Skip to main content

Duplicate certificate

POST https://www.digicert.com/services/v2/order/certificate/{{order_id}}/duplicate

Use this endpoint to request a duplicate certificate for an order.

  • All certificate fields must be identical to the original, with the exception of the CSR, certificate validity, server platform, and signature hash.

  • When duplicating a multi-domain certificate, you can move a SAN to the common name if desired.

  • When duplicating a wildcard certificate, you can add SANs as long as they are subdomains of the wildcard.

Important

End of 2-year public SSL/TLS certificates

The Services API no longer issues public SSL/TLS certificates with a validity period greater than 397 days.

When you duplicate a certificate that has a validity greater than 397 days, the validity period of the duplicated certificate is shortened to 397 days or to the time that remains on the order, whichever is sooner. To use the remaining validity included with the original certificate order, request new duplicate certificates during the order's final 397-day period.

To learn more about this change, see End of 2-year DV, OV, EV public TLS/SSL certificates.

Example requests and responses

Example 1. cURL
curl -X POST \
  'https://www.digicert.com/services/v2/order/certificate/{{order_id}}/duplicate' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
  "certificate": {
    "common_name": "example.com",
    "dns_names": [
      "sub.example.com"
    ],
    "csr": "<csr>",
    "server_platform": {
      "id": 45
    },
    "signature_hash": "sha256"
  }
}'

Example 2. Python
import requests

url = "https://www.digicert.com/services/v2/order/certificate/{{order_id}}/duplicate"

payload = "{\n  \"certificate\": {\n    \"common_name\": \"example.com\",\n    \"dns_names\": [\n      \"sub.example.com\"\n    ],\n    \"csr\": \"<csr>\",\n    \"server_platform\": {\n      \"id\": 45\n    },\n    \"signature_hash\": \"sha256\"\n  }\n}"
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json"
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

Example 3. Go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://www.digicert.com/services/v2/order/certificate/{{order_id}}/duplicate"

	payload := strings.NewReader("{\n  \"certificate\": {\n    \"common_name\": \"example.com\",\n    \"dns_names\": [\n      \"sub.example.com\"\n    ],\n    \"csr\": \"<csr>\",\n    \"server_platform\": {\n      \"id\": 45\n    },\n    \"signature_hash\": \"sha256\"\n  }\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Example 4. NodeJS
var request = require("request");

var options = { method: 'POST',
  url: 'https://www.digicert.com/services/v2/order/certificate/{{order_id}}/duplicate',
  headers: 
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' },
  body: 
   { certificate: 
      { common_name: 'example.com',
        dns_names: [ 'sub.example.com' ],
        csr: '<csr>',
        server_platform: { id: 45 },
        signature_hash: 'sha256' } },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Request parameters

Name

Req/Opt

Type

Description

certificate

required

object

Details about the certificate.

.. common_name

required

string

Domain to be secured.

.. dns_names

optional

array

Additional domains to be secured.

.. csr

required

string

Certificate signing request (CSR). See Glossary – CSR requirements.

.. server_platform

optional

object

Server platform type.

Required for code signing certificate orders.

Default: -1 (other)

.. .. id

required

int

Server platform ID. See Glossary – Server platforms.

.. signature_hash

required

string

Hash algorithm used to sign the certificate.

.. ca_cert_id

optional

string

ID of the intermediate certificate authority (ICA) certificate to select as the issuing certificate. To get the ca_cert_id value for an ICA, use the Product list endpoint.

Account administrators can customize the default and allowed ICAs for each product at the container or user role level. If you do not provide a value for this parameter, we issue the certificate using the default ICA. If you provide the ca_cert_id value for an ICA that is not allowed, the request returns an error*. To see the custom ICA settings for each product, use the Product limits endpoint.

*This parameter is ignored if the option for ICA selection is not enabled for your account. For more information, see ICA certificate chain selection.

custom_expiration_date

optional

string

A custom expiration date for the certificate.

Defines the validity period of the duplicate certificate. If not provided, the validity period for the duplicate certificate defaults to the time remaining of the certificate being duplicated.

We automatically truncate the certificate validity if you exceed the time remaining in the order, Multi-year Plan, or the maximum 397-day certificate validity period defined by CA/B Forum baseline requirements, whichever is shorter.

Response parameters

Name

Type

Description

id

int

Order ID.

requests

array

List of requests.

..  id

int

Request ID.

certificate_id

int

ID of the issued duplicate certificate.

certificate_chain

array

Certificate chain list.

.. subject_common_name

string

Common name on the certificate.

.. pem

string

PEM encoded certificate.

Note: The pem response parameter includes newline characters \r\n, which are an inherent part of PEM-encoded certificates.

In this section: