Suche in diesem Bereich

Skip to end of metadata
Go to start of metadata


Table of Contents

Function

The CertificatePrepareOrder task checks the CSR and generates the authentication data. The check consists of analysing the bit-length of the CSR key, checking the formatting and if the CSR key can be processed. After a successful validation the authentication data is generated based on the chosen product. If the task was successful, the CSR key, the single components of the CSR key and the generated authentication data is returned.

  • The bit-length must be 2048 bit, ECC is also possible starting with 256 bit.
  • The authentication data is returned as a CertAuthentication Object 
  • The authentication data is generated for all products which support the method.
  • If the task is executed before a Reissue or Renewal, the ID of the certificate can also be sent. This also checks that the authentication method does not change without permission.

Description

Route: POST /certificate/_prepareOrder

Request
{
"plain": "-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----",
"product": "QUICKSSLPREMIUM"
}
Response
{
   "stid": "20190702-app2-dev-25345",
   "status": {
      "code": "S400110",
      "text": "CSR key was checked successfully.",
      "type": "SUCCESS"
   },
   "data": [
      {
         "plain": "-----BEGIN CERTIFICATE REQUEST-----\nMIICujCCAaICAQAwdTELMAkGA1UEBhMCREUxDzANBgNVBAgMBmJhdmFyaTETMBEGA1UEBwwKcmVnZW5zYnVyZzERMA8GA1UECgwIc3VwZXJkZXYxFDASBgNVBAsMC2RldmVsb3BtZW50MRcwFQYDVQQDDA5qdW5rZHJhZ29ucy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSMhi30bENDqWeXp7SfHhi2epocJeuI6bBeqGYyQCM5yuoUyAC6wuQ5xudC+hJ6dnDp8p8l8ObkcLrU8/vZJCVmfHxkQpOy6oIsz8uvNA7VcLqOQfxINxe0lqAD0SAWYUaB2W+4CVqyFxaKIn/1c2Isg+8d8Y/3l/t0lI0CF7Y4Q/EmIh1Rl2cr1ONQd4P+3mx2V0ExYN69zPRIsEHt1bV9Mo3l7QpMybHKANMK4BHVL+F5oL8vyGElLCScm3ryrl4W+C0N5V1SSGLNTfNiDxkPx9dwCc5iBy/X8FfhZ7z3+JdjluWo513wvdwZH+jbWhvQ7wsmnV0lGQoe4jHwF+UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCzQXKkBJWdaGtHLdI9/pqJ/zVCISGsH8lXo8tMBUyZk9cCYdH0hvsVduqNJRpBzNi07ivK/T3+Ru3SUYl0DKlsfHm5IEjf2lYJgJORXS5SRMkr7sYfYSAeGsoUIXc1GC4hBnSFmKN6NoLLbHaAItNDo9AWKVr/1ZqPy9v5vaJpTSzYidrTcZth4lF+i4QqcchorIPq4hSMKWkhZs5tzd/+hAR0XV2hcH1RGcuHTWOJmAvk0Nw2eVxUgNJSmiU0OneyRO4qQoWC/1khDFI0/xt0apn0OeYpcu8rA3aXsHCbcCqpjLUSBZ45szn60KL5sW9/S4y2oUjUbUQb3NW4TFgw\n-----END CERTIFICATE REQUEST-----",
         "name": "example.com",
         "keySize": 2048,
         "countryCode": "DE",
         "state": "bavaria",
         "city": "regensburg",
         "organization": "superdev",
         "organizationUnit": "development",
         "product": "QUICKSSLPREMIUM",
         "authentication": [
            {
               "method": "EMAIL",
               "approverEmails": [
                  "admin@example.com",
                  "administrator@example.com",
                  "hostmaster@example.com",
                  "webmaster@example.com",
                  "postmaster@example.com"
               ]
            },
            {
               "method": "DNS",
               "dns": "example.com.\t\t300\tIN\tTXT\t\"2019070211514606zrp8qrfexo5ort70lr7fkvjxocjzszkhpyehtzskbk4ps3g7\"",
               "provisioning": true
            },
            {
               "method": "FILE"
            }
         ],
         "algorithm": "RSA",
         "signatureHashAlgorithm": "SHA256"
      }
   ]
}

Task number: 400110
Uses CertificateRequest object

CertificatePrepareOrder Request
<request>
    <auth>
        <user>USER</user>
        <password>PASSWORD</password>
        <context>CONTEXT</context>
    </auth>
    <task>
        <code>400110</code>
        <certificate_request>
            <product>TRUEBIZID</product>
            <plain><![CDATA[-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----]]></plain>
        </certificate_request>
    </task>
</request>
CertificatePrepareOrder Response
<response>
    <result>
        <data>
            <certificate_request>
                <plain><![CDATA[-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----]]></plain>
                <name>example.com</name>
                <key_size>2048</key_size>
                <country_code>DE</country_code>
                <state><BY</state>
                <city>examplecity</city>
                <organization>example company/organization>
                <organization_unit></organization_unit>
                <email>example@email.com</email>
                <product>TRUEBIZID</product>
                <san>san001.com</san>
                <san>san002.com</san>
                <san>san003.com</san>
                <san>san004.com</san>
                <authentication>
                    <method>DNS</method>
                    <dns>example.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns>
                </authentication>
                <authentication>
                    <method>EMAIL</method>
                    <approver_email>webmaster@example.com</approver_email>
                    <approver_email>administrator@example.com</approver_email>
                    <approver_email>hostmaster@example.com</approver_email>
                    <approver_email>postmaster@example.com</approver_email>
                    <approver_email>root@example.com</approver_email>
                    <approver_email>admin@example.com</approver_email>
                </authentication>
                <authentication>
                    <method>FILE</method>
                </authentication>
                <algorithm>RSA</algorithm>
            </certificate_request>
        </data>
        <status>
            <code>S400110</code>
            <text>CSR key was checked successfully.</text>
            <type>success</type>
        </status>
    </result>
</response>

Possible Error Messages

  • EF4001007 - Key length is invalid. 2048 bit required. 
  • EF4001019 - The CSR-Key is password protected.
  • EF4001004 - CSR key could not be processed.