| ID | Role | Description |
|---|---|---|
| 1 | Administrator | Full administrative access, including create divisions and users, manage user access. |
| 2 | Limited user | Place and manage only their own orders. |
| 3 | Finance manager | Manage finances, place and manage orders. |
| 4 | Manager | Manage finances, create and approve requests, manage orders and domains, view and edit users. |
| 5 | Standard user | Place and manage orders. All changes require approval by a manager or administrator. |
| Role ID | Role name | Description |
|---|---|---|
| 0 | N/A |
No restrictions. Permissions are inherited from access role of the user that is assigned to the key. |
| 100 | Orders | Limits the key to these actions: Orders, Requests, and Certificates. |
| 101 | Orders, Domains, Organizations | Limits the key to these actions: Orders, Requests, Certificates, Organizations, and Domains. |
| 102 | View Only | Limits key to GET requests only. |
All returned certificates use PEM encoding, which includes header and footer lines.
| Format name | Content-Type | Certificate file extension | Description |
|---|---|---|---|
| default |
application/zip
|
.crt
|
ZIP archive containing individual root, intermediate, and end-entity certificate files. |
| apache |
application/zip
|
.crt
|
ZIP archive containing individual intermediate and end-entity certificate files. |
| default_cer |
application/zip
|
.cer
|
ZIP archive containing individual root, intermediate, and end-entity certificate files. |
| cer |
application/x-pkcs7-certificates
|
.cer
|
Single P7B bundle file containing root, intermediate, and end-entity certificates. |
| p7b |
application/x-pkcs7-certificates
|
.p7b
|
Single P7B bundle file containing root, intermediate, and end-entity certificates. |
| default_pem |
application/zip
|
.crt
|
ZIP archive containing individual root, intermediate, and end-entity certificate files. |
| pem_all |
application/x-pem-file
|
.pem
|
Single PEM bundle containing root, intermediate, and end-entity certificate entries. |
| pem_nointermediate |
application/x-pem-file
|
.pem
|
Single PEM file containing only end-entity certificate entry. |
| pem_noroot |
application/x-pem-file
|
.pem
|
Single PEM bundle containing intermediate and end-entity certificate entries. |
The anything input type is never specified in the metadata response. Instead, the data_type parameter is simply omitted, indicating the custom order field uses the anything input type.
| Type | Description |
|---|---|
| anything |
No input validation. Uses the input html tag for the form field.
|
| text |
No input validation. Uses the textarea html tag for the form field.
|
| int |
Allows only integers as input. Uses the input html tag for the form field.
|
| email_address |
Allows only a single valid email address as input. Uses the input html tag for the form field.
|
| email_list |
Allows multiple valid email addresses as input. Does not allow duplicate email addresses. Uses the input html tag for each email address.
|
| Code | Language |
|---|---|
| en | English |
| de | German |
| es | Spanish |
| fr | French |
| it | Italian |
| jp | Japanese |
| kr | Korean |
| pt | Portuguese |
| ru | Russian |
| zh_cn | Simplified Chinese |
| zh_tw | Traditional Chinese |
| Method | Description |
|---|---|
|
Token is sent via email. This method requires manual installation on a supported hardware token. |
|
| ship_token | Token is shipped on a certified hardware token to the provided address. |
| client_app | Token is installed using the DigiCert Utility. |
| Certificate type | CSR |
|---|---|
| ssl_certificate | Required for all orders. |
| dv_ssl_certificate | Required for all orders. |
| client_certificate | Optional for all orders. |
| code_signing_certificate |
Required for these uses:
|
| Method | Description |
|---|---|
Domain validation emails are sent to these email addresses:
|
|
| dns-cname-token | DNS CNAME record that contains a random value token is created for the domain. |
| http-token | File that contains a random value token is made publicly available on the domain. |
| dns-txt-token | DNS TXT record that contains a random value token is created for the domain. |
| ID | Name |
|---|---|
| sha256 | SHA-256 |
| sha384 | SHA-384 |
| sha512 | SHA-512 |
| sha1 | SHA-1 |
Headers are based on the RFC 2616 specification.
