Generating Certificates

The generate operation is used for generating a certificate signing request and a private key for an SSL certificate. The generated values can be used in the install operation, which installs a certificate to a repository. To install self-signed certificates, it is enough to specify a certificate signing request and private key parts (in addition to fields such as country, and so on). To install purchased certificates, you should also specify a certificate body and certificate authority. For installation details, refer to the Installing Certificate section.

In this chapter:

Request Packet Structure

Response Packet Structure

Samples

 

Request Packet Structure

A request XML packet that generates a certificate signing request and a private key part of an SSL certificate should include the generate operation node:

<packet>
<certificate>
   <generate>
   ...
   </generate>
</certificate>
</packet>

 

The generate node does not have a separate data type, it is nested in type CertificateActionRequest (certificate_input.xsd). The node has the following graphical representation:

Certificate_generate

  • The info node is required. It contains the set of parameters required for generating certificate components. Data type: none.
  • The bits node is required. It defines the size of certificate in bits. Data type: integer. Allowed values: 1024 | 2048.
  • The country node is required. It specifies the country where your business operates. Data type: string. Value restrictions: two-letters upper-case country nomination in accordance with ISO 3166.
  • The state node is required. It specifies the state or province where your business operates. Data type: string. Value restrictions: full name of state/ province in lower case (e.g., "california"), or two-letters upper-case indication (e.g., "CA").
  • The location node is required. It specifies the name of the city where your business operates. Data type: string.
  • The company node is required. It specifies the name of the company with which the certificate will be associated. Data type: string.
  • The dept node is optional. It specifies the company department. Data type: string.
  • The email node is required. It specifies your email address that will be used for generating CSR component of the certificate. Data type: string.
  • The name node is required. It specifies the name of the site with which the certificate should be associated. Data type: string.
  • The PVT node is optional. It defines the private key part of the certificate. Data type: string.

Notes

With one packet, you can generate multiple certificates. To do this, use the required number of generate nodes in the packet:

<packet>
<certificate>
   <generate>
    ...
   </generate>
   <generate>
    ...
   </generate>
</certificate>
</packet>

Important: When creating request packets, put nodes and elements in the order they follow in the packet structure.

 

Response Packet Structure

The generate node of the output XML packet is structured as follows:

  • The result node is required. It wraps the response retrieved from the server. Data Type: resultType (extension) (common.xsd).
  • The status node is required. Specifies the execution status of the generate operation. Data type: string. Allowed values: ok | error.
  • The errcode node is optional. Is used to return the error code when the generate operation fails. Data type: unsignedInt.
  • The errtext node is optional. Can be used to return the error message if the generate operation fails. Data type: string.
  • The csr node is required. It contains the CSR component of the generated certificate. Data Type: string.
  • The pvt node is optional. It contains the Private Key component of the generated certificate. Data Type: string.

 

 

Samples

This packet generates 2048-bit certificate that associates site johndoe.org with company Doe, Ltd. operating its business in United States, Georgia, Atlanta.

<packet>
<certificate>
<generate>
   <info>
      <bits>2048</bits>
      <country>US</country>
      <state>georgia</state>
      <location>Atlanta</location>
      <company>Doe, Ltd.</company>
      <email>jdoe@johndoe.org</email>
      <name>johndoe.org</name>
   </info>
</generate>
</certificate>
</packet>

Response:

<packet>
<certificate>
<generate>
   <info>
      <bits>2048</bits>
      <country>US</country>
      <state>georgia</state>
      <location>Atlanta</location>
      <company>Doe, Ltd.</company>
      <email>jdoe@johndoe.org</email>
      <name>*.example.com</name>
   </info>
</generate>
</certificate>
</packet>

This packet, using existing private key, generates 1024-bit certificate that associates site johndoe.org with company Doe BV operating its business in Germany, München.

