Glossary

1

Administrator

Full administrative access, including create divisions and users, manage user access.

2

Limited user

Place and manage only their own orders.

3

Finance manager

Manage finances, place and manage orders.

4

Manager

Manage finances, create and approve requests, manage orders and domains, view and edit users.

5

Standard user

Place and manage orders. All changes require approval by a manager or administrator.

0

N/A

No restrictions. Permissions are inherited from access role of the user that is assigned to the key.

100

Orders

Limits the key to these actions: Orders, Requests, and Certificates.

101

Orders, Domains, Organizations

Limits the key to these actions: Orders, Requests, Organizations, and Domains.

102

View Only

Limits key to GET requests only.

103

User Management

Limits key to these actions: Users.

psp_as

This role applies to account servicing payment service provider entities. These entities manage payment accounts on behalf of customers, enabling access to the accounts for payment initiation or other services. It typically includes banks or institutions that provide online banking.

psp_pi

This role applies to payment initiation service providers entities. These entities initiate payments on behalf of the customer directly from their bank accounts. 

psp_ai

This role applies to account information service provider entities. These entities offer account aggregation services, consolidating information from multiple payment accounts held by a customer across different financial institutions.

psp_ic

This role applies to issuers of card-based payment instruments. These institutions are responsible for issuing credit or debit cards to customers and providing related payment services, including managing card payments and processing transactions.

default

application/zip

.crt

ZIP archive containing individual root, intermediate, and end-entity certificate files.

apache

application/zip

.crt

ZIP archive containing individual intermediate and end-entity certificate files.

default_cer

application/zip

.cer

ZIP archive containing individual root, intermediate, and end-entity certificate files.

cer

application/x-pkcs7-certificates

.cer

Single P7B bundle file containing root, intermediate, and end-entity certificates.

p7b

application/x-pkcs7-certificates

.p7b

Single P7B bundle file containing root, intermediate, and end-entity certificates.

default_pem

application/zip

.crt

ZIP archive containing individual root, intermediate, and end-entity certificate files.

pem_all

application/x-pem-file

.pem

Single PEM bundle containing root, intermediate, and end-entity certificate entries.

pem_nointermediate

application/x-pem-file

.pem

Single PEM file containing only end-entity certificate entry.

pem_noroot

application/x-pem-file

.pem

Single PEM bundle containing intermediate and end-entity certificate entries.

data_encipherment

Include Data Encipherment key usage extension in a Private SSL/TLS certificate.

non_repudiation

Include Non-Repudiation key usage extension in a Private SSL/TLS certificate.

non_repudiation_and_data_enciph

Include both Non-Repudiation and Data Encipherment key usage extensions in a Private SSL/TLS certificate.

http_signed_exchange

Include CanSignHTTPExchanges extension in an OV or EV SSL/TLS certificate.

delegated_credentials

Include DelegationUsage extension in an OV or EV SSL/TLS certificate.

ocsp_must_staple

Include OCSP Must-Staple extension in an OV or EV SSL/TLS certificate.

intel_vpro_eku

Include Intel vPro EKU (Extended Key Usage) field in an OV SSL/TLS certificate.

kdc_smart_card

Include KDC/SmartCardLogon EKU (Extended Key Usage) field in an OV SSL/TLS certificate.

server_auth_only_eku

Include only the serverAuth EKU (Extended Key Usage) field in an OV or EV SSL/TLS certificate and X9 PKI for TLS certificates.

Note: From October 1, 2025, all TLS certificates will include only the Server Authentication EKU by default.

client_auth_only_eku

Include only the Client Authentication EKU in the X9 PKI for TLS certificate.

anything

No input validation. Uses the input html tag for the form field.

text

No input validation. Uses the textarea html tag for the form field.

int

Allows only integers as input. Uses the input html tag for the form field.

email_address

Allows only a single valid email address as input. Uses the input html tag for the form field.

email_list

Allows multiple valid email addresses as input. Does not allow duplicate email addresses. Uses the input html tag for each email address.

