Search in this section
Instructions for the complete automation of the ordering process for S/MIME certificates. The product GlobalSign - PersonalSign Class 1 is used here as an example. S/MIME Certificates are certificates for the encryption and signing of Email. Currently the S/MIME products are offered by Globalsign.
Basics of the JSON and XML API
All important information for the use of the JSON and XML API you can find in the General API Basics and the XML API Basics and JSON API Basics. The specific SSL objects are documented here, the SSL tasks here.
Overview
Flow chart
Task names, codes and routes
Task | Task code | Route |
---|---|---|
CertificateCreate | 400101 | POST /certificate |
SSLContactCreate | 400201 | POST /sslcontact |
CertificateInfo | 400104 | GET /certificate/$id |
PollInfo | 0905 | GET /poll |
PollConfirm | 0906 | PUT /poll/$id |
CertificatePrepareOrder | 400110 | POST /certiicate/prepareOrder |
Order preparation
Contact create
To be able to order a S/MIME certificate, a technical and administrative contact is required. These must be created beforehand and can then be used for future orders. In case one or more contacts is already present, you can skip this step and use the contact for future tasks.
Example for contact create
<request> <auth> <user>USER</user> <context>CONTEXT</context> <password>PASSWORD</password> </auth> <task> <code>400201</code> <contact> <first>Joe</first> <last>Sample</last> <phone>+49-941-1234560</phone> <email>joe.sample@example.com</email> <title>Admin</title> <organization>ExampleGmbH</organization> <address>Example Street 36000</address> <postal_code>12345</postal_code> <city>Example City</city> <country>DE</country> <state>Bayern</state> </contact> </task> </request>
<response> <result> <data/> <status> <code>S400201</code> <text>Contact was successfully created.</text> <type>success</type> <object> <type>contact</type> <value>100</value> </object> </status> </result> </response>
Certificate create
With the CertificateCreate task you send the order to the system. You have to set certain values:
- Certificate Type = The attribute MAIL must be used for S/MIME certificates.
- Admin = ID of the administrative contact.
- Name = The name of the certificate. For S/MIME certificates, this is the email for which the certificate is used.
- Product = Value of the S/MIME certificate, for our example this is GLOBALSIGN_PERSONALSIGN_1
- First Name = First name
- Last Name = Last name
- Term = Desired certificate runtime. The possible runtimes depend on the certificate product.
- Password = Password to be used to download the S/MIME certificate from Globalsign.
- Organisational Unit = The responsible organizational unit, e.g. "marketing department".
- CSR = Value which indicates whether an own CSR is used. The XML tag <has_csr> must be set to true.
Example for certificate create
Route: POST /certificate
<request> <auth> <user>USER</user> <context>CONTEXT</context> <password>PASSWORD</password> </auth> <task> <certificate> <certificate_type>MAIL</certificate_type> <product>GLOBALSIGN_PERSONALSIGN_1</product> <lifetime>36</lifetime> <name><![CDATA[joe.sample@example.com]]></name> <approver_email><![CDATA[joe.sample@example.com]]></approver_email> <password>****</password> <firstname>Joe</firstname> <lastname>Sample</lastname> <organization_unit_name>Development Department</organization_unit_name> <has_csr>false</has_csr> <admin> <id>100</id> </admin> </certificate> <code>400101</code> </task> </request>
<response> <result> <data> <certificate_job> <job> <id>123456</id> <status>RUNNING</status> </job> </certificate_job> </data> <status> <code>N400101</code> <text>Certificate orderwas started successfully.</text> <type>notify</type> <object> <type>certificate</type> <value>joe.sample@example.com</value> </object> </status> </result> </response>
Receiving notifications
By using the CertificateCreate task a job is automatically generated which takes care of the certificate order. If the job was successful, the ID of the ordered certificate is returned. The system notification can be retrieved using the Polling and Push methods.
Inquiring certificate information
The CertificateInfo task displays all the certificate details. The information can be inquired by sending the ID from the step Receiving Notifications.
Certificate info - example
<request> <auth> <user>USER</user> <context>CONTEXT</context> <password>PASSWORD</password> </auth> <task> <code>400104</code> <certificate> <id>150</id> </certificate> </task> </request>
<response> <result> <data> <certificate> <order_id>PC201607129800</order_id> <admin> <first>Joe</first> <last>doe</last> <phone>+49-0-0</phone> <fax>+49-0-0</fax> <email>joe.doe@example.com</email> <title>Herr</title> <organization>example company</organization> <address>example street 6</address> <postal_code>93047</postal_code> <city>example city</city> <country>DE</country> <state>Bayern</state> <owner> <user>USER</user> <context>CONTEXT</context> </owner> <updater> <user>USER</user> <context>CONTEXT</context> </updater> <id>100</id> <created>2015-11-25 10:35:41</created> <updated>2015-11-25 10:50:28</updated> </admin> <name>joe.doe@example.com</name> <approver_email>joe.doe@example.com</approver_email> <lifetime>36</lifetime> <software>NOT_SET</software> <server>-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----</server><!-- The S/MIME certificate --> <product>GLOBALSIGN_PERSONALSIGN_1</product> <sha>SHA2</sha> <expire>2017-12-31 23:59:59</expire> <password>test1234</password><!-- The password that was set by the customer which is used to download the certificate from the CA --> <firstname>Joe</firstname> <lastname>doe</lastname> <organization_unit_name>marketing</organization_unit_name> <owner> <user>USER</user> <context>CONTEXT</context> </owner> <updater> <user>USER</user> <context>CONTEXT</context> </updater> <id>150</id> <created>CREATED</created> <updated>UPDATED</updated>< </certificate> </data> <status> <code>S400104</code> <text>Certificate data were inquired successfully.</text> <type>success</type> <object> <type>certificate</type> <value>joe.sample@example.com</value> </object> </status> </result> </response>