Use this API to enroll or renew certificates.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
approverUserNames |
Mandatory |
array |
Array of valid user names. User roles must be manager, PKI admin or approvers. |
intermediateCA |
Mandatory |
object |
Intermediate Certificate Authority information. Ensure:
|
certhash |
Optional |
string |
Provide hash of the certificate. |
commonName |
Optional |
string |
Fully qualified domain name of the Web server that will receive the certificate |
serialNumber |
Optional |
string |
A short, unique identifier for each certificate generated by the certificate issuer |
certificate |
Mandatory |
object |
|
commonName |
Mandatory |
string |
Provide a wildcard character if the product name is of wildcard type. |
csr |
Mandatory |
object |
Certificate Signing Request Information |
autoGenerateCSR |
Optional |
boolean |
If this flag is set to True then Qualys will generate csr value and return private key info in the response of the API. If this field is set to True then encoded_csr field can not be set By default the value is set to False. |
encodedCSR |
Optional |
string |
A valid Encoded Certificate Signing Request |
organizationUnits |
Optional |
array |
provide value for the OU field for the certificate. |
signatureHash |
Mandatory |
string |
Certificate's signing algorithm hash. Accepted values: SHA-256, SHA-384, SHA-512 |
renewal |
Optional |
object |
Required for certificate renewal request. |
digicertPreviousOrderId |
Mandatory |
integer |
If the request is a renewal of a previous request, then add the previous request id. |
renewalOfCertificate |
Mandatory |
string |
Provide the certhash of the old certificate for which this renewal request is required. Ensure:
|
validity |
Mandatory |
object |
Provide any one of the following values: customExpirationDate, validityYears and validityDays params Make sure only one value is provided in a request. |
customExpirationDate |
Optional |
date |
Expiry date of the certificate. |
validityYears |
Optional |
integer |
Number of years that the certificate is valid. |
validityDays |
Optional |
integer |
Number of days that the certificate is valid. |
digicertOrganizationId |
Mandatory |
integer |
Get organization id using List DigiCert OrganizationsAPI |
digicertProductNameId |
Mandatory |
integer |
Get product name id using List DigiCert ProductsAPI |
digicertEVApproverUserIds |
Optional |
array |
Required when product name is of EV type. Get EV Approvers user id using List Digicert EV ApproversAPI |
comment |
Optional |
string |
Any additional comments. |
API Request
curl -X POST
"<qualys_base_url>/certview/v1/certificates/digicert/orders"
-H "Accept: application/json"
-H "Content-Type: application/json"
-d '{ "approverUserNames": [ "doe_john" ], "certificate": { "commonName": "example.com", "csr": { "autoGenerateCSR": true }, "organizationUnits": [ "QA" ], "signatureHash": "SHA-256" }, "comment": "api test", "digicertOrganizationId": 525858, "digicertProductNameId": "private_ssl_plus", "intermediateCA": { "certhash": "a52d05988b61a33d6ac3edb449eb47150fa5b7a26c7dfc4e61f905ca36e165ee" }, "validity": { "validityYears": 1 } }' -H "Authorization: Bearer <jwt token>"
Response
{
"uuid": "cb95d100-ec30-11ea-920d-eb66140967e3",
"intermediateCA": {
"name": "DigiCert Test SHA2 Intermediate CA-1",
"certhash": "a52d05988b61a33d6ac3edb449eb47150fa5b7a26c7dfc4e61f905ca36e165ee"
},
"approverUserNames": [
"doe_john"
],
"requesterUserName": "doe_john",
"certificate": {
"commonName": "example.com",
"organizationUnits": [
"QA"
],
"signatureHash": "SHA-256",
"encodedCSR": "string",
"privateKey": "string",
"dnsNames": null
},
"renewal": null,
"validity": {
"validityYears": 1,
"validityDays": null,
"customExpirationDate": null
},
"digicertOrganization": {
"id": 525858
},
"digicertProductNameId": "private_ssl_plus",
"digicertEVApproverUserIds": null,
"status": "SUBMITTED",
"caStatus": "",
"created": "2020-09-01T08:54:50.473+0000",
"updated": "2020-09-01T08:54:50.473+0000"
}