Search in this section

Skip to end of metadata
Go to start of metadata

Instructions for the complete automation of the ordering process for S/MIME certificates. The product GlobalSign - PersonalSign Class 1 is used here as an example. S/MIME Certificates are certificates for the encryption and signing of Email. Currently the S/MIME products are offered by Globalsign.

Table of Contents

Basics of the JSON and XML API

All important information for the use of the JSON and XML API you can find in the General API Basics and the XML API Basics  and JSON API Basics. The specific SSL objects are documented here, the SSL tasks here.

Overview

Flowchart

Task Names, Codes and Routes

TaskTask CodeRoute
CertificateCreate400101POST /certificate
SSLContactCreate400201

POST /sslcontact

CertificateInfo

400104

GET /certificate/$id

PollInfo0905GET /poll
PollConfirm0906PUT /poll/$id
CertificatePrepareOrder

400110

POST /certiicate/prepareOrder

Order Preparation

Contact Create

To be able to order a S/MIME certificate, a technical and administrative contact is required. These must be created beforehand and can then be used for future orders. In case one or more contacts is already present, you can skip this step and use the contact for future tasks.

Example for Contacte Create

Request
POST /sslcontact
{
  "fname": "John",
  "lname": "Doe",
  "phone": "+49-123-12345",
  "fax": "+49-123-12345",
  "email": "john.doe@example.com",
  "title": "Admin",
  "organization": "Company",
  "address": "123 Main Street",
  "pcode": "12345",
  "city": "Anytown",
  "country": "DE",
  "state": "BY"
}
Response
{
    "stid": "20180926-stid",
    "status": {
        "code": "S400201",
        "text": "Contact was created successfully",
        "type": "SUCCESS"
    },
    "object": {
        "type": "contact",
        "value": "100"
    },
    "data": [
        {
            "fname": "John",
            "lname": "Doe",
            "phone": "+49-123-12345",
            "email": "john.doe@example.com",
            "title": "Admin",
            "organization": "Company",
            "address": "123 Main Street",
            "pcode": "12345",
            "city": "Anytown",
            "country": "DE",
            "state": "BY",
            "owner": {
                "user": "user",
                "context": 9
            },
            "id": 100
        }
    ]
}
Request
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400201</code>
        <contact>
            <first>Joe</first>
            <last>Sample</last>
            <phone>+49-941-1234560</phone>
            <email>joe.sample@example.com</email>
            <title>Admin</title>
            <organization>ExampleGmbH</organization>
            <address>Example Street 36000</address>
            <postal_code>12345</postal_code>
            <city>Example City</city>
            <country>DE</country>
            <state>Bayern</state>
        </contact>
    </task>
</request>
Response
<response>
    <result>
        <data/>
        <status>
            <code>S400201</code>
            <text>Contact was successfully created.</text>
            <type>success</type>
            <object>
                <type>contact</type>
                <value>100</value>
            </object>
        </status>
    </result>
</response>

Ordering a S/MIME Certificate

Certificate Create

With the CertificateCreate task you send the order to the system. You have to set certain values:

  • Certificate Type = The attribute MAIL must be used for S/MIME certificates.
  • Admin = ID of the administrative contact.
  • Name = The name of the certificate.  For S/MIME certificates, this is the email for which the certificate is used.
  • Product = Value of the S/MIME certificate, for our example this is GLOBALSIGN_PERSONALSIGN_1
  • First Name = First name
  • Last Name = Last name
  • Term = Desired certificate runtime. The possible runtimes depend on the certificate product.
  • Password = Password to be used to download the S/MIME certificate from Globalsign.
  • Organisational Unit = The responsible organizational unit, e.g. "marketing department".
  • CSR = Value which indicates whether an own CSR is used. The XML tag <has_csr> must be set to true.

