OpenSRS Trust Service API Command Reference

(1)

OpenSRS Trust Service

API Command Reference

September 20, 2012

(2)

Table of Contents

Introduction...4

Purchasing Trust Services ...4

Before you begin...4

Submitting a Trust Service SSL certificate order...5

Contact Set...5

Trust Service contacts...6

Admin, Billing, Signer, and Tech contact requirements...8

Organization contact requirements...9

Examples for contact set...10

Trust Service API commands...14

sw_register (trust_service)...14

Request parameters for sw_register (trust_service)...15

Response parameters for sw_register (trust_service)...24

Examples for sw_register...25

cancel_free_trial...59

Request parameters for cancel_free_trial...60

Response parameters for cancel_free_trial...60

Examples for cancel_free_trial...61

cancel_order...64

Request parameters for cancel_order...64

Response parameters for cancel_order...64

Examples for cancel_order...65

create_token...68

Request parameters for create_token...68

Response parameters for create_token...69

Examples for create_token...69

get_cert...72

Request parameters for get_cert...72

Response parameters for get_cert...73

Examples for get_cert...76

get_order_info...90

Request parameters for get_order_info...90

Response parameters for get_order_info...90

Examples for get_order_info...96

get_product_info...101

Request parameters for get_product_info...101

Response parameters for get_product_info...102

Examples for get_product_info...105

get_products...119

(3)

Response parameters for get_products...120

Examples for get_products...123

parse csr...126

Request parameters for parse_csr...126

Response parameters for parse_csr...127

Examples for parse_csr...129

process_pending...132

Request parameters for process_pending...132

Response parameters for process_pending...132

Examples for process_pending...133

query_approver_list...136

Request parameters for query_approver_list...136

Response parameters for query_approver_list...137

Examples for query_approver_list...138

request_on_demand_scan...143

Request parameters for request_on_demand_scan...143

Response parameters for request_on_demand_scan...144

Examples for request_on_demand_scan...144

resend_approve_email...148

Request parameters for resend_approve_email...148

Response parameters for resend_approve_email...149

Examples for resend_approve_email...149

resend_cert_email...152

Request parameters for resend_cert_email...152

Response parameters for resend_cert_email...153

Examples for resend_cert_email...153

update_order...156

Request parameters for update_order...156

Response parameters for update_order...163

Examples for update_order...164

update_product...171

Request parameters for update_product...171

Response parameters for update_product...172

Examples for update_product...173

(4)

Introduction

This guide provides information about the commands that are specific to the OpenSRS Trust Service.

Purchasing Trust Services

Each request for a Trust Service product generates an order record with an associated order ID. The order record represents the purchase order for the product and tracks the product request through to the final issuance of the product itself by the Trust Service Provider. Once a Trust Service product is successfully issued, it is considered to be an object in its own right and is tracked by a product ID. These concepts also apply to the search functionality which is discussed later in this document.

Note: Some Trust Service products have associated services that can be initiated, or turned on or off. When making such a request, it is the product itself that is referenced, not the order record.

Before you begin

When collecting data from a customer who is purchasing a Trust Service product, we recommend that you take two initial steps before submitting an order.

Step 1 – Use the parse_csr command to parse the CSR for the certificate that is submitted by the purchaser to obtain the encoded CSR data. You can then ask the purchaser to confirm the CSR.

Step 2 (Domain Vetted Certificates Only) - Use the query_approver_list command to query the list of email addresses that are associated with the purchasing customer and ask them to choose one address to ensure they can receive the approval email.

When an order is submitted through the API for a domain vetted certificate, an approval email is sent out by the Trust Service Provider. The customer needs to be able to receive the email, follow its instructions, and approve the Trust Service procurement request.

The email addresses that are available for product approval include the following:

 Domain’s Admin and Technical Contact email addresses.  Generic predefined email addresses within the domain.

(5)

Some organization vetted certificates also validate the domain and require that an approver email is chosen. Organization verification may require additional company information to be submitted directly to the certificate provider as part of the review process.

