Order EU Qualified Personal

9 minute read

POST https://certcentral.digicert.eu/services/v2/order/certificate/eu_individual

Use this endpoint to order an EU Qualified Personal certificate. EU Qualified Personal is an eIDAS certificate that is issued to a natural person and is used to apply electronic signatures. You can get an EU Qualified Personal certificate that applies qualified or advanced electronic signatures.

Warning

The EU Qualified Personal certificate is only available in CertCentral Europe. Only use the CertCentral Europe base URL, https://certcentral.digicert.eu/services/v2, to construct your EU Qualified Personal certificate API request.

Example requests and responses

curl -X POST \
  'https://certcentral.digicert.eu/services/v2/order/certificate/eu_individual' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
    "certificate": {
    "signature_hash": "sha256",
    "profile_option": "encryption",
    "common_name_indicator": "given_name_surname",
    "individual": {
      "first_name": "John",
      "last_name": "Doe",
      "pseudonym": "JohnDoe123",
      "email": "john.doe@example.com",
      "telephone": "+1-555-555-5555",
      "country": "us",
      "city": "New York City",
      "state": "New York",
      "zip": "10001"
    }
  },
  "cs_provisioning_method": "qscd",
  "ship_info": {
    "name": "John Doe",
    "addr1": "360 Taylor Street",
    "addr2": "Floor 74",
    "city": "Richmond",
    "state": "va",
    "zip": "69662",
    "country": "us",
    "method": "STANDARD"
  },
  "order_validity": {
    "years": 1
  },
  "skip_approval": "true"
  "payment_method": "balance"
}

curl -X POST \
  'https://certcentral.digicert.eu/services/v2/order/certificate/eu_individual' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
    "certificate": {
    "signature_hash": "sha256",
    "profile_option": "encryption",
    "common_name_indicator": "given_name_surname",
    "cs_provisioning_method": "csr",
    "csr": "-----BEGIN CERTIFICATE REQUEST-----MII...-----END CERTIFICATE REQUEST-----",
    "individual": {
      "first_name": "John",
      "last_name": "Doe",
      "pseudonym": "JohnDoe123",
      "email": "john.doe@example.com",
      "telephone": "+1-555-555-5555",
      "country": "us",
      "city": "New York City",
      "state": "New York",
      "zip": "10001"
    }
  },  
  "order_validity": {
    "years": 1
  },
  "skip_approval": "true"
  "payment_method": "balance"
}

{
  "id": 112233,
  "requests": [
    {
      "id": 113,
      "status": "pending"
    }
  ]
}

{
  "id": 112233,
  "requests": [
    {
      "id": 113,
      "status": "submitted"
    }
  ]
}

{
  "id": 112233,
  "requests": [
    {
      "id": 113,
      "status": "approved"
    }
  ],  
  "certificate_id": 113
}