| Status | Description |
|---|---|
| 200 | General success response |
| 201 | Created: Useful for creation of requests, orders, etc |
| 204 | No Content: For successful requests that don't require a response |
| 301 | Moved Permanently: Returned in the unlikely event that a URL has changed. Will also return a LOCATION header with new URL. Clients should resubmit this request and submit future requests to this new URL |
| 302 | Moved Temporarily: Returned in the unlikely event that a URL has changed temporarily. Will also return a LOCATION header with new URL. Clients should resubmit this single request to this new URL |
| 304 | Content not modified: Useful when accessing a URL while waiting for a response. Only used if an IF-NONE-MATCH header was passed |
| 400 | General client error |
| 401 | Unauthorized: Returned if the page is accessed without a valid API Key |
| 403 | User doesn't have permission to perform the requested action |
| 404 | Returned if the page doesn't exist or the API doesn't have permission to interact with a particular item |
| 406 | If the client doesn't specify a valid acceptable content-type |
| 429 | Too many requests. The client has sent too many requests in a given amount of time. |
| 500 | Unexpected behavior that the API couldn't recover from |
| 503 | The system is currently unavailable |
| Status | Description |
|---|---|
| pending | Initial order status. |
| reissue_pending | Reissue was requested and is pending. |
| rejected | Order request was rejected. |
| processing | Order was approved and is being processed. |
| issued | Order was validated and certificate can be downloaded. |
| revoked | Order was revoked. |
| canceled | Order was canceled. |
| needs_csr | Order requires a CSR before it can be processed. |
| needs_approval | Order request requires approval before is can be processed. |
| Status |
|---|
| VALID |
| REVOKED |
| EXPIRED |
| UNDETERMINED |
| Rating |
|---|
| At risk |
| Not secure |
| Secure |
| Very secure |
| Vulnerability |
|---|
| BEAST |
| BREACH |
| CRIME |
| DROWN |
| FREEK |
| Heartbleed |
| LogJam |
| POODLE (SSLv3) |
| POODLE (TLS) |
| RC4 |
| SWEET32 |
| NO_VULNERABILITY_FOUND |
Actual product list will vary by account. Use the Get product list endpoint to see available products.
| Name ID | Group name | Name |
|---|---|---|
| ssl_dv_geotrust | dv_ssl_certificate | GeoTrust Standard DV SSL Certificate |
| ssl_dv_rapidssl | dv_ssl_certificate | RapidSSL Standard DV SSL Certificate |
| ssl_dv_thawte | dv_ssl_certificate | Thawte SSL123 DV |
| ssl_dv_ee | dv_ssl_certificate | Encryption Everywhere DV |
| wildcard_dv_geotrust | dv_ssl_certificate | GeoTrust Wildcard DV SSL Certificate |
| wildcard_dv_rapidssl | dv_ssl_certificate | RapidSSL Wildcard DV SSL Certificate |
| cloud_dv_geotrust | dv_ssl_certificate | GeoTrust Cloud DV |
| ssl_dv_geotrust_flex | dv_ssl_certificate | Geotrust DV SSL |
| ssl_plus | ssl_certificate | Standard SSL Certificate |
| ssl_multi_domain | ssl_certificate | SSL Multi Domain Certificates |
| ssl_wildcard | ssl_certificate | Wildcard Certificate |
| ssl_ev_plus | ssl_certificate | EV SSL Certificate |
| ssl_ev_multi_domain | ssl_certificate | SSL EV Multi Domain Certificate |
| ssl_cloud_wildcard | ssl_certificate | SSL Cloud Certificates |
| ssl_basic | ssl-certificate | Baisc OV |
| ssl_ev_basic | ssl-certificate | Basic EV |
| ssl_thawte_webserver | ssl_certificate | Thawte SSL Webserver OV |
| ssl_ev_thawte_webserver | ssl_certificate | Thawte SSL Webserver EV |
