The generate operation is used for generating a certificate signing request and a private key for an SSL certificate. The generated values can be used in the install operation, which installs a certificate to a repository. To install self-signed certificates, it is enough to specify a certificate signing request and private key parts (in addition to fields such as country, and so on). To install purchased certificates, you should also specify a certificate body and certificate authority. For installation details, refer to the Installing Certificate section.
A request XML packet that generates a certificate signing request and a private key part of an SSL certificate should include the generate operation node:
<packet>
<certificate>
<generate>
...
</generate>
</certificate>
</packet>
The generate node does not have a separate data type, it is nested in type CertificateActionRequest (certificate_input.xsd
). The node has the following graphical representation:
Notes
With one packet, you can generate multiple certificates. To do this, use the required number of generate nodes in the packet:
<packet>
<certificate>
<generate>
...
</generate>
<generate>
...
</generate>
</certificate>
</packet>
Important: When creating request packets, put nodes and elements in the order they follow in the packet structure.
The generate node of the output XML packet is structured as follows:
common.xsd
).
This packet generates 2048-bit certificate that associates site johndoe.org with company Doe, Ltd. operating its business in United States, Georgia, Atlanta.
<packet>
<certificate>
<generate>
<info>
<bits>2048</bits>
<country>US</country>
<state>georgia</state>
<location>Atlanta</location>
<company>Doe, Ltd.</company>
<email>jdoe@johndoe.org</email>
<name>johndoe.org</name>
</info>
</generate>
</certificate>
</packet>
Response:
<packet>
<certificate>
<generate>
<info>
<bits>2048</bits>
<country>US</country>
<state>georgia</state>
<location>Atlanta</location>
<company>Doe, Ltd.</company>
<email>jdoe@johndoe.org</email>
<name>*.example.com</name>
</info>
</generate>
</certificate>
</packet>
This packet, using existing private key, generates 1024-bit certificate that associates site johndoe.org with company Doe BV operating its business in Germany, München.
<packet>
<certificate>
<generate>
<info>
<bits>1024</bits>
<country>DE</country>
<state>bavaria</state>
<location>muenchen</location>
<company>Doe BV</company>
<email>jdoe@johndoe.org</email>
<name>johndoe.org</name>
</info>
<PVT>-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuwEJV9KV6grOtWVGdvMyfTwBtMsb1dqSZyUzKq7ncov971fC
GawVFFjLYX+7UJjEksmVgKjPu5+EPWOH+Vrkft0XjOZMQoW0Jzq46XVJr9fmYQfU
NtVBQOXhKbcgzPy0diQI6SiQ9O/K4e+qVWZtxLCTJd/lBNw4NA3ig3pQymuEmM1t
SSZ6Hp+FF19+5SB3QZyI/jQkGx0Uohg+sOpjMogjDs1wqUgYhl4EUXGjlZedDngH
VSpMKSWmntSuyt6vY/y5AJTmtQvJLsHWgrSgvoxQhO9iNEPE5yJ+2oT8tMndhIM2
eNmLPA9z84qhmsfCP3ugWxDn84tJ9Rw/Rgs2jwIDAQABAoIBAH1fioYIt1179W4E
AiQJlJYFvxcY/QZ5TaI9fHpnXOCdHphye71+c3t6tJAfdNPqOBA5ejQR+YPOxHfr
3OO+nma3j+x1EjefMFMEuag7bDWqR9hRyWMhwmfiNv0iu6jy24JBUoAPJHAyvBCR
/97Vl05BG8ZOv1ps0nmDvZNsU/IA0TKN8LwiLYw2+cFjKFAaQPAabkpJWgDVbL6f
gcxZp0WO6G+kFDziqHvTxBe4heeE8U2V4P/vmcF/lFPU2/R+2fkooXPyvwSSF9uH
vkapMf6foLkeCGppoqRH2HxfZjqSPzH1kwxdEXqAD4EhfCWesOtwtaVvV280K/RU
MH7YtxECgYEA7d6B7acjhKxapwJI5xdFjTZ9adsGJ9mosv7JrnMVqldlxNmQdpGC
wCCBGkKgd6bBXoJrDbH2GbhlaE1Ayn/uoHYcsScggJ8zj4cHsq2AJ5zBIkJ4n/zQ
JcuFptq/FT6sb5CEUS7f499xvWde/cuAHhaQKyb+NCqOOW70zRu/9QMCgYEAyUIC
HQzE3+Xofv5ZLcGmwBRmnu3nuqNFez0iQdGyQV95TzgjAOpvs3Yp6pXSmG6I6WKt
KZz0Wm0ndAGn75CR76E4NyIP4FC7OAyehiUfcp6BA7j92iMeA5ceIH1kB2bezw33
GxEh21XxE7pYPUI9x6RNNOoGiB5zzLas6YHJpIUCgYEAqBWBLlPaz1eTP0xoA5P4
O87zVCfG88XkZYeRMEp2VsYnTbCHWqF8CRNu5wWJqsMVBRmXWDgWtRoN3mQokm9Q
SebsY2pIl1rn7lX2ZJYhZtxnxTO/VR4qX2qvaLZOLE77PmKafVtoLfeowbQX9bMl
Nx2uhi+plWc01PTI217uh80CgYEAomuM/RjDAdavjV2DZvPzuOw97WEeNHdzqYOq
0+eBrlR4uEAbr6+DOhfQuCr1bGM4RvGFwiGS6i9ROcPkXegUfoljrsrkeSluDkvQ
2322JXBZukFfTN4uaMNaYuoPAhI5Gmyw0b0/z51KE5u9fqKo7Sdhz6RWZR/+YGXE
oiZGL2kCgYBRi0j2Fe3ZxX6PWYogmS17pZdta6Dyuh90w4dfYyEM8RtHo67L6i4j
pYpvyiF7C4Rklh3+MJfk1VkqQGNmPAT2H1eK4fQ6LH14t8oiFJbCok/SnKC2BUMt
UJLKqgqP591cN0xpbdH/9k1nGdNxi9z1myA7gSrKNIzSnQFSqn4lAg==
-----END RSA PRIVATE KEY-----
</PVT>
</generate>
</certificate>
</packet>
This request packet is incorrect because country node contains a full country name, not a country nomination in accordance with ISO 3166.
<packet>
<certificate>
<generate>
<info>
<bits>1024</bits>
<country>Germany</country>
<state>bavaria</state>
<location>muenchen</location>
<company>Doe BV</company>
<email>jdoe@johndoe.org</email>
<name>johndoe.org</name>
</info>
</generate>
</certificate>
</packet>