AUD

Australian dollar

CHF

Swiss franc

GBP

British pound sterling

EUR

Euro

HKD

Hong Kong dollar

JPY

Japanese yen

SGD

Singapore dollar

SEK

Swedish krona

TWD

Taiwan dollar

USD

US dollar

en

English

1

de

German

5

es

Spanish

2

fr

French

3

it

Italian

6

ja

Japanese

13

kr

Korean

14

nl

Dutch

17

pt_br

Portuguese

4

ru

Russian

15

zh_cn

Simplified Chinese

11

zh_tw

Traditional Chinese

12

email

DigiCert emails the certificate to you. Install the certificate on your own supported hardware token or HSM device.

ship_token

DigiCert ships a certified hardware token to the address you provide on the order. To activate your certificate, see Set Up Your DigiCert Provided eToken.

client_app

Use the DigiCert Hardware Certificate Installer to install the certificate on an existing DigiCert provided, certified token. Learn more:

ssl_certificate

Required for all orders.

dv_ssl_certificate

Required for all orders.

client_certificate

Optional for all orders.

code_signing_certificate

Required for these uses:

CSRs for code signing certificates must be ECC P-256 or RSA 3072-bit key sizes or larger.

email

DigiCert sends domain validation emails to the following email addresses:

dns-cname-token

Create a DNS CNAME record for the domain that contains a random value.

http-token

Add a file that contains a random value and make it publicly available on the domain.

DigiCert only supports the use of the file-based DCV method to demonstrate control over fully qualified domain names (FQDNs) exactly as named in the certificate request. To learn more, visit File-based domain control validation (http-token and http-token-dynamic).

http-token-dynamic

Add a file with a random file name that contains a random value and make it publicly available on the domain (http://{domain-name}/.well-known/pki-validation/{filename}.txt).

DigiCert only supports the use of the file-based DCV method to demonstrate control over fully qualified domain names (FQDNs) exactly as named in the certificate request. To learn more, visit File-based domain control validation (http-token and http-token-dynamic).

dns-txt-token

Create a DNS TXT record for the domain that contains a random value.

token-based*

To verify control over the domain, DigiCert checks the domain's DNS TXT and DNS CNAME records and the domain's website until we find the DigiCert-generated random value.

Supported token-based DCV methods:

*Note: To enable the new token-based DCV method for your CertCentral account, please contact your account manager or DigiCert Support.

http-token-static (Deprecated)

A legacy value for file-based DCV. The http-token-static label has the same meaning as http-token.

sha256

SHA-256

sha384

SHA-384

sha512

SHA-512

sha1

SHA-1

Note: Per industry standards, DigiCert does not support SHA-1 for publicly trusted certificates, including:

200

General success response

201

Created: Useful for creation of requests, orders, etc

204

No Content: For successful requests that don't require a response

301

Moved Permanently: Returned in the unlikely event that a URL has changed. Will also return a LOCATION header with new URL. Clients should resubmit this request and submit future requests to this new URL

302

Moved Temporarily: Returned in the unlikely event that a URL has changed temporarily. Will also return a LOCATION header with new URL. Clients should resubmit this single request to this new URL

304

Content not modified: Useful when accessing a URL while waiting for a response. Only used if an IF-NONE-MATCH header was passed

400

General client error

401

Unauthorized: Returned if the page is accessed without a valid API Key

403

User doesn't have permission to perform the requested action

404

Returned if the page doesn't exist or the API doesn't have permission to interact with a particular item

406

If the client doesn't specify a valid acceptable content-type

429

Too many requests. The client has sent too many requests in a given amount of time.

500

Unexpected behavior that the API couldn't recover from

503

The system is currently unavailable

pending

Initial order status.

reissue_pending

Reissue was requested and is pending.

rejected

Order request was rejected.

processing

Order was approved and is being processed.

issued

Order was validated and certificate can be downloaded.

revoked

Order was revoked.

canceled

Order was canceled.

needs_approval

A CertCentral admin or manager must approve the order request before DigiCert can process the order.

expired

Order has expired.

waiting_pickup

For client certificates, the order is ready and DigiCert has emailed the recipient a link to generate the certificate.

