Search in this section

Child pages
  • Renewing Certificates
Skip to end of metadata
Go to start of metadata

Instructions for completely automating the certificate renewal process. In our example the product QuickSSLPremium with the authentication method DNS is used.

Table of contents

Renew a QuickSSLPremium certificate

Generate DNS Record and check CSR (400110)

QuickSSLPremium certificates are validated using TXT records. For this purpose, the zone which is also the common name of the certificate, must be edited to contain a TXT record containing very specific values. By using the CertificatePrepareOrder (400110) task, the provided CSR key is checked for the correct bit-length. In addition, the required validation (authentication) data is generated.

Example TXT : 
domain.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q
"


CertificatePrepareOrder 400110 Request
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400110</code>
        <certificate_request>
            <plain><![CDATA[----BEGIN CERTIFICATE REQUEST----- .... -----END CERTIFICATE REQUEST]]></plain>
            <product>QUICKSSLPREMIUM</product>
        </certificate_request>
    </task>
</request>
CertificatePrepareOrder 400110 Response
<response>
    <result>
        <data>
            <certificate_request>
                <plain><![CDATA[-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----]]></plain>
                <name><![CDATA[domain.com]]></name>
                <key_size>2048</key_size>
                <country_code>DE</country_code>
                <state><![CDATA[Bayern]]></state>
                <city><![CDATA[Regensburg]]></city>
                <organization><![CDATA[Company GmbH]]></organization>
                <organization_unit>Entwicklung</organization_unit>
                <email>email@domain.com</email>
                <product>QUICKSSLPREMIUM</product>
                <authentication>
                    <method>DNS</method>
                    <dns>domain.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns>
     				<provisioning>1</provisioning>
                </authentication>
                <authentication>
                    <method>FILE</method>
                    <file_name><![CDATA[http://domain.com/.well-known/pki-validation/fileauth.txt]]></file_name>
                    <file_content><![CDATA[201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q]]></file_content>
                </authentication>
                <algorithm>RSA</algorithm>
                <signature_hash_algorithm>SHA256</signature_hash_algorithm>
            </certificate_request>
        </data>
        <status>
            <code>S400110</code>
            <text>CSR key was checked successfully.</text>
            <type>success</type>
        </status>
    </result>
</response>

Certificate Renew (400106)

The renewal of the certificate is initiated with the CertificateRenew (400106) task. The same exact data that was used for the CertificateCreate (400101) must be used.

  • ID : Certificate ID
  • Contact : QuickSSLPremium requires the use of a technical and administrative contact. The ID of a contact must be used.
  • Name : The name of the certificate
  • Product : For QuickSSLPremium the attribute QUICKSSLPREMIUM must be set.
  • Authentication : The generated authentication data
  • Term : QuickSSLPremium supports a term of 12 or 24 months.
  • Software : Either APACHESSL or IIS5 can be chosen.
  • CSR : The CSR used for the certificate

Notice

The automatic zone provisioning only functions if the zone is managed by AutoDNS and if the SSL Manager and AutoDNS are connected to one another.

CertificateRenew 400106 Request
<request>
    <auth>
        <user>USER</user>
        <password>PASSWORD</password>
        <context>CONTEXT</context>
    </auth>
    <task>
        <certificate>
            <id>100</id>
            <product>QUICKSSLPREMIUM</product>
            <lifetime>12</lifetime>
            <software>APACHE2</software>
            <csr><![CDATA[-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----]]></csr>
            <name><![CDATA[domain.com]]></name>
            <comment />
            <admin>
                <id>100</id>
            </admin>
            <technical>
                <id>100</id>
            </technical>
            <authentication>
                <method>DNS</method>
                <provisioning>0</provisioning>
                <dns>domain.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns>
            </authentication>
            <admin>
                <id>0</id>
            </admin>
        </certificate>
        <code>400106</code>
    </task>
</request>
CertificateRenew 400106 Response
<response>
  <result>
    <data>
      <certificate_job>
        <job>
          <id>123456</id>
          <status>RUNNING</status>
        </job>
      </certificate_job>
    </data>
    <status>
      <code>N400106</code>
      <text>Certificate renewal successfully started.</text>
      <type>notify</type>
      <object>
        <type>certificate</type>
        <value>domain.com</value>
      </object>
    </status>
  </result>
</response>

Inquire (0905) and Confirm (0906) Poll Messages

By using the CertificateRenew task from the previous step, a job is automatically generated which takes care of the certificate order. As soon as the job is completed, a poll message is generated which needs to be inquired with the PollInfo (0905)  task. The poll message contains information about the job. If the job was successful, the ID of the ordered certificate is returned. The job then has to be confirmed with the PollConfirm (0906) task.