<packet>
<certificate>
<generate>
   <info>
      <bits>1024</bits>
      <country>DE</country>
      <state>bavaria</state>
      <location>muenchen</location>
      <company>Doe BV</company>
      <email>jdoe@johndoe.org</email>
      <name>johndoe.org</name>
   </info>
   <PVT>-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuwEJV9KV6grOtWVGdvMyfTwBtMsb1dqSZyUzKq7ncov971fC
GawVFFjLYX+7UJjEksmVgKjPu5+EPWOH+Vrkft0XjOZMQoW0Jzq46XVJr9fmYQfU
NtVBQOXhKbcgzPy0diQI6SiQ9O/K4e+qVWZtxLCTJd/lBNw4NA3ig3pQymuEmM1t
SSZ6Hp+FF19+5SB3QZyI/jQkGx0Uohg+sOpjMogjDs1wqUgYhl4EUXGjlZedDngH
VSpMKSWmntSuyt6vY/y5AJTmtQvJLsHWgrSgvoxQhO9iNEPE5yJ+2oT8tMndhIM2
eNmLPA9z84qhmsfCP3ugWxDn84tJ9Rw/Rgs2jwIDAQABAoIBAH1fioYIt1179W4E
AiQJlJYFvxcY/QZ5TaI9fHpnXOCdHphye71+c3t6tJAfdNPqOBA5ejQR+YPOxHfr
3OO+nma3j+x1EjefMFMEuag7bDWqR9hRyWMhwmfiNv0iu6jy24JBUoAPJHAyvBCR
/97Vl05BG8ZOv1ps0nmDvZNsU/IA0TKN8LwiLYw2+cFjKFAaQPAabkpJWgDVbL6f
gcxZp0WO6G+kFDziqHvTxBe4heeE8U2V4P/vmcF/lFPU2/R+2fkooXPyvwSSF9uH
vkapMf6foLkeCGppoqRH2HxfZjqSPzH1kwxdEXqAD4EhfCWesOtwtaVvV280K/RU
MH7YtxECgYEA7d6B7acjhKxapwJI5xdFjTZ9adsGJ9mosv7JrnMVqldlxNmQdpGC
wCCBGkKgd6bBXoJrDbH2GbhlaE1Ayn/uoHYcsScggJ8zj4cHsq2AJ5zBIkJ4n/zQ
JcuFptq/FT6sb5CEUS7f499xvWde/cuAHhaQKyb+NCqOOW70zRu/9QMCgYEAyUIC
HQzE3+Xofv5ZLcGmwBRmnu3nuqNFez0iQdGyQV95TzgjAOpvs3Yp6pXSmG6I6WKt
KZz0Wm0ndAGn75CR76E4NyIP4FC7OAyehiUfcp6BA7j92iMeA5ceIH1kB2bezw33
GxEh21XxE7pYPUI9x6RNNOoGiB5zzLas6YHJpIUCgYEAqBWBLlPaz1eTP0xoA5P4
O87zVCfG88XkZYeRMEp2VsYnTbCHWqF8CRNu5wWJqsMVBRmXWDgWtRoN3mQokm9Q
SebsY2pIl1rn7lX2ZJYhZtxnxTO/VR4qX2qvaLZOLE77PmKafVtoLfeowbQX9bMl
Nx2uhi+plWc01PTI217uh80CgYEAomuM/RjDAdavjV2DZvPzuOw97WEeNHdzqYOq
0+eBrlR4uEAbr6+DOhfQuCr1bGM4RvGFwiGS6i9ROcPkXegUfoljrsrkeSluDkvQ
2322JXBZukFfTN4uaMNaYuoPAhI5Gmyw0b0/z51KE5u9fqKo7Sdhz6RWZR/+YGXE
oiZGL2kCgYBRi0j2Fe3ZxX6PWYogmS17pZdta6Dyuh90w4dfYyEM8RtHo67L6i4j
pYpvyiF7C4Rklh3+MJfk1VkqQGNmPAT2H1eK4fQ6LH14t8oiFJbCok/SnKC2BUMt
UJLKqgqP591cN0xpbdH/9k1nGdNxi9z1myA7gSrKNIzSnQFSqn4lAg==
-----END RSA PRIVATE KEY-----
   </PVT>
</generate>
</certificate>
</packet>

 

This request packet is incorrect because country node contains a full country name, not a country nomination in accordance with ISO 3166.

<packet>
<certificate>
<generate>
   <info>
      <bits>1024</bits>
      <country>Germany</country>
      <state>bavaria</state>
      <location>muenchen</location>
      <company>Doe BV</company>
      <email>jdoe@johndoe.org</email>
      <name>johndoe.org</name>
   </info>
</generate>
</certificate>
</packet>

 

 

Leave your comments on this page

Leave your feedback or question on this documentation topic below. For technical assistance, contact your hosting service provider or submit a request to Plesk support. Suggest new features for Plesk here. Discuss general questions on the Plesk forum. All offtopic comments will be removed.