VALID

REVOKED

EXPIRED

UNDETERMINED

At risk

Not secure

Secure

Very secure

BEAST

BREACH

CRIME

DROWN

FREEK

Heartbleed

LogJam

POODLE (SSLv3)

POODLE (TLS)

RC4

SWEET32

NO_VULNERABILITY_FOUND

balance

Pay with account balance.

card

Pay with a new credit card.

profile

Pay with default credit card saved to the account.

ssl_dv_geotrust

dv_ssl_certificate

GeoTrust Standard DV SSL Certificate

ssl_dv_rapidssl

dv_ssl_certificate

RapidSSL Standard DV SSL Certificate

ssl_dv_thawte

dv_ssl_certificate

Thawte SSL123 DV

ssl_dv_ee

dv_ssl_certificate

Encryption Everywhere DV

wildcard_dv_geotrust

dv_ssl_certificate

GeoTrust Wildcard DV SSL Certificate

wildcard_dv_rapidssl

dv_ssl_certificate

RapidSSL Wildcard DV SSL Certificate

cloud_dv_geotrust

dv_ssl_certificate

GeoTrust Cloud DV

ssl_dv_geotrust_flex

dv_ssl_certificate

Geotrust DV SSL

ssl_plus

ssl_certificate

Standard SSL Certificate

ssl_multi_domain

ssl_certificate

SSL Multi Domain Certificates

ssl_wildcard

ssl_certificate

Wildcard Certificate

ssl_ev_plus

ssl_certificate

EV SSL Certificate

ssl_ev_multi_domain

ssl_certificate

SSL EV Multi Domain Certificate

ssl_cloud_wildcard

ssl_certificate

SSL Cloud Certificates

ssl_basic

ssl-certificate

Basic OV

ssl_ev_basic

ssl-certificate

Basic EV

ssl_thawte_webserver

ssl_certificate

Thawte SSL Webserver OV

ssl_ev_thawte_webserver

ssl_certificate

Thawte SSL Webserver EV

ssl_geotrust_truebizid

ssl_certificate

GeoTrust TrueBusiness ID OV

ssl_ev_geotrust_truebizid

ssl_certificate

GeoTrust TrueBusiness ID EV

ssl_securesite_pro

securesite_ssl_certificate

Secure Site Pro SSL

ssl_ev_securesite_pro

securesite_ssl_certificate

Secure Site Pro EV SSL

ssl_securesite

securesite_ssl_certificate

Secure Site SSL

ssl_securesite_multi_domain

securesite_ssl_certificate

Secure Site Multi-Domain SSL

ssl_securesite_wildcard

securesite_ssl_certificate

Secure Site Wildcard SSL

ssl_ev_securesite

securesite_ssl_certificate

Secure Site EV SSL

ssl_ev_securesite_multi_domain

securesite_ssl_certificate

Secure Site EV Multi-Domain SSL

ssl_securesite_flex

securesite_ssl_certificate

Secure Site OV

ssl_ev_securesite_flex

securesite_ssl_certificate

Secure Site EV

client_premium

client_certificate

Client Premium Certificate

client_email_security_plus

client_certificate

Client Email Security Plus Certificate

client_digital_signature_plus

client_certificate

Client Digital Signature Plus Certificate

client_authentication_plus

client_certificate

Client Authentication Plus Certificate

class1_smime

client_certificate

Class 1 S/Mime Certificate

client_grid_premium

grid_certificate

GRID Client Premium Certificate

grid_host_ssl

grid_certificate

GRID Host SSL Plus Certificate

grid_host_ssl_multi_domain

grid_certificate

GRID Host SSL Multi Domain Certificates

client_grid_robot_fqdn

grid_certificate

GRID Robot FQDN Certificate

client_grid_robot_name

grid_certificate

GRID Robot Name Certificate

client_grid_robot_email

grid_certificate

GRID Robot Email Certificate

private_ssl_plus

private_ssl_certificate

Private SSL Plus Certificate

private_ssl_wildcard

private_ssl_certificate

Private SSL Wildcard Certificate

private_ssl_multi_domain

private_ssl_certificate

Private SSL Multi Domain Certificate

private_ssl_flex

private_ssl_certificate

Private SSL OV

code_signing

