| ID | Role | Description |
|---|---|---|
| 1 | Administrator | Full administrative access, including create divisions and users, manage user access. |
| 2 | Limited user | Place and manage only their own orders. |
| 3 | Finance manager | Manage finances, place and manage orders. |
| 4 | Manager | Manage finances, create and approve requests, manage orders and domains, view and edit users. |
| 5 | Standard user | Place and manage orders. All changes require approval by a manager or administrator. |
| Role ID | Role name | Description |
|---|---|---|
| 0 | N/A |
No restrictions. Permissions are inherited from access role of the user that is assigned to the key. |
| 100 | Orders | Limits the key to these actions: Orders, Requests, and Certificates. |
| 101 | Orders, Domains, Organizations | Limits the key to these actions: Orders, Requests, Certificates, Organizations, and Domains. |
| 102 | View Only | Limits key to GET requests only. |
All returned certificates use PEM encoding, which includes header and footer lines.
| Format name | Content-Type | Certificate file extension | Description |
|---|---|---|---|
| default |
application/zip
|
.crt
|
ZIP archive containing individual root, intermediate, and end-entity certificate files. |
| apache |
application/zip
|
.crt
|
ZIP archive containing individual intermediate and end-entity certificate files. |
| default_cer |
application/zip
|
.cer
|
ZIP archive containing individual root, intermediate, and end-entity certificate files. |
| cer |
application/x-pkcs7-certificates
|
.cer
|
Single P7B bundle file containing root, intermediate, and end-entity certificates. |
| p7b |
application/x-pkcs7-certificates
|
.p7b
|
Single P7B bundle file containing root, intermediate, and end-entity certificates. |
| default_pem |
application/zip
|
.crt
|
ZIP archive containing individual root, intermediate, and end-entity certificate files. |
| pem_all |
application/x-pem-file
|
.pem
|
Single PEM bundle containing root, intermediate, and end-entity certificate entries. |
| pem_nointermediate |
application/x-pem-file
|
.pem
|
Single PEM file containing only end-entity certificate entry. |
| pem_noroot |
application/x-pem-file
|
.pem
|
Single PEM bundle containing intermediate and end-entity certificate entries. |
The anything input type is never specified in the metadata response. Instead, the data_type parameter is simply omitted, indicating the custom order field uses the anything input type.
| Type | Description |
|---|---|
| anything |
No input validation. Uses the input html tag for the form field.
|
| text |
No input validation. Uses the textarea html tag for the form field.
|
| int |
Allows only integers as input. Uses the input html tag for the form field.
|
| email_address |
Allows only a single valid email address as input. Uses the input html tag for the form field.
|
| email_list |
Allows multiple valid email addresses as input. Does not allow duplicate email addresses. Uses the input html tag for each email address.
|
| Code | Currency |
|---|---|
| AUD | Australian dollar |
| GBP | British pound sterling |
| EUR | Euro |
| HKD | Hong Kong dollar |
| JPY | Japanese yen |
| SGD | Singapore dollar |
| SEK | Swedish krona |
| TWD | Taiwan dollar |
| USD | US dollar |
| Code | Language |
|---|---|
| en | English |
| de | German |
| es | Spanish |
| fr | French |
| it | Italian |
| jp | Japanese |
| kr | Korean |
| pt | Portuguese |
| ru | Russian |
| zh_cn | Simplified Chinese |
| zh_tw | Traditional Chinese |
| Method | Description |
|---|---|
|
DigiCert emails the certificate to you. Install the certificate on your own supported hardware token or HSM device. |
|
| ship_token | DigiCert installs the certificate on a certified hardware token and ships the token to the address provided. |
| client_app |
Use the DigiCert Certificate Utility to install the certificate on an existing DigiCert provided, certified token. Note: You can also install the certificate on your own supported token. |
| Certificate type | CSR |
|---|---|
| ssl_certificate | Required for all orders. |
| dv_ssl_certificate | Required for all orders. |
| client_certificate | Optional for all orders. |
| code_signing_certificate |
Required for these uses:
|
| Method | Description |
|---|---|
Domain validation emails are sent to these email addresses:
|
|
| dns-cname-token |
Create a DNS CNAME record for the domain that contains a random value. Note: This method cannot be used to demonstrate control over the domains on DV certificate requests. |
| http-token | Add a file that contains a random value and make it publicly available on the domain. |
| dns-txt-token | Create a DNS TXT record for the domain that contains a random value. |
| ID | Name |
|---|---|
| sha256 | SHA-256 |
| sha384 | SHA-384 |
| sha512 | SHA-512 |
| sha1 | SHA-1 |
Headers are based on the RFC 2616 specification.
