Skip to main content

Order EU Qualified Personal

POST https://www.certcentral.digicert.eu/services/v2/order/certificate/eu_individual

Use this endpoint to order an EU Qualified Personal certificate. EU Qualified Personal is an eIDAS certificate that is issued to a natural person and is used to apply electronic signatures. You can get an EU Qualified Personal certificate that applies qualified or advanced electronic signatures.

Warning

The EU Qualified Personal certificate is only available in CertCentral Europe. Only use the CertCentral Europe base URL, https://certcentral.digicert.eu/services/v2,  to construct your EU Qualified Personal certificate API request.

Example requests and responses

Request parameters

Name

Req/Opt

Type

Description

certificate

required

object

Certificate details.

.. signature_hash

required

string

Hash algorithm used for signing the certificate.

EU Qualified certificates support only SHA-256 hash algorithm.

profile_option

required

string

Select a profile option that best defines the certificate usage. The options are:

  • nonrepudiation: Use for signing documents with a non-repudiable and tamper-proof electronic signature, which is trusted and recognized across the European Union.

  • authentication: Use for personal identity verification, providing the highest level of assurance.

  • encryption: Use for encrypting emails for non-repudiation of emails and to ensure the integrity of the email messages.

individual

required

object

Information about the individual who is the intended certificate holder and who will use the certificate for digital signatures, encryption, or authentication purposes.

.. first_name

required

string

Individual's first name (given name). This can include middle names or initials, but do not include titles or prefixes such as "Dr.".

.. last_name

required

string

Individual's last name (given name). This can include middle names or initials, but do not include titles or prefixes such as "Dr.".

.. pseudonym

optional

string

Individual’s preferred or professional name (pseudonym). This can include titles, prefixes, academic or professional suffixes, abbreviations, and accrediations.

If you enter a pseudonym, the common name on the certificate displays the pseudonym. If you do not enter a pseudonym, the common name on the certificate displays first_name + last_name.

.. email

required

string

Individual's email address. This email address is used for processing the order request and receiving order approval notifications. This email address does not appear on the certificate.

To view an email address on the certificate, enter the email address in the subject.email request parameter. The email address is displayed alongside the subject email on the certificate.

.. telephone

required

string

Individual’s phone number with the country code (for example, +1-555-555-5555).

.. country

required

string

Individual's country, represented by a two-letter country code.

.. state

required

string

Individual's state or province.

.. city

optional

string

Iindividual's city.

.. zip

optional

string

Individual's postal code.

provisioning_method

required

string

Specify the key provisioning method. Key provisioning method refers to where the private key and the certificate will be stored. The methods are:

  • Qualified signature/seal creation device (QSCD): This method provides a qualified certificate that can create qualified electronic signatures or seals. If you select the qscd provisioning method in the request body, DigiCert ships the QSCD hardware token to you. You must include shipping details in the ship_info object to receive the QSCD. After receiving the device and the PIN, you must use the DigiCert Trust Assistant to initialize and install your certificate on the token. To do so, use the certificate's order details page on the CertCentral Europe platform user interface to download and install the DigiCert Trust Assistant. You can use the DigiCert Trust Assistant to unlock and install the certificate on your QSCD token. For more information, go to the EU (eIDAS) products page in the CertCentral platform documentation, select the relevant certificate order link, and view the What's Next subsection.

  • Certificate signing request (CSR): This method results in an advanced electronic signature. If you select the csr provisioning method in the request body, you must submit a CSR using the csr request parameter while ordering the certificate. If you do not submit the CSR in the request body, DigiCert sends you an email with instructions and a link for providing the CSR before issuing the certificate.

ship_info

optional

object

For orders with the provisioning_method of qscd, specify the shipping address for the hardware token.

.. name

required

string

First and last name of the recipient of the order.

.. addr1

required

string

Shipping address for the token.

.. addr2

required

string

Secondary address field.

.. city

required

string

Shipping city.

.. state

required

string

Shipping state.

.. zip

required

string

Shipping postal code.

.. country

required

string

Shipping country.

.. method

required

string

Shipping priority for the token.

Allowed values: STANDARD or EXPEDITED (incurs additional cost).

.. csr

optional

string

Certificate signing request (CSR) or public key in PEM format. Format the CSR/public key as a base64-encoded string without line breaks or escape characters. Include the PEM headers and footers (such as -----BEGIN CERTIFICATE REQUEST-----... and ...-----END CERTIFICATE REQUEST-----). For more information about generating a CSR, see Create a CSR.

After placing the order, if the status of the order is pending, you can use the Update CSR endpoint to update the CSR. To check the status of the order, use the Order validation status endpoint.

Note: Required if provisioning_method is csr.

container

optional

object

If needed, specify the container the order should be placed under.

.. id

required

int

Container ID.

custom_fields

optional*

array

Account-specific custom fields.

*Whether or not these fields are required depends on your custom field settings.

.. metadata_id

required

int

Custom field ID.

.. value

required

string

Value for the custom field. Data validation type depends on your custom field settings.

alternative_order_id

optional

string

A custom alphanumeric ID to assign the order. To see the alternative_order_id assigned to an order, use the Order info endpoint.

Alternative order IDs do not replace the unique order ID that DigiCert assigns each order request. You cannot use alternative order IDs to search for or identify orders in API calls that require an order_id parameter in the URL path or request body.