Example for certificate create

Route: POST /certificate

Request
{
   "adminContact": {
      "id": 100
   },
   "technicalContact": {
      "id": 100
   },
   "name": "example.com",
   "lifetime": {
      "unit": "MONTH",
      "period": 36
   },
   "software": "APACHESSL",
   "csr": "-----BEGIN CERTIFICATE REQUEST-----MIICujCCAaICAQAwdTELMAkGA1UEBhMCREUxDzANBgNVBAgMBmJhdmFyaTETMBEGA1UEBwwKcmVnZW5zYnVyZzERMA8GA1UECgwIc3VwZXJkZXYxFDASBgNVBAsMC2RldmVsb3BtZW50MRcwFQYDVQQDDA5qdW5rZHJhZ29ucy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSMhi30bENDqWeXp7SfHhi2epocJeuI6bBeqGYyQCM5yuoUyAC6wuQ5xudC+hJ6dnDp8p8l8ObkcLrU8/vZJCVmfHxkQpOy6oIsz8uvNA7VcLqOQfxINxe0lqAD0SAWYUaB2W+4CVqyFxaKIn/1c2Isg+8d8Y/3l/t0lI0CF7Y4Q/EmIh1Rl2cr1ONQd4P+3mx2V0ExYN69zPRIsEHt1bV9Mo3l7QpMybHKANMK4BHVL+F5oL8vyGElLCScm3ryrl4W+C0N5V1SSGLNTfNiDxkPx9dwCc5iBy/X8FfhZ7z3+JdjluWo513wvdwZH+jbWhvQ7wsmnV0lGQoe4jHwF+UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCzQXKkBJWdaGtHLdI9/pqJ/zVCISGsH8lXo8tMBUyZk9cCYdH0hvsVduqNJRpBzNi07ivK/T3+Ru3SUYl0DKlsfHm5IEjf2lYJgJORXS5SRMkr7sYfYSAeGsoUIXc1GC4hBnSFmKN6NoLLbHaAItNDo9AWKVr/1ZqPy9v5vaJpTSzYidrTcZth4lF+i4QqcchorIPq4hSMKWkhZs5tzd/+hAR0XV2hcH1RGcuHTWOJmAvk0Nw2eVxUgNJSmiU0OneyRO4qQoWC/1khDFI0/xt0apn0OeYpcu8rA3aXsHCbcCqpjLUSBZ45szn60KL5sW9/S4y2oUjUbUQb3NW4TFgw-----END CERTIFICATE REQUEST-----",
   "product": "QUICKSSLPREMIUM",
   "authentication": {
      "method": "EMAIL",
      "approverEmails": [
         "admin@example.com",
         "administrator@example.com",
         "hostmaster@example.com",
         "webmaster@example.com",
         "postmaster@example.com"
      ]
   }
}
Response
{
   "stid": "20190702-app3-dev-10171",
   "status": {
      "code": "N400101",
      "text": "Certificate order was started successfully.",
      "type": "NOTIFY"
   },
   "object": {
      "type": "Certificate",
      "value": "example.com"
   },
   "data": [
      {
         "id": 4297543967
      }
   ]
}
Request
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <certificate>
            <certificate_type>MAIL</certificate_type>
            <product>GLOBALSIGN_PERSONALSIGN_1</product>
            <lifetime>36</lifetime>
            <name><![CDATA[joe.sample@example.com]]></name>
            <approver_email><![CDATA[joe.sample@example.com]]></approver_email>
            <password>****</password>
            <firstname>Joe</firstname>
            <lastname>Sample</lastname>
            <organization_unit_name>Development Department</organization_unit_name>
            <has_csr>false</has_csr>
            <admin>
                <id>100</id>
            </admin>
        </certificate>
        <code>400101</code>
    </task>
</request>
Response
<response>
  <result>
    <data>
      <certificate_job>
        <job>
          <id>123456</id>
          <status>RUNNING</status>
        </job>
      </certificate_job>
    </data>
    <status>
      <code>N400101</code>
      <text>Certificate orderwas started successfully.</text>
      <type>notify</type>
      <object>
        <type>certificate</type>
        <value>joe.sample@example.com</value>
      </object>
    </status>
  </result>
</response>

Inquiring and Confirming Poll Messages

By using the CertificateCreate task a job is automatically generated which takes care of the certificate order. As soon as the job is completed, a poll message is generated which needs to be inquired with the PollInfo (0905) task. The poll message contains information about the job. If the job was successful, the ID of the ordered certificate is returned. The job then has to be confirmed with the PollConfirm (0906) task.

Example für Poll Info

Request
GET /poll
Response
{
    "stid": "20180926-stid",
    "status": {
        "code": "S0905",
        "text": "The notification was polled successfully.<",
        "type": "SUCCESS"
    },
    "object": {
        "type": "message",
        "value": "1819853"
    },
    "data": [
        {
            "summary": 2,
            "message": {
                "id": 1819853,
                "job": {
                    "id": 4295609712,
                    "certificate": {
                        "id": 13258,
                        "orderId": "2695961",
						...
                    }
                },
                "stid": "20180926-stid",
                "object": {
                    "type": "ssl",
                    "value": "example.com"
                },
                "status": {
                    "code": "S400101",
                    "type": "SUCCESS"
                }
            }
        }
    ]
}
Request
<request>
	<auth>
		<user>USER</user>
		<context>CONTEXT</context>
		<password>PASSWORD</password>
	</auth>
	<task>
		<code>0905</code>
	</task>
</request>
Response
<response>
	<result>
		<data>
			<summary>1</summary>
			<message>
				<id>650664</id>
				<owner>
					<user>USER</user>
					<context>CONTEXT</context>
				</owner>
				<job>
					<certificate>
						...						
						<id>1485</id>
						...
					</certificate>
					<job_id>536396</job_id>
					<status>
						<code>S400101</code>
						<type>success</type>
						<object>
							<type>ssl</type>
							<value>example.com</value>
						</object>
					</status>
				</job>
			</message>
		</data>
		<status>
			<code>S0905</code>
			<text>The notification was polled successfully.</text>
			<type>success</type>
			<object>
				<type>message</type>
				<value>650664</value>
			</object>
		</status>
	</result>
</response>