| Status | Description |
|---|---|
| 200 | General success response |
| 201 | Created: Useful for creation of requests, orders, etc |
| 204 | No Content: For successful requests that don't require a response |
| 301 | Moved Permanently: Returned in the unlikely event that a URL has changed. Will also return a LOCATION header with new URL. Clients should resubmit this request and submit future requests to this new URL |
| 302 | Moved Temporarily: Returned in the unlikely event that a URL has changed temporarily. Will also return a LOCATION header with new URL. Clients should resubmit this single request to this new URL |
| 304 | Content not modified: Useful when accessing a URL while waiting for a response. Only used if an IF-NONE-MATCH header was passed |
| 400 | General client error |
| 401 | Unauthorized: Returned if the page is accessed without a valid API Key |
| 403 | User doesn't have permission to perform the requested action |
| 404 | Returned if the page doesn't exist or the API doesn't have permission to interact with a particular item |
| 406 | If the client doesn't specify a valid acceptable content-type |
| 429 | Too many requests. The client has sent too many requests in a given amount of time. |
| 500 | Unexpected behavior that the API couldn't recover from |
| 503 | The system is currently unavailable |
| Status | Description |
|---|---|
| pending | Initial order status. |
| reissue_pending | Reissue was requested and is pending. |
| rejected | Order request was rejected. |
| processing | Order was approved and is being processed. |
| issued | Order was validated and certificate can be downloaded. |
| revoked | Order was revoked. |
| canceled | Order was canceled. |
| needs_csr | Order requires a CSR before it can be processed. |
| needs_approval | Order request requires approval before is can be processed. |
| Status |
|---|
| VALID |
| REVOKED |
| EXPIRED |
| UNDETERMINED |
| Rating |
|---|
| At risk |
| Not secure |
| Secure |
| Very secure |
| Vulnerability |
|---|
| BEAST |
| BREACH |
| CRIME |
| DROWN |
| FREEK |
| Heartbleed |
| LogJam |
| POODLE (SSLv3) |
| POODLE (TLS) |
| RC4 |
| SWEET32 |
| NO_VULNERABILITY_FOUND |
Actual product list will vary by account. Use the Get product list endpoint to see available products.
| Name ID | Group name | Name |
|---|---|---|
| ssl_dv_geotrust | dv_ssl_certificate | GeoTrust Standard DV SSL Certificate |
| ssl_dv_rapidssl | dv_ssl_certificate | RapidSSL Standard DV SSL Certificate |
| ssl_dv_thawte | dv_ssl_certificate | Thawte SSL123 DV |
| ssl_dv_ee | dv_ssl_certificate | Encryption Everywhere DV |
| wildcard_dv_geotrust | dv_ssl_certificate | GeoTrust Wildcard DV SSL Certificate |
| wildcard_dv_rapidssl | dv_ssl_certificate | RapidSSL Wildcard DV SSL Certificate |
| cloud_dv_geotrust | dv_ssl_certificate | GeoTrust Cloud DV |
| ssl_dv_geotrust_flex | dv_ssl_certificate | Geotrust DV SSL |
| ssl_plus | ssl_certificate | Standard SSL Certificate |
| ssl_multi_domain | ssl_certificate | SSL Multi Domain Certificates |
| ssl_wildcard | ssl_certificate | Wildcard Certificate |
| ssl_ev_plus | ssl_certificate | EV SSL Certificate |
| ssl_ev_multi_domain | ssl_certificate | SSL EV Multi Domain Certificate |
| ssl_cloud_wildcard | ssl_certificate | SSL Cloud Certificates |
| ssl_basic | ssl-certificate | Baisc OV |
| ssl_ev_basic | ssl-certificate | Basic EV |
| ssl_thawte_webserver | ssl_certificate | Thawte SSL Webserver OV |
| ssl_ev_thawte_webserver | ssl_certificate | Thawte SSL Webserver EV |
| ssl_geotrust_truebizid | ssl_certificate | GeoTrust TrueBusiness ID OV |
| ssl_ev_geotrust_truebizid | ssl_certificate | GeoTrust TrueBusiness ID EV |
| ssl_securesite_pro | securesite_ssl_certificate | Secure Site Pro SSL |
| ssl_ev_securesite_pro | securesite_ssl_certificate | Secure Site Pro EV SSL |
| ssl_securesite | securesite_ssl_certificate | Secure Site SSL |
