Generating Certificates
The generate operation is used for generating a certificate signing request and a private key for an SSL certificate. The generated values can be used in the install operation, which installs a certificate to a repository. To install self-signed certificates, it is enough to specify a certificate signing request and private key parts (in addition to fields such as country, and so on). To install purchased certificates, you should also specify a certificate body and certificate authority. For installation details, refer to the Installing Certificate section.
Request Packet Structure
A request XML packet that generates a certificate signing request and a private key part of an SSL certificate should include the generate operation node:
The generate node does not have a separate data type, it is nested in type CertificateActionRequest (certificate_input.xsd
). The node has the following graphical representation:
- The info node is required. It contains the set of parameters required for generating certificate components. Data type: none.
- The bits node is required. It defines the size of certificate in bits. Data type: integer. Allowed values: 1024 | 2048.
- The country node is required. It specifies the country where your business operates. Data type: string. Value restrictions: two-letters upper-case country nomination in accordance with ISO 3166.
- The state node is required. It specifies the state or province where your business operates. Data type: string. Value restrictions: full name of state/ province in lower case (e.g., "california"), or two-letters upper-case indication (e.g., "CA").
- The location node is required. It specifies the name of the city where your business operates. Data type: string.
- The company node is required. It specifies the name of the company with which the certificate will be associated. Data type: string.
- The dept node is optional. It specifies the company department. Data type: string.
- The email node is required. It specifies your email address that will be used for generating CSR component of the certificate. Data type: string.
- The name node is required. It specifies the name of the site with which the certificate should be associated. Data type: string.
- The PVT node is optional. It defines the private key part of the certificate. Data type: string.
Notes
With one packet, you can generate multiple certificates. To do this, use the required number of generate nodes in the packet:
Important: When creating request packets, put nodes and elements in the order they follow in the packet structure.
Response Packet Structure
The generate node of the output XML packet is structured as follows:
- The result node is required. It wraps the response retrieved from the server. Data Type: resultType (extension) (
common.xsd
). - The status node is required. Specifies the execution status of the generate operation. Data type: string. Allowed values: ok | error.
- The errcode node is optional. Is used to return the error code when the generate operation fails. Data type: unsignedInt.
- The errtext node is optional. Can be used to return the error message if the generate operation fails. Data type: string.
- The csr node is required. It contains the CSR component of the generated certificate. Data Type: string.
- The pvt node is optional. It contains the Private Key component of the generated certificate. Data Type: string.
Samples
This packet generates 2048-bit certificate that associates site johndoe.org with company Doe, Ltd. operating its business in United States, Georgia, Atlanta.
Response:
This packet, using existing private key, generates 1024-bit certificate that associates site johndoe.org with company Doe BV operating its business in Germany, München.
This request packet is incorrect because country node contains a full country name, not a country nomination in accordance with ISO 3166.