| ssl_geotrust_truebizid | ssl_certificate | GeoTrust TrueBusiness ID OV |
| ssl_ev_geotrust_truebizid | ssl_certificate | GeoTrust TrueBusiness ID EV |
| ssl_securesite_pro | securesite_ssl_certificate | Secure Site Pro SSL |
| ssl_ev_securesite_pro | securesite_ssl_certificate | Secure Site Pro EV SSL |
| ssl_securesite | securesite_ssl_certificate | Secure Site SSL |
| ssl_securesite_multi_domain | securesite_ssl_certificate | Secure Site Multi-Domain SSL |
| ssl_securesite_wildcard | securesite_ssl_certificate | Secure Site Wildcard SSL |
| ssl_ev_securesite | securesite_ssl_certificate | Secure Site EV SSL |
| ssl_ev_securesite_multi_domain | securesite_ssl_certificate | Secure Site EV Multi-Domain SSL |
| ssl_securesite_flex | securesite_ssl_certificate | Secure Site OV |
| ssl_ev_securesite_flex | securesite_ssl_certificate | Secure Site EV |
| client_premium | client_certificate | Client Premium Certificate |
| client_email_security_plus | client_certificate | Client Email Security Plus Certificate |
| client_digital_signature_plus | client_certificate | Client Digital Signature Plus Certificate |
| class1_smime | client_certificate | Class 1 S/Mime Certificate |
| client_grid_premium | grid_certificate | GRID Client Premium Certificate |
| grid_host_ssl | grid_certificate | GRID Host SSL Plus Certificate |
| grid_host_ssl_multi_domain | grid_certificate | GRID Host SSL Multi Domain Certificates |
| client_grid_robot_fqdn | grid_certificate | GRID Robot FQDN Certificate |
| client_grid_robot_name | grid_certificate | GRID Robot Name Certificate |
| client_grid_robot_email | grid_certificate | GRID Robot Email Certificate |
| private_ssl_plus | private_ssl_certificate | Private SSL Plus Certificate |
| private_ssl_wildcard | private_ssl_certificate | Private SSL Wildcard Certificate |
| private_ssl_multi_domain | private_ssl_certificate | Private SSL Multi Domain Certificate |
| code_signing | code_signing_certificate | Code Signing Certificate |
| code_signing_ev | code_signing_certificate | EV Code Signing Certificate |
| document_signing_org_1 | document_signing | Document Signing Organization (2000) Certificate |
| document_signing_org_2 | document_signing | Document Signing Organization (5000) Certificate |
| Type |
|---|
| client_certificate |
| code_signing_certificate |
| dv_ssl_certificate |
| ssl_certificate |
When downloading a certificate, the server platform determines in which format the certificate should be sent.
| Platform | Certificate format | ID |
|---|---|---|
| Apache | apache | 2 |
| Barracuda | default | 41 |
| Bea Weblogic 7 and older | pem_all | 29 |
| BEA Weblogic 8 & 9 | p7b | 42 |
| Cisco | default | 30 |
| Citrix (Other) | pem_noroot | 39 |
| Citrix Access Essentials | default | 46 |
| Citrix Access Gateway 4.x | pem_noroot | 50 |
| Citrix Access Gateway 5.x and higher | apache | 58 |
| cPanel | apache | 43 |
| F5 Big-IP | apache | 31 |
| F5 FirePass | apache | 32 |
| IBM HTTP Server | default_cer | 7 |
| Java Web Server (Javasoft / Sun) | p7b | 10 |
| Juniper | default | 33 |
| Lighttpd | apache | 44 |
| Lotus Domino | default | 11 |
| Mac OS X Server | apache | 49 |
| Microsoft Exchange Server 2003 | cer | 47 |
| Microsoft Exchange Server 2007 | cer | 36 |
| Microsoft Exchange Server 2010 | cer | 48 |
| Microsoft Exchange Server 2013 | cer | 68 |
| Microsoft Exchange Server 2016 | cer | 71 |
| Microsoft Forefront Unified Access Gateway | cer | 66 |
