This workflow guide is only for OV/EV certificate orders. To used immediate certificate issuance for DV orders, see DV certificate immediate issuance.
When using the API to order certificates, too often time is spent just waiting for the certificate to be issued. By following the steps in this workflow guide, you'll be able to take advantage of our immediate issuance feature, allowing you to get your certificate issued immediately and reduce your API calls by up to 70%.
In order to take advantage of immediate issuance, these prerequisites must be met:
When all of these prerequisites are met, your issued certificate is returned in the response body. If any of these prerequisites are missing, immediate issuance cannot happen.
By default, your CertCentral account is configured for one-step certificate request approvals. For immediate certificate issuance to work, the approval step needs to be bypassed. This can be done in one of two ways:
Because the above configuration changes are mutually exclusive, you'll need to decide which one you want to make based on your specific integration and organizational needs.
Both configurations allow Administrators and Managers to bypass the approval step for OV certificate requests. However, to bypass the EV certificate approval step, the user linked to the API key being used must also be designated as an EV approver.
In your account, in the sidebar menu, click Settings > Preferences.
On the Division Preferences page, scroll down and click + Advanced Settings.
Under Certificate Requests, find the Approval Steps options.
To bypass the approval step, choose one of these approval step options:
When you are finished, click Save Settings.
With the Auto Approve Request feature enabled, the next step is to prevalidate the organization and domains on your certificate.
If your organization and domains have already been prevalidated, you can skip to Submit your certificate order.
Before you can submit an organization for validation, you need to add one to your CertCentral account. This is done using the Create organization endpoint.
This example request body adds the organization to your account using the Create organization endpoint.
{
"name": "DigiCert, Inc.",
"assumed_name": "DigiCert",
"country": "us",
"address": "2801 North Thanksgiving Way",
"address2": "Suite 500",
"city": "Lehi",
"state": "Utah",
"zip": "84043",
"telephone": "801-701-9600",
"container": {
"id": 123456
},
"organization_contact": {
"first_name": "John",
"last_name": "Smith",
"job_title": "IT Admin",
"email": "john.smith@digicert.com",
"telephone": "801-701-9600"
}
}
{
"id": 112236
}
The id
parameter in the response body contains the ID of the newly added organization. You'll use this number in the next step when you submit the organization for validation.
With the organization added, you're ready to submit it for validation using the Organization – Submit for validation endpoint.
Replace the {{organization_id}}
placeholder in the endpoint URL with the ID that was returned in the response body when you added the organization.
This example request body submits the organization for OV and EV certificate validation.
{
"validations": [
{
"type": "ov"
},
{
"type": "ev",
"verified_users": [
{
"id": 112233
}
]
}
]
}
// empty
Repeat this step for each domain to be secured by the certificate.
Now you're ready to add your domain and submit it for validation. To prevalidate a domain, use the Add domain endpoint.
This example request body adds a domain, assigns it to an organization, and submits it for OV and EV certificate validation. It also specifies the DCV method you want to use to demonstrate control over the domain.
{
"name": "example.com",
"organization": {
"id": 112233
},
"validations": [
{
"type": "ov"
},
{
"type": "ev"
}
],
"dcv_method": "email"
}
{
"id": 123356,
"validation_emails": {
"name_scope": "example.com",
"base_emails": [
"postmaster@example.com",
"administrator@example.com",
"hostmaster@example.com",
"admin@example.com",
"webmaster@example.com"
],
"whois_emails": [
"domain-management@example.com"
]
}
}
After submitting your domain for validation, you'll need to complete the domain's DCV before immediate issuance can occur.
All submit order endpoints support immediate certificate issuance (Order EV/OV SSL, Order Secure Site SSL, Order DV SSL).
This example request body sends a certificate request using the Order EV/OV SSL endpoint. Because all immediate issuance requirements have been met, the full certificate chain is returned in the response body.
When using the Skip approval step setting, make sure to include the skip_approval
parameter with a value of true
. See Best practices – Always include skip_approval parameter for more info.
If any of the prerequisites are missing, immediate issuance won't happen, and your request will not return the full certificate chain.
{
"certificate": {
"common_name": "example.com",
"dns_names": [
"sub.example.com",
"app.example.com"
],
"csr": "<csr>",
"server_platform": {
"id": 45
},
"signature_hash": "sha256"
},
"validity_years": 1,
"comments": "Message for the approver",
"disable_renewal_notifications": true,
"dcv_method": "email",
"locale": "en",
"payment_method": "balance",
"skip_approval": true,
"organization": {
"id": 112233
},
"custom_fields": [
{
"metadata_id": 11,
"value": "Invoice #00001"
}
]
}
{
"id": 112339,
"certificate_id": 132345,
"domains": [
{
"id": 1469,
"name": "example.com",
"dns_name": "example.com"
},
{
"id": 1469,
"name": "example.com",
"dns_name": "sub.example.com"
},
{
"id": 1469,
"name": "example.com",
"dns_name": "app.example.com"
}
],
"certificate_chain": [
{
"subject_common_name": "example.com",
"pem": "<pem_certificate>"
},
{
"subject_common_name": "DigiCert SHA2 Secure Server CA",
"pem": "<pem_certificate>"
},
{
"subject_common_name": "DigiCert Global Root CA",
"pem": "<pem_certificate>"
}
]
}