Example for Poll Confirm

Request
PUT /poll/{id}
Response
{
    "stid": "20180926-stid",
    "status": {
        "code": "S0906",
        "text": "The notification was confirmed successfully.",
        "type": "SUCCESS"
    },
    "object": {
        "type": "message",
        "value": "1819853"
    }
}
Request
<request>
	<auth>
		<user>USER</user>
		<context>CONTEXT</context>
		<password>PASSWORD</password>
	</auth>
	<task>
		<code>0906</code>
    	<message>
			<id>650664</id>
		</message>
    </task>
</request>
Response
<response>
    <result>
        <data>
            <summary>0</summary>
            <message>
                <id>650664</id>
            </message>
        </data>
        <status>
            <code>S0906</code>
            <text>The notification was confirmed successfully.</text>
            <type>success</type>
            <object>
                <type>message</type>
                <value>650664</value>
            </object>
        </status>
    </result>
</response>

Inquiring Certificate Information

The CertificateInfo task displays all the certificate details. The information can be inquired by sending the ID from the step Inquiring (0905) and Confirming (0906) poll messages.

Request
GET /certificate/$id
Response
{
    "stid": "20180926-stid",
    "status": {
        "code": "S400104",
        "text": "Certificate data were inquired successfully.",
        "type": "SUCCESS"
    },
    "object": {
        "type": "certificate",
        "value": "example.com"
    },
    "data": [
        {
            "created": "2018-09-26T00:00:00.000+0200",
            "updated": "2018-09-26T11:38:08.000+0200",
            "id": 13258,
            "owner": {
                "user": "user",
                "context": 9
            },
            "orderId": "2695961",
            "adminContact": {
                "id": 100
				...
            },
            "technicalContact": {
                "id": 100
				...
            },
            "name": "example.com",
            "lifetime": {
                "unit": "MONTH",
                "period": 12
            },
            "software": "APACHESSL",
            "csr": "-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----",
            "server": "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----\n",
            "serialNumber": "750C3006B23B90D0F396A3D153EB4C8",
            "product": "QUICKSSLPREMIUM",
            "expire": "2019-09-26T12:00:00.000+0200",
            "authentication": {
                "method": "DNS",
                "dns": "example.com.\t\t300\tIN\tTXT\t\"2018092608362142n4sbul8rv8ttv7zkhjgzvyim8n1kpa9lys0uqdszxzs0pa0l\"",
                "provisioning": true
            },
            "certificateTransparencyPrivacy": "PUBLIC",
            "domain": "example.com"
        }
    ]
}
Request
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400104</code>
        <certificate>
            <id>150</id>
        </certificate>
    </task>
</request>
Response
<response>
  <result>
    <data>
      <certificate>
        <order_id>PC201607129800</order_id>
        <admin>
          <first>Joe</first>
          <last>doe</last>
          <phone>+49-0-0</phone>
          <fax>+49-0-0</fax>
          <email>joe.doe@example.com</email>
          <title>Herr</title>
          <organization>example company</organization>
          <address>example street 6</address>
          <postal_code>93047</postal_code>
          <city>example city</city>
          <country>DE</country>
          <state>Bayern</state>
          <owner>
            <user>USER</user>
            <context>CONTEXT</context>
          </owner>
          <updater>
            <user>USER</user>
            <context>CONTEXT</context>
          </updater>
          <id>100</id>
          <created>2015-11-25 10:35:41</created>
          <updated>2015-11-25 10:50:28</updated>
        </admin>
        <name>joe.doe@example.com</name>
        <approver_email>joe.doe@example.com</approver_email>
        <lifetime>36</lifetime>
        <software>NOT_SET</software>
        <server>-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----</server><!-- The S/MIME certificate -->
        <product>GLOBALSIGN_PERSONALSIGN_1</product>
        <sha>SHA2</sha>
        <expire>2017-12-31 23:59:59</expire>
        <password>test1234</password><!-- The password that was set by the customer which is used to download the certificate from the CA -->
        <firstname>Joe</firstname>
        <lastname>doe</lastname>
        <organization_unit_name>marketing</organization_unit_name>
        <owner>
          <user>USER</user>
          <context>CONTEXT</context>
        </owner>
        <updater>
          <user>USER</user>
          <context>CONTEXT</context>
        </updater>
        <id>150</id>
        <created>CREATED</created>
        <updated>UPDATED</updated><
      </certificate>
    </data>
    <status>
      <code>S400104</code>
      <text>Certificate data were inquired successfully.</text>
      <type>success</type>
      <object>
        <type>certificate</type>
        <value>joe.sample@example.com</value>
      </object>
    </status>
  </result>
</response>