Glossary

Access roles

ID Role Description
1 Administrator Full administrative access, including create divisions and users, manage user access.
2 Limited user Place and manage only their own orders.
3 Finance manager Manage finances, place and manage orders.
4 Manager Manage finances, create and approve requests, manage orders and domains, view and edit users.
5 Standard user Place and manage orders. All changes require approval by a manager or administrator.

API key roles

Role ID Role name Description
0 N/A No restrictions.
Permissions are inherited from access role of the user that is assigned to the key.
100 Orders Limits the key to these actions: Orders, Requests, and Certificates.
101 Orders, Domains, Organizations Limits the key to these actions: Orders, Requests, Certificates, Organizations, and Domains.
102 View Only Limits key to GET requests only.

Certificate formats

All returned certificates use PEM encoding, which includes header and footer lines.

Format name Content-Type Certificate file extension Description
default application/zip .crt ZIP archive containing individual root, intermediate, and end-entity certificate files.
apache application/zip .crt ZIP archive containing individual intermediate and end-entity certificate files.
default_cer application/zip .cer ZIP archive containing individual root, intermediate, and end-entity certificate files.
cer application/x-pkcs7-certificates .cer Single P7B bundle file containing root, intermediate, and end-entity certificates.
p7b application/x-pkcs7-certificates .p7b Single P7B bundle file containing root, intermediate, and end-entity certificates.
default_pem application/zip .crt ZIP archive containing individual root, intermediate, and end-entity certificate files.
pem_all application/x-pem-file .pem Single PEM bundle containing root, intermediate, and end-entity certificate entries.
pem_nointermediate application/x-pem-file .pem Single PEM file containing only end-entity certificate entry.
pem_noroot application/x-pem-file .pem Single PEM bundle containing intermediate and end-entity certificate entries.

Custom order field input types

The anything input type is never specified in the metadata response. Instead, the data_type parameter is simply omitted, indicating the custom order field uses the anything input type.

Type Description
anything No input validation.
Uses the input html tag for the form field.
text No input validation.
Uses the textarea html tag for the form field.
int Allows only integers as input.
Uses the input html tag for the form field.
email_address Allows only a single valid email address as input.
Uses the input html tag for the form field.
email_list Allows multiple valid email addresses as input. Does not allow duplicate email addresses.
Uses the input html tag for each email address.

Locale codes

Code Language
en English
de German
es Spanish
fr French
it Italian
jp Japanese
kr Korean
pt Portuguese
ru Russian
zh_cn Simplified Chinese
zh_tw Traditional Chinese

CS provisioning methods

Method Description
email Token is sent via email.
This method requires manual installation on a supported hardware token.
ship_token Token is shipped on a certified hardware token to the provided address.
client_app Token is installed using the DigiCert Utility.

CSR requirements

Certificate type CSR
ssl_certificate Required for all orders.
dv_ssl_certificate Required for all orders.
client_certificate Optional for all orders.
code_signing_certificate Required for these uses:

DCV methods

Method Description
email Domain validation emails are sent to these email addresses:
  • Contacts lists in the WHOIS record
  • Default domain contacts
dns-cname-token DNS CNAME record that contains a random value token is created for the domain.
http-token File that contains a random value token is made publicly available on the domain.
dns-txt-token DNS TXT record that contains a random value token is created for the domain.

Hash types

ID Name
sha256 SHA-256
sha384 SHA-384
sha512 SHA-512
sha1 SHA-1

Headers

Headers are based on the RFC 2616 specification.

Status Description
200 General success response
201 Created: Useful for creation of requests, orders, etc
204 No Content: For successful requests that don't require a response
301 Moved Permanently: Returned in the unlikely event that a URL has changed. Will also return a LOCATION header with new URL. Clients should resubmit this request and submit future requests to this new URL
302 Moved Temporarily: Returned in the unlikely event that a URL has changed temporarily. Will also return a LOCATION header with new URL. Clients should resubmit this single request to this new URL
304 Content not modified: Useful when accessing a URL while waiting for a response. Only used if an IF-NONE-MATCH header was passed
400 General client error
401 Unauthorized: Returned if the page is accessed without a valid API Key
403 User doesn't have permission to perform the requested action
404 Returned if the page doesn't exist or the API doesn't have permission to interact with a particular item
406 If the client doesn't specify a valid acceptable content-type
429 Too many requests. The client has sent too many requests in a given amount of time.
500 Unexpected behavior that the API couldn't recover from
503 The system is currently unavailable

Order status

Status Description
pending Initial order status.
reissue_pending Reissue was requested and is pending.
rejected Order request was rejected.
processing Order was approved and is being processed.
issued Order was validated and certificate can be downloaded.
revoked Order was revoked.
canceled Order was canceled.
needs_csr Order requires a CSR before it can be processed.
needs_approval Order request requires approval before is can be processed.

