Search in this section

Child pages
  • Reissuing Certificates
Skip to end of metadata
Go to start of metadata

Instructions for completely automating the reissue process for certificates. In our example we are using the product QuickSSLPremium and the authentication method DNS.

Table of contents

Reissue a QuickSSLPremium Certificate

Generate DNS Record and Check CSR (400110)

QuickSSLPremium certificates are validated using TXT records. For this purpose, the zone which is also the common name of the certificate, must be edited to contain a TXT record containing very specific values. By using the CertificatePrepareOrder (400110) task, the provided CSR key is checked for the correct bit-length. In addition, the required validation (authentication) data is generated.

Example TXT : 
domain.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q
"


CertificatePrepareOrder 400110 Request
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400110</code>
        <certificate_request>
            <plain><![CDATA[----BEGIN CERTIFICATE REQUEST----- .... -----END CERTIFICATE REQUEST]]></plain>
            <product>QUICKSSLPREMIUM</product>
        </certificate_request>
    </task>
</request>
CertificatePrepareOrder 400110 Response
<response>
    <result>
        <data>
            <certificate_request>
                <plain><![CDATA[-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----]]></plain>
                <name><![CDATA[domain.com]]></name>
                <key_size>2048</key_size>
                <country_code>DE</country_code>
                <state><![CDATA[Bayern]]></state>
                <city><![CDATA[Regensburg]]></city>
                <organization><![CDATA[Company GmbH]]></organization>
                <organization_unit>Development</organization_unit>
                <email>email@domain.com</email>
                <product>QUICKSSLPREMIUM</product>
                <authentication>
                    <method>DNS</method>
                    <dns>domain.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns>
     				<provisioning>1</provisioning>
                </authentication>
                <authentication>
                    <method>FILE</method>
                    <file_name><![CDATA[http://domain.com/.well-known/pki-validation/fileauth.txt]]></file_name>
                    <file_content><![CDATA[201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q]]></file_content>
                </authentication>
                <algorithm>RSA</algorithm>
                <signature_hash_algorithm>SHA256</signature_hash_algorithm>
            </certificate_request>
        </data>
        <status>
            <code>S400110</code>
            <text>CSR key was checked successfully.</text>
            <type>success</type>
        </status>
    </result>
</response>

Reissue Certificate (400102)

The certificate reissue is initiated with the Certificate Reissue (400102) task. The same exact data is used as for the CertificateCreate (400101) task.

CertificateReissue 400102 Request
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400102</code>
        <certificate>
            <id>100</id>
            <csr><![CDATA[-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----]]></csr>
            <authentication>
                <method>DNS</method><!-- The authentication method -->
                <dns>domain.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns><!-- The generated DNS record -->
				<provisioning>1</provisioning><!-- Triggers the automatic zone provisioning. If the tag is missing or set to 0, no automatic zone provisioning is started. -->
            </authentication>
        </certificate>
    </task>
</request>
CertificateReissue 400102 Response
<response>
    <result>
        <data>
            <certificate_job>
                <job>
                    <id>123456</id><!-- The ID of the created job -->
                    <status>RUNNING</status><!-- The status of the created job -->
                </job>
            </certificate_job>
        </data>
        <status>
            <code>N400102</code>
            <text>Certificate reissue was started successfully.</text>
            <type>notify</type>
        </status>
    </result>
</response>

Inquire (0905) and Confirm (0906) Poll Messages

By using the CertificateCreate task a job is automatically generated which takes care of the certificate order. As soon as the job is completed, a poll message is generated which needs to be inquired with the PollInfo (0905)  task. The poll message contains information about the job. If the job was successful, the ID of the ordered certificate is returned. The job then has to be confirmed with the PollConfirm (0906) task.

