4 Creating SSL Order

This is a series of articles dedicated to demonstrating how to get acquainted with Openprovider SSL API methods. If you want to go the beginning of this guide, please navigate to the article "1 How to choose a product".

To get more information about our API in general, please use our documentation portal as your reference.

Using the previous method "3 Retrieving list of an approver emails" we extracted one of the mandatory values - an approver email that can be used as one of the parameters of our creation request.
After collecting all the required information for creating an SSL certificate order, let's check what we have:
1. CSR
2. Approver email address
Please note, one more action is required before submitting a request: you will need to provide a "handle" - this is how Openprovider calls a contact person from your reseller account.
Please refer to this guide if you do not have a handle in your Openprovider account yet.
After a handle has been created, please move on to submitting a request.
There are two ways to create an order:
  • send certificate request to the Certificate Authority (CA) immediately (status of the certificate will be REQ). In this case you will not be able to edit certificate data further (e.g. domain name, contact data, etc.). To choose this variant you should send start_provision = true.
  • create certificate only in Openprovider without sending request to the CA immediately (status of the certificate will be PAI). In this case you will be able to update any certificate data (instead of the parameters that correspond to the chosen product). To choose this variant you should send start_provision = false (it is default value). To send request to the CA you will need to use update SSL order request with start_provision = true.
Entering Geo Fence iconUse endpoint path below. Base URL is determined by both the target environment and API version.
POST {base_url}/ssl/orders/






 product_id  integer    Checklist of products ID available. 

 Mandatory parameter. The ID of the product order will be created for.

 period   integer    1 or 2

 Mandatory parameter. Period of the certificate lifetime.

 domain_amount  integer   

 Optional parameter. The domains amount should be included. Required for the multi-domain certificates. If it is not provided will be set to the included_domains_count (check product description) in case of start_provision = 0 and to the amount of the sent domains in case of start_provision = 1.

 csr  string  

 Mandatory parameter. Certificate signing request including information regarding the further certificate. Been already generated before.

 host_names  array  Array of strings

 Optional parameter. Array of hostnames. This parameter is optional, and only allowed in combination with a multi domain SSL certificate. If passed, the hostnames in this parameter will override any hostnames in the CSR, except for the common name.

 1. domain_validation_methods  array  

 Optional parameter. Allows to select a specific method for Domain Validation. Hostnames in the array must be equal to hostnames specified in the request (commonName and SANs from the CSR and hostnames).

  1.1 host_name   string    Mandatory parameter. Hostname specified in the request (commonName and SANs from the CSR and hostnames).
  1.2 method  string   Mandatory parameter. The validation method (e.g. 'https'). Check DCV methods description for more details.
  approver_email  string   Email address.   Optional parameter. Valid email address
(e.g. admin@example.com).
 signature_hash_algorithm   string sha1 (deprecated) or sha2 (default)  Mandatory parameter. Hashing algorithm of the further certificate.
Use sha2 or leave blank as by default.
 software_id  string   linux or windows.  Mandatory parameter. Software used on a host where the certificate will be installed.
 start_provision   boolean   true or false (default).  Optional parameter. If false then request won't be sent to CA (will stay in status PAI and to change it you'll need to use update order sending start_provision = true) and it will be sent to CA in a case of true.
 organization_handle  string Handle from reseller account.  Mandatory parameter. Contact of the certificate owner person with organization data
(e.g. XY123456-ZW).
 technical_handle  string  Handle from reseller account.

 Optional parameter. Contact of certificate technical person
(e.g. XY123456-ZW).

 autorenew  string  "on" or "off" (default)  Indicates if the certificate should be automatically renewed (check renew process description for the details).


curl -X POST \
https://api.cte.openprovider.eu/v1beta/ssl/orders \
-H 'Authorization: Bearer deb4bf804928981b018caf45c3c4142b' \
-H 'Content-Type: application/json' \
-d '{
"approver_email": "admin@ssl-123-domain.com",
"autorenew": "off",
4eJiaV7IwubPS78=\n-----END CERTIFICATE REQUEST-----",
"domain_amount": 1,
"domain_validation_methods": [
"host_name": "ssl-123-domain.com",
"method": "dns"
"organization_handle": "IA900531-NL",
"period": 1,
"product_id": 5,
"signature_hash_algorithm": "sha2",
"software_id": "linux",
"start_provision": false,
"technical_handle": "IA900531-NL"


"code": 0,
"data": {
"id": 1
"desc": ""






numeric value

API Result with code returned.
0 = Success with no errors.

1. data

SSL Create Order operation response data. Set of values with data returned.

1.1 id

Openprovider order ID. Openprovider order number assigned to request.


Description string (if exist). Description (if presented).


True or False. The maintenance: True or False.

2. warnings

An array of warning messages. An array of boolean and string data returned if maintenance is in progress.

2.1 code

integer Code value (digits).

2.2 data

string Data value returned.

2.3 desc

string The description value returned.

Once we created our SSL Order in status PAI and we got from the response it's ID that is "1".
Using the next method we will retrieve our order with all data included.
Check "5 Retrieving SSL Orders".
It can be helpful in a case if you want to check your order status and current parameters, such as status, checksum, validation methods, DNS records should be created to approve ownership (in a case of DNS validation), etc.

Was this article helpful?
Additional questions? Submit a request