| Microsoft IIS 1.x to 4.x | default | 13 |
| Microsoft IIS 10 | cer | 70 |
| Microsoft IIS 5 or 6 | cer | 14 |
| Microsoft IIS 7 | cer | 40 |
| Microsoft IIS 8 | cer | 67 |
| Microsoft Live Communications Server 2005 | cer | 37 |
| Microsoft Lync Server 2010 | cer | 59 |
| Microsoft Lync Server 2013 | cer | 69 |
| Microsoft OCS R2 | p7b | 60 |
| Microsoft Office Communications Server 2007 | cer | 38 |
| Microsoft Small Business Server 2008 & 2011 | default | 62 |
| Netscape Enterprise Server | default | 15 |
| Netscape iPlanet | default | 9 |
| nginx | pem_noroot | 45 |
| Novell iChain | default | 65 |
| Novell NetWare | cer | 17 |
| Oracle | default | 18 |
| Qmail | pem_all | 34 |
| SunOne | default | 35 |
| Tomcat | p7b | 24 |
| WebStar | default | 26 |
| Zeus Web Server | default | 28 |
| Other | default | -1 |
| Platform | ID |
|---|---|
| Adobe AIR | 52 |
| Apple OS X | 53 |
| Microsoft Authenticode | 51 |
| Microsoft Office VBA | 54 |
| Mozilla | 56 |
| Sun Java | 55 |
| Other | 57 |
| Platform | Device type | ID |
|---|---|---|
| AEP Keyper | HSM | 15 |
| ARX PrivateServer | HSM | 16 |
| Bull Trustway Crypto PCI | HSM | 17 |
| ePass3003 | Token | 21 |
| SafeNet eToken 5100 | Token | 6 |
| SafeNet eToken 5105 | Token | 7 |
| SafeNet eToken 5110 | Token | 19 |
| SafeNet eToken 5110 FIPS | Token | 20 |
| SafeNet eToken 5200 | Token | 8 |
| SafeNet eToken 5205 | Token | 9 |
| SafeNet eToken PRO 72K | Token | 3 |
| SafeNet eToken PRO Anywhere | Token | 2 |
| SafeNet iKey 4000 | Token | 10 |
| Safenet Luna | HSM | 12 |
| Thales nShield | HSM | 13 |
| Utimaco CryptoServer | HSM | 14 |
|
Other Must be a FIPS 140-2 Level 2 device. |
HSM | -1 |
| Permission action |
|---|
| add_domains |
| create_child_enterprise |
| create_child_reseller |
| create_child_retail |
| create_containers |
| create_discovery_report |
| create_discovery_scan |
| create_discovery_sensor |
| create_domains |
| create_guest_keys |
| create_organizations |
| create_users |
| delete_account_scans |
| delete_scan |
| edit_container |
| edit_domains |
| edit_guest_keys |
| edit_organizations |
| edit_users |
| manage_account_metadata |
| manage_api_access |
| manage_discovery_report |
| manage_discovery_scan |
| manage_discovery_sensor |
| manage_finances |
| manage_guest_keys |
| manage_ip_access |
| manage_order_user_access |
| manage_orders |
| manage_org_container_assignments |
| manage_requests |
| manage_settings |
| manage_tfa |
| manage_user_container_assignments |
| place_orders |
| review_requests |
| saml_attribute_mapping |
| saml_manage_idp |
| saml_map_idp |
| saml_organization_mapping |
| saml_sso |
| tools_links |
| update_scan |
| view_api_access |
| view_child_account |
| view_container |
| view_discovery_report |
| view_discovery_scan |
| view_discovery_sensor |
| view_domains |
| view_finances |
| view_guest_keys |
| view_orders |
| view_organizations |
| view_reports |
| view_scan |
| view_users |
| Type | Description |
|---|---|
| retail | CertCentral Basic account |
| enterprise | CertCentral Enterprise account |
| reseller | CertCentral Reseller account |
| managed | API only account (no CertCentral UI access) |
| Status | Description |
|---|---|
| active | Normal user status. |
| incomplete | User has not completed the sign up process. |
| inactive | User profile and settings exist, but user cannot sign in. |
| Type |
|---|
| cs |
| ds |
| ev |
| ev_cs |
| grid |
| ov |
| private_grid |
| private_ssl |
| ra_ev |
| ra_ov |
| wfa |