Create automation

POST
https://caas.digicert.com/automationws/v1/automation/createAutomation

Use this endpoint to set up certificate automation for a single host.

This endpoint supports:

  • Configuring automation for an ACME automation agent (agent-based automation).
  • Configuring a sensor to automate certificate requests on load balancers (agentless automation).
bash 
curl --location --request POST 'https://caas.digicert.com/automationws/v1/automation/createAutomation' \
--header 'X-DC-DEVKEY: {{api_key}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "accountId": 5153184,
    "automationActionType": "ENROLL",
    "divisionId": 677793,
    "profileName": "22jul2020 01",
    "serverLicense": 1,
    "cn": "avp1.cert-testing.com",
    "sans": "avp2.cert-testing.com,avp3.cert-testing.com",
    "serverDetails": {
        "agentLicenseKey": "FED7731D93992414",
        "ip": "172.18.172.44",
        "port": 440,
    },
    "installSettings": {
        "installationType": "AUTO_INSTALL_AFTER_APPROVAL",
        "isAlwaysOn": false
    }
}'
200 OK 
{
    "error": null,
    "data": {
        "message": "Successfully triggered certificate automation ENROLL for IP: 172.18.172.44 and Port: 440",
        "errors": [],
        "status": {}
    }
}
200 OK 
{
    "error": null,
    "data": {
        "errors": [
            {
                "errorCode": "1004",
                "errorField": "ip or port",
                "errorMessage": "No Ip-Ports specified for automation"
            }
        ],
        "status": {}
    }
}

Request parameters

Name Req/Opt Type Description
accountId required string Account ID.
automationActionType optional integer Certificate automation type.
Default: ENROLL
Allowed values:
ENROLL – Order and install a new certificate.
RENEW – Renew an existing DigiCert certificate that is about to expire.
TRANSFER – Migrate to a DigiCert certificate from another certificate authority.
divisionId required integer Division ID.
profileName optional string Automation profile name.
serverLicense optional integer Server license number.
cn optional string Common name of the certificate.
sans optional string Comma-separated list of additional subject alternative names (SANs) to secure with automated certificate requests.
additionalEmails optional string Comma-separated list of additional email IDs to send certificate lifecycle notifications.
serverDetails required object Object with server details
.. agentLicenseKey optional* string Agent license key.
*Required for ACME automation agent flow.
.. ip required string The IP address that you want to configure automation for.
.. managementIp optional string Management IP.
*Required for agentless automation flow.
For more information, see Sensor automation on F5 load balancer.
.. port required integer The port that you want to configure automation for.
.. redirectPort optional integer Change the default SSL port (443) to a custom port of your choice.
installSettings required object Object with installation settings.
.. installationType required string Certificate installation type.
Certificate installation can either be on-demand or scheduled for a specific time.
AUTO_INSTALL_AFTER_APPROVAL: Install the certificate immediately after approval (on demand).
SCHEDULED_INSTALL: Schedule the certificate installation for a later date/time.
.. isAlwaysOn required boolean Whether to auto-renew and install certificates.
If true, you must specify autoRenewSettings in your request.
Default: false
.. scheduleTime optional integer Time when automation starts.
Format: epoch in milliseconds.
An epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system.
Example: 1598299200000
NOTE: Required if the installationType is SCHEDULED_INSTALL.
.. scheduleTimeZone optional string Time zone for the automation.
Format: GMT + your timezone offset.
Example: -8#pacifictime.
NOTE: Required if the installationType is SCHEDULED_INSTALL.
.. autoRenewSettings optional object Object with auto-renew settings.
.. .. daysBeforeExpiry optional integer Number of days before expiration to renew the certificate.
Min: 1 day
Max: Less than the certificate validity.
.. .. isAutoReplace optional boolean For a revoked or missing certificate, true requests and installs the certificate on the host.
Default: false
.. .. scheduleTime optional integer Time when automatic renewal starts on the specified relative day before certificate expiry.
Format: Number of seconds (0 (00:00:00) - 86399 (23:59:59)).
Example: 82800 (23:00)
.. .. scheduleTimeZone optional string Time zone for the automation.
Format: GMT + your timezone offset.
Example: -8#pacifictime
isCertTransparent optional boolean If true, enables certificate transparency (CT) logging for the host.
Default: false
For more information, see CT log monitoring service.

Response parameters

Name Type Description
error object Object with error details.
data object Object with response data.
..message string Message with details about successful creation.
..errors array List of errors, if any.
..errorCode string Error code.
.. errorField string The field that is missing.
.. errorMessage string Error message if request failed.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.