Product identifiers

Actual product list will vary by account. Use the Get product list endpoint to see available products.

Name ID Group name Name
ssl_dv_geotrust dv_ssl_certificate GeoTrust Standard DV SSL Certificate
ssl_dv_rapidssl dv_ssl_certificate RapidSSL Standard DV SSL Certificate
ssl_dv_thawte dv_ssl_certificate Thawte SSL123 DV
wildcard_dv_geotrust dv_ssl_certificate GeoTrust Wildcard DV SSL Certificate
wildcard_dv_rapidssl dv_ssl_certificate RapidSSL Wildcard DV SSL Certificate
cloud_dv_geotrust dv_ssl_certificate GeoTrust Cloud DV
ssl_plus ssl_certificate Standard SSL Certificate
ssl_multi_domain ssl_certificate SSL Multi Domain Certificates
ssl_wildcard ssl_certificate Wildcard Certificate
ssl_ev_plus ssl_certificate EV SSL Certificate
ssl_ev_multi_domain ssl_certificate SSL EV Multi Domain Certificate
ssl_cloud_wildcard ssl_certificate SSL Cloud Certificates
ssl_thawte_webserver ssl_certificate Thawte SSL Webserver OV
ssl_ev_thawte_webserver ssl_certificate Thawte SSL Webserver EV
ssl_geotrust_truebizid ssl_certificate GeoTrust TrueBusiness ID OV
ssl_ev_geotrust_truebizid ssl_certificate GeoTrust TrueBusiness ID EV
ssl_securesite_pro securesite_ssl_certificate Secure Site Pro SSL
ssl_ev_securesite_pro securesite_ssl_certificate Secure Site Pro EV SSL
ssl_securesite securesite_ssl_certificate Secure Site SSL
ssl_securesite_multi_domain securesite_ssl_certificate Secure Site Multi-Domain SSL
ssl_securesite_wildcard securesite_ssl_certificate Secure Site Wildcard SSL
ssl_ev_securesite securesite_ssl_certificate Secure Site EV SSL
ssl_ev_securesite_multi_domain securesite_ssl_certificate Secure Site EV Multi-Domain SSL
client_premium_sha2 client_certificate Client Premium Certificate
client_email_security_plus client_certificate Client Email Security Plus Certificate
client_digital_signature_plus_sha2 client_certificate Client Digital Signature Plus Certificate
client_grid_premium grid_certificate GRID Client Premium Certificate
grid_host_ssl grid_certificate GRID Host SSL Plus Certificate
grid_host_ssl_multi_domain grid_certificate GRID Host SSL Multi Domain Certificates
client_grid_robot_fqdn grid_certificate GRID Robot FQDN Certificate
client_grid_robot_name grid_certificate GRID Robot Name Certificate
client_grid_robot_email grid_certificate GRID Robot Email Certificate
private_ssl_plus private_ssl_certificate Private SSL Plus Certificate
private_ssl_wildcard private_ssl_certificate Private SSL Wildcard Certificate
private_ssl_multi_domain private_ssl_certificate Private SSL Multi Domain Certificate
code_signing code_signing_certificate Code Signing Certificate
code_signing_ev code_signing_certificate EV Code Signing Certificate
document_signing_org_1 document_signing Document Signing Organization (2000) Certificate
document_signing_org_2 document_signing Document Signing Organization (5000) Certificate

Product types

Type
client_certificate
code_signing_certificate
dv_ssl_certificate
ssl_certificate

Server platforms

When downloading a certificate, the server platform determines in which format the certificate should be sent.