PollInfo 0905 Request
<request>
	<auth>
		<user>USER</user>
		<context>CONTEXT</context>
		<password>PASSWORD</password>
	</auth>
	<task>
		<code>0905</code>
	</task>
</request>
PollInfo 0905 Response
<response>
	<result>
		<data>
			<summary>1</summary>
			<message>
				<id>650664</id><!-- The ID of the poll message. -->
				<owner>
					<user>USER</user>
					<context>CONTEXT</context>
				</owner>
				<job>
					<certificate>
						...						
						<id>1485</id><!-- The ID of the certificate -->
						...
					</certificate>
					<job_id>536396</job_id><!-- The ID of the job -->
					<status>
						<code>S400101</code><!-- Displays of the Certificate Create task was successful or not -->
						<type>success</type><!-- Displays of the Certificate Create task was successful or not -->
						<object>
							<type>ssl</type>
							<value>???</value><!-- The name of the certificate -->
						</object>
					</status>
				</job>
			</message>
		</data>
		<status>
			<code>S0905</code>
			<text>The notification was polled successfully.</text>
			<type>success</type>
			<object>
				<type>message</type>
				<value>650664</value>
			</object>
		</status>
	</result>
</response>

Inquire Certificate Information (400104)

The CertificateInfo (400104) task displays all the certificate details. The information can inquired by sending the ID from the step Inquire (0905) and Confirm (0906) Poll Messages.

CertificateInfo 400104 Request
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400104</code>
        <certificate>
            <id>100</id>
        </certificate>
    </task>
</request>
CertificateInfo 400104 Response
<response>
  <result>
    <data>
      <certificate>
        <order_id>1003396954</order_id>
        <technical>
          <first>Joe</first>
            <last>Sample</last>
            <phone>+49-941-1234560</phone>
            <email>joe.sample@domain.com</email>
            <title>Admin</title>
            <organization>Beispiel GmbH</organization>
            <address>Maximilianstrasse 36000</address>
            <postal_code>93047</postal_code>
            <city>Regensburg</city>
            <country>DE</country>
            <state>Bayern</state>
          <owner>
            <user>USER</user>
            <context>CONTEXT</context>
          </owner>
          <updater>
            <user>USER</user>
            <context>CONTEXT</context>
          </updater>
          <id>20398</id>
          <created>2017-01-01 10:35:22</created>
          <updated>2017-01-01 01:05:07</updated>
        </technical>
        <admin>
          <first>Joe</first>
            <last>Sample</last>
            <phone>+49-941-1234560</phone>
            <email>joe.sample@domain.com</email>
            <title>Admin</title>
            <organization>Beispiel GmbH</organization>
            <address>Maximilianstrasse 36000</address>
            <postal_code>93047</postal_code>
            <city>Regensburg</city>
            <country>DE</country>
            <state>Bayern</state>
          <owner>
            <user>USER</user>
            <context>CONTEXT</context>
          </owner>
          <updater>
            <user>USER</user>
            <context>CONTEXT</context>
          </updater>
          <id>20398</id>
          <created>2017-01-01 10:35:22</created>
          <updated>2017-01-01 01:05:07</updated>
        </admin> 
        <name>domain.com</name><!-- The name of the certificate -->
        <lifetime>12</lifetime><!-- The term of the certificate -->
        <software>APACHE2</software>
        <csr><![CDATA[----BEGIN CERTIFICATE REQUEST----- .... -----END CERTIFICATE REQUEST-----]]></csr>
        <server><![CDATA[----BEGIN CERTIFICATE ----- .... -----END CERTIFICATE-----]]></server>
        <serial_number>SERIALNUMBER</serial_number>
        <product>QUICKSSLPREMIUM</product>
        <sha>SHA2</sha>
        <expire>2030-01-01 23:59:59</expire><!-- The expiration date of the certificate -->
        <extension />
        <certification_authority>
          <ca_type>ICA1</ca_type>
          <ca_cert><![CDATA[----BEGIN CERTIFICATE ----- .... -----END CERTIFICATE-----]]></ca_cert>
        </certification_authority>
        <authentication>
          <method>DNS</method>
          <dns>domain.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns>
        </authentication>
        <owner>
          <user>USER</user>
          <context>CONTEXT</context>
        </owner>
        <updater>
          <user>USER</user>
          <context>CONTEXT</context>
        </updater>
        <id>100</id><!-- The ID of the certificate -->
        <created>2017-01-01 00:00:00</created>
        <updated>2017-01-01 14:30:36</updated>
      </certificate>
    </data>
    <status>
      <code>S400104</code>
      <text>Certificate details were inquired successfully.</text>
      <type>success</type>
      <object>
        <type>certificate</type>
        <value>???</value>
      </object>
    </status>
  </result>
</response>


Additional Information

Flowchart


Task Codes and Names