl-123-domain.com/emailAddress=admin@ssl-123-domain.com\"",
"key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwg
gSkAgEAAoIBAQDNUhGr0aSbrb42\nC1bfvYzfbnDCR0PCYIqXsplAe4yx4EPTVa37ureKxZUMP
hfVbsZRpPG9zxWSlpy\nvMsF/mU47t4pCCCoG0pTkAk3wVHGsYwUFRj30PBBqrMAspkUkhjaF6
NkbcykS8mE\nkIHdam7a7Rx3lFwinauF4VmDKVERm+MtoaSiUKVAHEddivaXV2YZAc5i3cuu2b
gW\nkTFQfZ+JUJXAwzqFUd8Hf9GzbEK75q7t2xO6tNedaV7MaI2khcEs+7helaP8rWxE\nuEBA
6UI+/QD/1HcN2yF+lQV0hzL1s1wIigFf/CIB9dLpVb4C80tlwcDbZK8o+sxO\naOv5if6JAgMB
AAECggEBAJCTraXTZZnJ6hqcOXwrOTtLxVLIY8pHuM/BD3D8jsHi\nLWBvAKg1fnDVWHMD68EV
2T2fGQgNqAsLKE2K61s5G4XPjdhOxNAbB2d4EUWVd0P2\nWbD6ei5mjgdvb8SZ/nkhtyY7Zu6c
8nDufOQ/7XJAM/cs59K8QXSOme0YFbPqMA+4\n9n1jD6XvoXDJKKaJu2kBJJWo4YBUposUoe5
oLN6BhwbFJpMlHfiGYIf8xfWZCYyE\nweRBBSi/vcQbpXxzve6jz4IT1Ag1TkjovrnGKZwZea
DGXjqWQEFAFcxpvHtZ9WXW\no+ffHrEi1BbDKlzpJMKDzxvvrwfU9gCgc7nue2gsghECgYEA6
WTmTv+gJS2gfRtV\nsD/sYTqGm3x+ziScLP18P6c/BNNonkE87vcKDImKlomqQr16RV8HPKRKj
T74cWkh\naxKZJWT6q92EmL1SSeRJjUXfVrVNc0uSmMwtgpHl4I0FojftGaz8AA9LqQBWj1zC\
nbI+Jde9kmtssrJG5rS8/qnovV6sCgYEA4TUTCzTbBM6uJvfLJ2Tn+zkpWLQ7q8X0\n9Lmnxpl
BPIO8Fzo6gwrlDQ8i7j3Bj5hzNgzvs8vl3zd9og3RwvyaAeMDKtZESa0n\nqB7yQ5Ova/rw3Nl
ERWVhEodp+X7kMYcCt0KTI41Y0URqpXiKhZkWhokqQGMHUPSM\nKhegbZhtvpsCgYEA5MzUdod
kgG3tUhgU9baEzYApa44tZXtAW16YinIzdlCl09aS\nnJUzlbzUTuVgMxM7JXyWRJ2utC8SMWP
lrejKl30ZvJhpn66hV+zjKgpgesk7xxZD\n/WTUDJdoqqy05CU9W5lYZdqYynGZaet+chx4nlP
z5VeNwRMO2jdii4ZCmQcCgYBt\naNqCpEAPWtWyqsmwrs4g98lFhfJDZl22EwgWbNgLrThQ1II
erclPid3/flMuDvNR\n/ADsCY/43L2VYD9bCltLtV0Rj50Hai8M91PdTr93pycjNA595F2/obf
zdRkpkpzY\nKWjQadgPeryQ/TnW4+PUooi7VSD1zIjX3jibZeVTJwKBgEwHwKQo8XUP1PQ9ogP
Q\nLZQElwlzKrCuzIgYgAhxtohF/7mpohPg15SWgf6cztgUVka/jBObZV0tLnNykWU3\n5wnF6
rSUD4TECZLU0dA4o4Js8cXjnypFMAMfL6sxqCA1qVGLaZFiUcFYf8wA1IEP\ndJ9rB7SWCEtiM
53WVQrPLdkD\n-----END PRIVATE KEY-----\n", "csr": "-----BEGIN CERTIFICATE REQUEST-----
MIIDNzCCAh8CAQAwgaUxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1Ib2xs
YW5kMQ8wDQYDVQQHEwZIYWFsZW0xGjAYBgNVBAoTEU9wZW5wcm92aWRlciBCLlYu
MQswCQYDVQQLEwJJVDEbMBkGA1UEAxMSc3NsLTEyMy1kb21haW4uY29tMScwJQYJ
KoZIhvcNAQkBFhhhZG1pbkBzc2wtMTIzLWRvbWFpbi5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQD4t7KW7vJ8Zjw9xZMo1iU4ez7pdPPglmSNNRAk
iJXzTda9cIYPjwxduUR7A8EsgxFT/jQ99Gmjyq85liSX45z88eT5a7f84alEfCui
MzZh9DUK6Y8nigATFnjOohJhkEXXay8K0fY7/DXD6dSqJYJkhqULedsvB64ofip0
0ab8PlgOkdphcLUxKOGcpt8xWpzgKpMTJJnmRVkI7rkikYAU7BWxtJ5tcg/lEFcl
ruh/WUxeBH6qJMZ5xHZ2Z1EWLjiVGb6Mw+sYBUky4WDX9xefv2wl48dEA3opWR9e
vTL/8Omo7xDk3vN4nEOAl9cT8gidVHuA+YOLMczLLrhP8LRPAgMBAAGgTDBKBgkq
hkiG9w0BCQ4xPTA7MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMCEGA1UdEQQaMBiC
Fnd3dy5zc2wtMTIzLWRvbWFpbi5jb20wDQYJKoZIhvcNAQELBQADggEBAJVyt+D8
BDxcQhuT4kOd8A2u0a+T0PAXX7uJcu1AkJr1gMS6tym118nmjXLilgSsL3IarRq2
1taUMoxlyZuXe38IztCBuUxpKiZz6Ltx5yUrQZaFNNOVsHNjXHe5oajVA1f7dmoI
Ia3E/fpeHpoPzbWdTv1bfMHuAfHIRqVuTHG78T4fJh4JFXfyHfVbLUN5wc9D7oPo
amGOFSUZoY/HLwfGf1zJMqsF9HEreCVmhWGoIHknzKbIhe7sngzR1We3aafNAUOd
Q3gov4okpEI8yurKRrGSSo1ZzWqiIew5qEkm6gNGAwVWYgZ0kgadXjJQEBdx6deZ
4eJiaV7IwubPS78=
-----END CERTIFICATE REQUEST-----" } }

RESPONSE VALUES

Name

Values

Description

code

Result code number.

API Result with code returned.
0 = Success with no errors.
1. data set of values Lists CSR Generator command response data.
1.1 command string OpenSSL command used to generate CSR.
1.2 csr string  CSR Code output.
1.3 key string The individual private key for new CSR generated below.
desc string The description.
maintenance boolean Indicates if Openprovider is under maintenance mode.
2.  warnings array An array of warning messages
2.1 code integer Code (digits).
2.2 data string Data returned.
2.3 desc string Description returned.

After we successfully created CSR code we could submit SSL order requests.
Please note you could also transcript CSR before creating SSL order - especially if you had CSR generated on non-Openprovider sources.
That is not mandatory, but if you want please refer to CSR decode method.
Let us retrieve list of the available approvers email list in next method
"3 Retrieving list of an approver emails".

Was this article helpful?
3 out of 3 found this helpful