TLS/SSL certificates

Platform Certificate format ID
Apache apache 2
Barracuda default 41
Bea Weblogic 7 and older pem_all 29
BEA Weblogic 8 & 9 p7b 42
Cisco default 30
Citrix (Other) pem_noroot 39
Citrix Access Essentials default 46
Citrix Access Gateway 4.x pem_noroot 50
Citrix Access Gateway 5.x and higher apache 58
cPanel apache 43
F5 Big-IP apache 31
F5 FirePass apache 32
IBM HTTP Server default_cer 7
Java Web Server (Javasoft / Sun) p7b 10
Juniper default 33
Lighttpd apache 44
Lotus Domino default 11
Mac OS X Server apache 49
Microsoft Exchange Server 2003 cer 47
Microsoft Exchange Server 2007 cer 36
Microsoft Exchange Server 2010 cer 48
Microsoft Exchange Server 2013 cer 68
Microsoft Exchange Server 2016 cer 71
Microsoft Forefront Unified Access Gateway cer 66
Microsoft IIS 1.x to 4.x default 13
Microsoft IIS 10 cer 70
Microsoft IIS 5 or 6 cer 14
Microsoft IIS 7 cer 40
Microsoft IIS 8 cer 67
Microsoft Live Communications Server 2005 cer 37
Microsoft Lync Server 2010 cer 59
Microsoft Lync Server 2013 cer 69
Microsoft OCS R2 p7b 60
Microsoft Office Communications Server 2007 cer 38
Microsoft Small Business Server 2008 & 2011 default 62
Netscape Enterprise Server default 15
Netscape iPlanet default 9
nginx pem_noroot 45
Novell iChain default 65
Novell NetWare cer 17
Oracle default 18
Qmail pem_all 34
SunOne default 35
Tomcat p7b 24
WebStar default 26
Zeus Web Server default 28
Other default -1

Code signing certificates

Platform ID
Adobe AIR 52
Apple OS X 53
Microsoft Authenticode 51
Microsoft Kernel-Mode Code 64
Microsoft Office VBA 54
Mozilla 56
Sun Java 55
Other 57

EV code signing certificates

Platform Device type ID
AEP Keyper HSM 15
ARX PrivateServer HSM 16
Bull Trustway Crypto PCI HSM 17
ePass3003 Token 21
SafeNet eToken 5100 Token 6
SafeNet eToken 5105 Token 7
SafeNet eToken 5110 Token 19
SafeNet eToken 5110 FIPS Token 20
SafeNet eToken 5200 Token 8
SafeNet eToken 5205 Token 9
SafeNet eToken PRO 72K Token 3
SafeNet eToken PRO Anywhere Token 2
SafeNet iKey 4000 Token 10
Safenet Luna HSM 12
Thales nShield HSM 13
Utimaco CryptoServer HSM 14
Other
Must be a FIPS 140-2 Level 2 device.
HSM -1

Permissions

Permission action
add_domains
create_child_enterprise
create_child_reseller
create_child_retail
create_containers
create_discovery_report
create_discovery_scan
create_discovery_sensor
create_domains
create_guest_keys
create_organizations
create_users
delete_account_scans
delete_scan
edit_container
edit_domains
edit_guest_keys
edit_organizations
edit_users
manage_account_metadata
manage_api_access
manage_discovery_report
manage_discovery_scan
manage_discovery_sensor
manage_finances
manage_guest_keys
manage_ip_access
manage_order_user_access
manage_orders
manage_org_container_assignments
manage_requests
manage_settings
manage_tfa
manage_user_container_assignments
place_orders
review_requests
saml_attribute_mapping
saml_manage_idp
saml_map_idp
saml_organization_mapping
saml_sso
tools_links
update_scan
view_api_access
view_child_account
view_container
view_discovery_report
view_discovery_scan
view_discovery_sensor
view_domains
view_finances
view_guest_keys
view_orders
view_organizations
view_reports
view_scan
view_users

Subaccount types

Type Description
retail CertCentral Basic account
enterprise CertCentral Enterprise account
reseller CertCentral Reseller account
managed API only account (no CertCentral UI access)

User status

Status Description
active Normal user status.
incomplete User has not completed the sign up process.
inactive User profile and settings exist, but user cannot sign in.

Validation types

Type
cs
ds
ev
ev_cs
grid
ov
private_grid
private_ssl
ra_ev
ra_ov
wfa