PollInfo 0905 Request
<request>
	<auth>
		<user>USER</user>
		<context>CONTEXT</context>
		<password>PASSWORD</password>
	</auth>
	<task>
		<code>0905</code>
	</task>
</request>
PollInfo 0905 Response
<response>
	<result>
		<data>
			<summary>1</summary>
			<message>
				<id>650664</id><!-- The ID of the poll message -->
				<owner>
					<user>USER</user>
					<context>CONTEXT</context>
				</owner>
				<job>
					<certificate>
						...						
						<id>1485</id><!-- The ID of the certificate -->
						...
					</certificate>
					<job_id>536396</job_id><!-- The ID of the job -->
					<status>
						<code>S400101</code><!-- Displays if the certificate renewal was successful or not -->
						<type>success</type><!-- Displays if the certificate renewal was successful or not -->
						<object>
							<type>ssl</type>
							<value>???</value><!-- The name of the certificate -->
						</object>
					</status>
				</job>
			</message>
		</data>
		<status>
			<code>S0905</code>
			<text>The notification was polled successfully.</text>
			<type>success</type>
			<object>
				<type>message</type>
				<value>650664</value>
			</object>
		</status>
	</result>
</response>

Inquire Certificate Information (400104)

The CertificateInfo (400104) task displays all the certificate details. The information can inquired by sending the ID from the step Inquire (0905) and Confirm (0906) Poll Messages.

CertificateInfo 400104 Request
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400104</code>
        <certificate>
            <id>100</id>
        </certificate>
    </task>
</request>
CertificateInfo 400104 Response
<response>
  <result>
    <data>
      <certificate>
        <order_id>1003396954</order_id>
        <technical>
          <first>Michael</first>
            <last>Mustermann</last>
            <phone>+49-941-1234560</phone>
            <email>michael.mustermann@domain.com</email>
            <title>Admin</title>
            <organization>Beispiel GmbH</organization>
            <address>Maximilianstrasse 36000</address>
            <postal_code>93047</postal_code>
            <city>Regensburg</city>
            <country>DE</country>
            <state>Bayern</state>
          <owner>
            <user>USER</user>
            <context>CONTEXT</context>
          </owner>
          <updater>
            <user>USER</user>
            <context>CONTEXT</context>
          </updater>
          <id>20398</id>
          <created>2017-01-01 10:35:22</created>
          <updated>2017-01-01 01:05:07</updated>
        </technical>
        <admin>
          <first>Michael</first>
            <last>Mustermann</last>
            <phone>+49-941-1234560</phone>
            <email>michael.mustermann@domain.com</email>
            <title>Admin</title>
            <organization>Beispiel GmbH</organization>
            <address>Maximilianstrasse 36000</address>
            <postal_code>93047</postal_code>
            <city>Regensburg</city>
            <country>DE</country>
            <state>Bayern</state>
          <owner>
            <user>USER</user>
            <context>CONTEXT</context>
          </owner>
          <updater>
            <user>USER</user>
            <context>CONTEXT</context>
          </updater>
          <id>20398</id>
          <created>2017-01-01 10:35:22</created>
          <updated>2017-01-01 01:05:07</updated>
        </admin> 
        <name>domain.com</name><!-- The name of the certificate -->
        <lifetime>12</lifetime><!-- The term of the certificate -->
        <software>APACHE2</software>
        <csr><![CDATA[----BEGIN CERTIFICATE REQUEST----- .... -----END CERTIFICATE REQUEST-----]]></csr>
        <server><![CDATA[----BEGIN CERTIFICATE ----- .... -----END CERTIFICATE-----]]></server>
        <serial_number>SERIALNUMBER</serial_number>
        <product>QUICKSSLPREMIUM</product>
        <sha>SHA2</sha>
        <expire>2030-01-01 23:59:59</expire><!-- The expiration date of the certificate -->
        <extension />
        <certification_authority>
          <ca_type>ICA1</ca_type>
          <ca_cert><![CDATA[----BEGIN CERTIFICATE ----- .... -----END CERTIFICATE-----]]></ca_cert>
        </certification_authority>
        <authentication>
          <method>DNS</method>
          <dns>domain.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns>
        </authentication>
        <owner>
          <user>USER</user>
          <context>CONTEXT</context>
        </owner>
        <updater>
          <user>USER</user>
          <context>CONTEXT</context>
        </updater>
        <id>100</id><!-- The ID of the certificate -->
        <created>2017-01-01 00:00:00</created>
        <updated>2017-01-01 14:30:36</updated>
      </certificate>
    </data>
    <status>
      <code>S400104</code>
      <text>Certificate details were inquired successfully.</text>
      <type>success</type>
      <object>
        <type>certificate</type>
        <value>???</value>
      </object>
    </status>
  </result>
</response>

Additional Information

Flowchart


Task codes and Names