If the Require unique alternative order IDs option is enabled in your account settings, you cannot submit order requests with an alternative order ID that is already assigned to an order in your account. Use this feature to enable nonce order requests, or to prevent your integration from creating duplicate orders in cases where you do not receive a response from the API. Account administrators can toggle this option from the CertCentral console. From the Settings > Preferences page, open the Advanced Settings menu, and look for the Alternative order ID option.

This parameter is always optional, even if the Require unique alternative order IDs option is enabled in your account. If a request does not use this parameter, no alternative_order_id value is assigned to the order.

Maximum length: 64 characters

Note: The Require unique alternative order IDs option may not appear in the advanced settings menu for all CertCentral accounts. To enable this option for your account, contact your account manager or our Support team.

enable_guest_access

optional

int

Whether to enable guest access for the order. This parameter is not allowed if guest access is disabled in your account settings.

Allowed values:1 (enabled) or 0 (disabled)

Default: The default configuration for new orders is determined by your account settings. Account administrators can change these settings from the Guest Access page in the CertCentral console.

renewed_thumbprint

optional*

string

If order is a renewal, enter the SHA-1 thumbprint of the previous order's primary certificate. For more information, see How to check a certificate's thumbprint.

*Renewal orders must include either a renewed_thumbprint or renewal_of_order_id value.

.. order_validity

optional

object 

Defines the validity period of certificates issued for this order. Cannot exceed order validity period.

If not provided, or if the certificate validity date is less than 365 days from the current date, the certificate's validity period defaults to the validity period of the order or the maximum certificate validity period defined by CA/B Forum baseline requirements, whichever is shorter.

This object is not used for requests from accounts that do not have Multi-year Plans enabled.

.. .. years

optional

int 

Number of years the certificate is valid after it is issued.

Can be replaced with cert_validity.days or cert_validity.custom_expiration_date.

Allowed value: 1, 2, or 3

.. .. days

optional

int 

Number of days the certificate is valid after it is issued. Overrides cert_validity.years.

Max: 397

.. .. custom_expiration_date

optional

string

A custom expiration date for the certificate. Overrides cert_validity.days and cert_validity.years.

Format: dd MMM YYYY (for example, "09 JUN 2021")

Range: Must be within 397 days of the date you request the certificate.

comments

optional

string

skip_approval

optional

bool

Specify if the order should skip the approval step and be immediately submitted for validation and issued when complete.

Default: false

auto_renew

optional

int

Specify if the certificate should automatically renew.

Allowed values:0 (disabled) or 1 (enabled)

Default: 0

custom_renewal_message

optional

string

Custom message to be included in renewal notifications.

disable_renewal_notifications

optional

bool

Specify if renewal notification emails should be disabled.

Default: false

additional_emails

optional

array

Additional email addresses to receive certificate notification emails (e.g., certificate issuance, duplicate certificate, certificate renewals, etc.).

locale

optional

string

Language that the DCV email should use. See Glossary – Locale codes.

renewal_of_order_id

optional*

int

If order is a renewal, enter the previous order's ID.

*Renewal orders must include either a renewed_thumbprint or renewal_of_order_id value.

payment_method

required

string

Payment method for the order. Allowed values:

  • balance (default): Pay with account balance. Returns an error if the option to bill to account balance is disabled for the account, or if the account balance has insufficient funds. Learn how to debit purchases against your CertCentral account balance.

  • profile: Pay with the account’s default credit card. Returns an error if no default credit card is configured for the account. Learn how to set up a default credit card.

  • card: Pay with a new credit card. Requests that use card as the payment method must include a credit_card and billing_address object. Returns an error if the option to pay with a credit card is disabled for the account.

credit_card

required (if payment_method is card)

object

Object with information about the credit card charged for the order. Required if payment_method is card.

.. number

required

string

Credit card number.

.. expiration_month

required

string

Credit card expiration month. Format as a two-digit number between 01 (Jan) and 12 (Dec).

.. expiration_year

required

string

Credit card expiration year. Format as a four-digit number. For example: 2026

.. cvv

required

string

Card verification value (CVV). Format as a three- or four-digit number. For example: 333 or 4444

.. cardholder_name

required

string

Cardholder’s first and last name.

.. save_credit_card

optional

null

Specify whether to save the credit card details. true for saving the details, false for not saving the details, and null for not indicating the preference.

Allowed Values: true, false, or null.

.. set_as_default

required

string

Set the card as the default payment option or method. To set this card as your default payment method, use 1. To keep your default payment method, use 0.

Allowed Values: 1 or 0.

billing_address

conditional

object

Object with information about the billing address. Required if payment_method is card.

.. address

required

string

Billing street address.

.. address2

optional

string

Continuation of street address.

.. city

required

string

Billing city.

.. state

conditional

string

Billing state or province. Optional for some countries.

.. country

required

string

Billing country.

.. zip

conditional

string

Billing zip or postal code. Optional for some countries.

Response parameters

Name

Type

Description

id

int

Order ID.

requests

array

Contains information about the request.

.. id

int

Request ID.

.. status

string

Request status.

Possible values:pending, submitted, approved, rejected

certificate_id

int

Certificate ID. Returned if request status is approved.

After placing the order, go to the EU (eIDAS) products page in the CertCentral platform documentation, select the relevant certificate order link, and view the What's Next subsection to carry out the subsequent tasks.

Alternatively, you can order the EU Qualified Personal certificate through the CertCentral Europe platform. For more information, see Order your EU Qualified Personal certificate.