| ssl_securesite_multi_domain | securesite_ssl_certificate | Secure Site Multi-Domain SSL |
| ssl_securesite_wildcard | securesite_ssl_certificate | Secure Site Wildcard SSL |
| ssl_ev_securesite | securesite_ssl_certificate | Secure Site EV SSL |
| ssl_ev_securesite_multi_domain | securesite_ssl_certificate | Secure Site EV Multi-Domain SSL |
| ssl_securesite_flex | securesite_ssl_certificate | Secure Site OV |
| ssl_ev_securesite_flex | securesite_ssl_certificate | Secure Site EV |
| client_premium | client_certificate | Client Premium Certificate |
| client_email_security_plus | client_certificate | Client Email Security Plus Certificate |
| client_digital_signature_plus | client_certificate | Client Digital Signature Plus Certificate |
| client_authentication_plus | client_certificate | Client Authentication Plus Certificate |
| class1_smime | client_certificate | Class 1 S/Mime Certificate |
| client_grid_premium | grid_certificate | GRID Client Premium Certificate |
| grid_host_ssl | grid_certificate | GRID Host SSL Plus Certificate |
| grid_host_ssl_multi_domain | grid_certificate | GRID Host SSL Multi Domain Certificates |
| client_grid_robot_fqdn | grid_certificate | GRID Robot FQDN Certificate |
| client_grid_robot_name | grid_certificate | GRID Robot Name Certificate |
| client_grid_robot_email | grid_certificate | GRID Robot Email Certificate |
| private_ssl_plus | private_ssl_certificate | Private SSL Plus Certificate |
| private_ssl_wildcard | private_ssl_certificate | Private SSL Wildcard Certificate |
| private_ssl_multi_domain | private_ssl_certificate | Private SSL Multi Domain Certificate |
| private_ssl_flex | private_ssl_certificate | Private SSL OV |
| code_signing | code_signing_certificate | Code Signing Certificate |
| code_signing_ev | code_signing_certificate | EV Code Signing Certificate |
| document_signing_org_1 | document_signing | Document Signing Organization (2000) Certificate |
| document_signing_org_2 | document_signing | Document Signing Organization (5000) Certificate |
| Type |
|---|
| client_certificate |
| code_signing_certificate |
| dv_ssl_certificate |
| ssl_certificate |
When downloading a certificate, the server platform determines in which format the certificate should be sent.
| Platform | Certificate format | ID |
|---|---|---|
| Apache | apache | 2 |
| Barracuda | default | 41 |
| Bea Weblogic 7 and older | pem_all | 29 |
| BEA Weblogic 8 & 9 | p7b | 42 |
| Cisco | default | 30 |
| Citrix (Other) | pem_noroot | 39 |
| Citrix Access Essentials | default | 46 |
| Citrix Access Gateway 4.x | pem_noroot | 50 |
| Citrix Access Gateway 5.x and higher | apache | 58 |
| cPanel | apache | 43 |
| F5 Big-IP | apache | 31 |
| F5 FirePass | apache | 32 |
| IBM HTTP Server | default_cer | 7 |
| Java Web Server (Javasoft / Sun) | p7b | 10 |
| Juniper | default | 33 |
| Lighttpd | apache | 44 |
| Lotus Domino | default | 11 |
| Mac OS X Server | apache | 49 |
| Microsoft Exchange Server 2003 | cer | 47 |
| Microsoft Exchange Server 2007 | cer | 36 |
| Microsoft Exchange Server 2010 | cer | 48 |
| Microsoft Exchange Server 2013 | cer | 68 |
| Microsoft Exchange Server 2016 | cer | 71 |
| Microsoft Forefront Unified Access Gateway | cer | 66 |
| Microsoft IIS 1.x to 4.x | default | 13 |
| Microsoft IIS 10 | cer | 70 |
| Microsoft IIS 5 or 6 | cer | 14 |
| Microsoft IIS 7 | cer | 40 |
| Microsoft IIS 8 | cer | 67 |
| Microsoft Live Communications Server 2005 | cer | 37 |
| Microsoft Lync Server 2010 | cer | 59 |
| Microsoft Lync Server 2013 | cer | 69 |
| Microsoft OCS R2 | p7b | 60 |
| Microsoft Office Communications Server 2007 | cer | 38 |
| Microsoft Small Business Server 2008 & 2011 | default | 62 |
| Netscape Enterprise Server | default | 15 |
| Netscape iPlanet | default | 9 |
| nginx | pem_noroot | 45 |
| Novell iChain | default | 65 |
| Novell NetWare | cer | 17 |
| Oracle | default | 18 |
| Qmail | pem_all | 34 |
| SunOne | default | 35 |
| Tomcat | p7b | 24 |