{
  "id": 112233,  
  "certificate_id": 113
}

Request parameters

Name	Req/Opt	Type	Description
certificate	required	object	Certificate details.
.. signature_hash	required	string	Hash algorithm used for signing the certificate. EU Qualified certificates support only SHA-256 hash algorithm.
profile_option	required	string	Select a profile option that best defines the certificate usage. The options are:
common_name_indicator	required	string	Choose the source of the common name value for the certificate. Allowed valued: `given_name_surname` or `pseudonym`
individual	required	object	Information about the individual who is the intended certificate holder and who will use the certificate for digital signatures, encryption, or authentication purposes.
.. first_name	required	string	Individual’s first name (given name). This can include middle names or initials, but do not include titles or prefixes such as “Dr.”.
.. last_name	required	string	Individual’s last name (given name). This can include middle names or initials, but do not include titles or prefixes such as “Dr.”.
.. pseudonym	optional	string	Individual’s preferred or professional name (pseudonym). This can include titles, prefixes, academic or professional suffixes, abbreviations, and accrediations. Required if `common_name_indicator` is `pseudonym`.
.. email	required	string	Individual’s email address. This email address is used for processing the order request and receiving order approval notifications. This email address does not appear on the certificate. To view an email address on the certificate, enter the email address in the `subject.email` request parameter. The email address is displayed alongside the subject email on the certificate.
.. telephone	required	string	Individual’s phone number with the country code (for example, +1-555-555-5555).
.. country	required	string	Individual’s country, represented by a two-letter country code.
.. state	required	string	Individual’s state or province.
.. city	optional	string	Iindividual’s city.
.. zip	optional	string	Individual’s postal code.
provisioning_method	required	string	Specify the key provisioning method. Key provisioning method refers to where the private key and the certificate will be stored. The methods are:
ship_info	optional	object	For orders with the `provisioning_method` of `qscd`, specify the shipping address for the hardware token.
.. name	required	string	First and last name of the recipient of the order.
.. addr1	required	string	Shipping address for the token.
.. addr2	required	string	Continuation of street address.
.. city	required	string	Shipping city.
.. state	required	string	Shipping state.
.. zip	required	string	Shipping postal code.
.. country	required	string	Shipping country.
.. method	required	string	Shipping priority for the token. Allowed values: STANDARD or EXPEDITED (incurs additional cost).
.. csr	optional	string	Certificate signing request (CSR) or public key in PEM format. Format the CSR/public key as a base64-encoded string without line breaks or escape characters. Include the PEM headers and footers (such as `-----BEGIN CERTIFICATE REQUEST-----...` and `...-----END CERTIFICATE REQUEST-----`). For more information about generating a CSR, see Create a CSR. After placing the order, if the status of the order is `pending`, you can use the Update CSR endpoint to update the CSR. To check the status of the order, use the Order validation status endpoint. Note: Required if `provisioning_method` is `csr`.
container	optional	object	If needed, specify the container the order should be placed under.
.. id	required	int	Container ID.
custom_fields	optional^*	array	Account-specific custom fields. *Whether or not these fields are required depends on your custom field settings.
.. metadata_id	required	int	Custom field ID.
.. value	required	string	Value for the custom field. Data validation type depends on your custom field settings.
alternative_order_id	optional	string	A custom alphanumeric ID to assign the order. To see the `alternative_order_id` assigned to an order, use the Order info endpoint. Alternative order IDs do not replace the unique order ID that DigiCert assigns each order request. You cannot use alternative order IDs to search for or identify orders in API calls that require an `order_id` parameter in the URL path or request body. If the Require unique alternative order IDs option is enabled in your account settings, you cannot submit order requests with an alternative order ID that is already assigned to an order in your account. Use this feature to enable nonce order requests, or to prevent your integration from creating duplicate orders in cases where you do not receive a response from the API. Account administrators can toggle this option from the CertCentral console. From the Settings > Preferences page, open the Advanced Settings menu, and look for the Alternative order ID option. This parameter is always optional, even if the Require unique alternative order IDs option is enabled in your account. If a request does not use this parameter, no `alternative_order_id` value is assigned to the order. Maximum length: 64 characters Note: The Require unique alternative order IDs option may not appear in the advanced settings menu for all CertCentral accounts. To enable this option for your account, contact your account manager or our Support team.
enable_guest_access	optional	int	Whether to enable guest access for the order. This parameter is not allowed if guest access is disabled in your account settings. Allowed values:1 (enabled) or 0 (disabled) Default: The default configuration for new orders is determined by your account settings. Account administrators can change these settings from the Guest Access page in the CertCentral console.
renewed_thumbprint	optional^*	string	If order is a renewal, enter the SHA-1 thumbprint of the previous order’s primary certificate. For more information, see How to check a certificate’s thumbprint. *Renewal orders must include either a renewed_thumbprint or renewal_of_order_id value.
.. order_validity	optional	object	Defines the validity period of certificates issued for this order. Cannot exceed order validity period. If not provided, or if the certificate validity date is less than 365 days from the current date, the certificate’s validity period defaults to the validity period of the order or the maximum certificate validity period defined by CA/B Forum baseline requirements, whichever is shorter. This object is not used for requests from accounts that do not have Multi-year Plans enabled.
.. .. years	optional	int	Number of years the certificate is valid after it is issued. Can be replaced with cert_validity.days or cert_validity.custom_expiration_date. Allowed value: 1, 2, or 3
.. .. days	optional	int	Number of days the certificate is valid after it is issued. Overrides cert_validity.years. Max: 397
.. .. custom_expiration_date	optional	string	A custom expiration date for the certificate. Overrides cert_validity.days and cert_validity.years. Format: dd MMM YYYY (for example, “09 JUN 2021”) Range: Must be within 397 days of the date you request the certificate.
comments	optional	string	Comments about the order for the administrator or approver reviewing the order request. The comments value is stored on the order request. If the order skips the approval step (skip_approval is set to true), any provided comments value is ignored since CertCentral creates the order directly without creating a corresponding request.
skip_approval	optional	bool	Specify if the order should skip the approval step and be immediately submitted for validation and issued when complete. Default:
false
auto_renew	optional	int	Specify if the certificate should automatically renew. Allowed values:0 (disabled) or 1 (enabled) Default: 0
custom_renewal_message	optional	string	Custom message to be included in renewal notifications.
disable_renewal_notifications	optional	bool	Specify if renewal notification emails should be disabled. Default:
false
additional_emails	optional	array	Additional email addresses to receive certificate notification emails (e.g., certificate issuance, duplicate certificate, certificate renewals, etc.).
locale	optional	string	Language that the DCV email should use. See Glossary – Locale codes.
renewal_of_order_id	optional^*	int	If order is a renewal, enter the previous order’s ID. *Renewal orders must include either a renewed_thumbprint or renewal_of_order_id value.
payment_method	required	string	Payment method for the order. Allowed values:
credit_card	required (if payment_method is card)	object	Object with information about the credit card charged for the order. Required if `payment_method` is `card`.
.. number	required	string	Credit card number.
.. expiration_month	required	string	Credit card expiration month. Format as a two-digit number between `01` (Jan) and `12` (Dec).
.. expiration_year	required	string	Credit card expiration year. Format as a four-digit number. For example: `2026`
.. cvv	required	string	Card verification value (CVV). Format as a three- or four-digit number. For example: `333` or `4444`
.. cardholder_name	required	string	Cardholder’s first and last name.
.. save_credit_card	optional	null	Specify whether to save the credit card details. `true` for saving the details, `false` for not saving the details, and `null` for not indicating the preference. Allowed Values: true, false, or null.
.. set_as_default	required	string	Set the card as the default payment option or method. To set this card as your default payment method, use `1`. To keep your default payment method, use `0`. Allowed Values: 1 or 0.
billing_address	conditional	object	Object with information about the billing address. Required if `payment_method` is `card`.
.. address	required	string	Billing street address.
.. address2	optional	string	Continuation of street address.
.. city	required	string	Billing city.
.. state	conditional	string	Billing state or province. Optional for some countries.
.. country	required	string	Billing country.
.. zip	conditional	string	Billing zip or postal code. Optional for some countries.

Response parameters

Name	Type	Description
id	int	Order ID.
requests	array	Contains information about the request.
.. id	int	Request ID.
.. status	string	Request status. Possible values:pending, submitted, approved, rejected
certificate_id	int	Certificate ID. Returned if request status is approved.

After placing the order, go to the EU (eIDAS) products page in the CertCentral platform documentation, select the relevant certificate order link, and view the What’s Next subsection to carry out the subsequent tasks.

Alternatively, you can order the EU Qualified Personal certificate through the CertCentral Europe platform. For more information, see Order your EU Qualified Personal certificate.

Was this page helpful?

Provide feedback