code_signing_certificate

Code Signing Certificate

code_signing_ev

code_signing_certificate

EV Code Signing Certificate

document_signing_org_1

document_signing

Document Signing Organization (2000) Certificate

document_signing_org_2

document_signing

Document Signing Organization (5000) Certificate

vmc_basic

verified_mark_certificate

Verified Mark Certificate

client_certificate

code_signing_certificate

dv_ssl_certificate

ssl_certificate

verified_mark_certificate

add_domains

create_child_enterprise

create_child_reseller

create_child_retail

create_containers

create_discovery_report

create_discovery_scan

create_discovery_sensor

create_domains

create_guest_keys

create_organizations

create_users

delete_account_scans

delete_scan

edit_container

edit_domains

edit_guest_keys

edit_organizations

edit_users

manage_account_metadata

manage_api_access

manage_discovery_report

manage_discovery_scan

manage_discovery_sensor

manage_finances

manage_guest_keys

manage_ip_access

manage_order_user_access

manage_orders

manage_org_container_assignments

manage_requests

manage_settings

manage_tfa

manage_user_container_assignments

place_orders

review_requests

saml_attribute_mapping

saml_manage_idp

saml_map_idp

saml_organization_mapping

saml_sso

tools_links

update_scan

view_api_access

view_child_account

view_container

view_discovery_report

view_discovery_scan

view_discovery_sensor

view_domains

view_finances

view_guest_keys

view_orders

view_organizations

view_reports

view_scan

view_users

ARS

Argentine peso

AUD

Australian dollar

BRL

Brazilian real

GBP

British pound sterling

BND

Brunei dollar

KHR

Cambodia riel

CAD

Canadian dollar

CNY

Chinese yuan renminbi

COP

Colombian peso

EUR

Euro

HKD

Hong Kong dollar

INR

Indian rupee

IDR

Indonesia rupiah

JPY

Japanese yen

LAK

Lao kip

MYR

Malaysian ringgit

MXN

Mexican peso

MMK

Myanmar kyat

NZD

New Zealand dollar

NOK

Norwegian krone

PHP

Philippine peso

RUB

Russian ruble

SGD

Singapore dollar

ZAR

South African rand

KRW

South Korean won

SEK

Swedish krona

CHF

Swiss franc

TWD

Taiwan dollar

THB

Thailand baht

TRY

Turkish lira

USD

US dollar

VND

Vietnam dong

retail

CertCentral Basic account

enterprise

CertCentral Enterprise account

reseller

CertCentral Reseller account

managed

API only account (no CertCentral UI access)

active

Normal user status.

incomplete

User has not completed the sign up process.

inactive

User profile and settings exist, but user cannot sign in.

cs

ds

ev

ev_cs

grid

ov

private_grid

private_ssl

vmc

smime

active

Organization is active. This means:

inactive

Organization is inactive. This means:

pending

The validation is pending.

active

The validation is active.

rejected

DigiCert's validation agents have removed or rejected the validation. To re-submit an organization for validation, use the Submit for validation endpoint.

expired

The validation has expired.

"is_active": true (active)

Domain is active. This means:

"is_active": false (inactive)

Domain is inactive. This means:

pending

The domain validation is pending.

approved

The domain validation is approved and on file.

rejected

DigiCert's validation agents have removed or rejected the validation. To re-submit a domain for validation, use the Submit for validation endpoint.

expired

The validation has expired.