| WebStar | default | 26 |
| Zeus Web Server | default | 28 |
| Other | default | -1 |
| Platform | ID |
|---|---|
| Adobe AIR | 52 |
| Apple OS X | 53 |
| Microsoft Authenticode | 51 |
| Microsoft Office VBA | 54 |
| Mozilla | 56 |
| Sun Java | 55 |
| Other | 57 |
| Platform | Device type | ID |
|---|---|---|
| AEP Keyper | HSM | 15 |
| ARX PrivateServer | HSM | 16 |
| Bull Trustway Crypto PCI | HSM | 17 |
| ePass3003 | Token | 21 |
| SafeNet eToken 5100 | Token | 6 |
| SafeNet eToken 5105 | Token | 7 |
| SafeNet eToken 5110 | Token | 19 |
| SafeNet eToken 5110 FIPS | Token | 20 |
| SafeNet eToken 5200 | Token | 8 |
| SafeNet eToken 5205 | Token | 9 |
| SafeNet eToken PRO 72K | Token | 3 |
| SafeNet eToken PRO Anywhere | Token | 2 |
| SafeNet iKey 4000 | Token | 10 |
| Safenet Luna | HSM | 12 |
| Thales nShield | HSM | 13 |
| Utimaco CryptoServer | HSM | 14 |
|
Other Must be a FIPS 140-2 Level 2 device. |
HSM | -1 |
| Permission action |
|---|
| add_domains |
| create_child_enterprise |
| create_child_reseller |
| create_child_retail |
| create_containers |
| create_discovery_report |
| create_discovery_scan |
| create_discovery_sensor |
| create_domains |
| create_guest_keys |
| create_organizations |
| create_users |
| delete_account_scans |
| delete_scan |
| edit_container |
| edit_domains |
| edit_guest_keys |
| edit_organizations |
| edit_users |
| manage_account_metadata |
| manage_api_access |
| manage_discovery_report |
| manage_discovery_scan |
| manage_discovery_sensor |
| manage_finances |
| manage_guest_keys |
| manage_ip_access |
| manage_order_user_access |
| manage_orders |
| manage_org_container_assignments |
| manage_requests |
| manage_settings |
| manage_tfa |
| manage_user_container_assignments |
| place_orders |
| review_requests |
| saml_attribute_mapping |
| saml_manage_idp |
| saml_map_idp |
| saml_organization_mapping |
| saml_sso |
| tools_links |
| update_scan |
| view_api_access |
| view_child_account |
| view_container |
| view_discovery_report |
| view_discovery_scan |
| view_discovery_sensor |
| view_domains |
| view_finances |
| view_guest_keys |
| view_orders |
| view_organizations |
| view_reports |
| view_scan |
| view_users |
When you set up a bill-to-parent subaccount, you can choose to display prices in the subaccount's preferred currency. This is for display only. Parent accounts and subaccounts that DigiCert bills directly always receive invoices in the DigiCert-supported currency associated with the account. For officially supported currencies, see DigiCert currencies.
| Code | Currency |
|---|---|
| ARS | Argentine peso |
| AUD | Australian dollar |
| BRL | Brazilian real |
| GBP | British pound sterling |
| BND | Brunei dollar |
| KHR | Cambodia riel |
| CAD | Canadian dollar |
| CNY | Chinese yuan renminbi |
| COP | Colombian peso |
| EUR | Euro |
| HKD | Hong Kong dollar |
| INR | Indian rupee |
| IDR | Indonesia rupiah |
| JPY | Japanese yen |
| LAK | Lao kip |
| MYR | Malaysian ringgit |
| MXN | Mexican peso |
| MMK | Myanmar kyat |
| NZD | New Zealand dollar |
| NOK | Norwegian krone |
| PHP | Philippine peso |
| RUB | Russian ruble |
| SGD | Singapore dollar |
| ZAR | South African rand |
| KRW | South Korean won |
| SEK | Swedish krona |
| CHF | Swiss franc |
| TWD | Taiwan dollar |
| THB | Thailand baht |
| TRY | Turkish lira |
| USD | US dollar |
| VND | Vietnam dong |
| Type | Description |
|---|---|
| retail | CertCentral Basic account |
| enterprise | CertCentral Enterprise account |
| reseller | CertCentral Reseller account |
| managed | API only account (no CertCentral UI access) |
| Status | Description |
|---|---|
| active | Normal user status. |
| incomplete | User has not completed the sign up process. |
| inactive | User profile and settings exist, but user cannot sign in. |
| Type |
|---|
| cs |
| ds |
| ev |
| ev_cs |
| grid |
| ov |
| private_grid |
| private_ssl |
| ra_ev |
| ra_ov |
| wfa |