Submitting a Trust Service SSL certificate order

Once the CSR and approver email address have been confirmed, use the

sw_register command to submit the Trust Service order, including the required customer data, along with the CSR and the approver email address.

Note: For Organization vetted certificates, you must provide Organization

contact information, and you will have some additional approval steps.

Once the order has completed, and the Trust Service product has been issued, you can use the get_order_info command to query the order and obtain the Product ID number. The Product ID number can then be used to manage any extra features of the Trust Service product.

You need to specify the Product ID in the update_product command to enable or disable the Symantec Search-in-Seal features on qualifying Symantec Trust Service products.

Additionally, for Symantec Trust Service products, you need to specify the Product ID in the request_on_demand_scan command to request a malware scan on your website.

Contact Set

Rather than including the entire contact set in every command example in this guide, where it is required, instead of the contact details you will see an ellipsis (...) and a link to this topic where the contact_set parameters are defined. This example shows a portion of the sw_register command with the contact_set

link:

<?xml version='1.0' encoding='UTF-8' standalone='no' ?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>

<OPS_envelope> <header>

(6)

<dt_assoc>

<item key="object"> trust_service</item> <item key="attributes">

<dt_assoc>

<item key='approver_email'>[email protected]</item> <item key='reg_type'>NEW</item>

<item key="contact_set"> ... see "Contact Set" </item>

…

Trust Service contacts

This table lists the contacts that are required for each of the available Trust Service products.

Admin Billing Tech Organization Signer Comodo EV SSL Y Y Y InstantSSL Y PremiumSSL Y PremiumSSL Wildcard Y SSL Y SSL Wildcard Y GeoTrust QuickSSL Y Y Y QuickSSL Premium Y Y Y True BusinessID Y Y Y Y

True BusinessID Wildcard Y Y Y Y

True BusinessID with EV Y Y Y Y

SiteLock

(7)

Admin Billing Tech Organization Signer Premium Y SMB Enterprise Secure Y Symantec SecureSite Y Y Y Y SecureSite Pro Y Y Y Y SecureSite with EV Y Y Y Y

SecureSite Pro with EV Y Y Y Y

thawte

SSL123 Y Y Y Y

SGC SuperCerts Y Y Y Y

SSL Webserver Certificate Y Y Y Y

SSL Webserver Certificate with

EV Y Y Y Y

SSL Webserver Certificate

Wildcard Y Y Y Y

TRUSTe

Privacy Policy Y

Privacy Policy with Seal Y

Trustwave

Domain Vetted (DV) Y

Premium EV Y

Premium SSL Y

(8)

Admin, Billing, Signer, and Tech contact

requirements

Most of the Trust Service products require Admin, Billing, and Tech contact details. Please note the following exceptions:

 Trustwave certificates require only the Admin contact and must include first_name, last_name, address1, city, postal_code, state, country, email, and phone.

 Comodo certificates, other than EV, require only the Organization contact, and must include org_name, address1, city, postal_code, state, country, and email.

 Comodo EV certificates require Organization, Admin, and Signer contacts, and must include address1, city, postal_code, state, country, email, title, first_name, last_name, phone, and org_name (only for

Organization contact).

Note: Fields cannot contain leading or trailing white-spaces.

Parameter

name Obligation Format/Constraints

first_name Required Maximum 64 alphanumeric characters. last_name Required Maximum 64 alphanumeric characters. title Required for

thawte and Symantec certs as well as truebizid_ev and Comodo EV certs

Maximum 64 alphanumeric characters.

org_name Optional Maximum 64 alphanumeric characters. address1 Required Maximum 100 alphanumeric characters. address2 Optional Maximum 100 alphanumeric characters. address3 Optional Maximum 100 alphanumeric characters. city Required Maximum 64 alphanumeric characters. state Required Maximum 32 alphanumeric characters.

(9)

Parameter name Obligation Format/Constraints postal_code Required if country = CA or US

Maximum 32 alphanumeric characters.

country Required Valid ISO-3166 2 letter country code. phone Required Maximum 20 characters, in the format

+CCC.NNNNNNNNNNxEEEE, where C = country code, N = phone number, and E = extension (optional). fax Optional Maximum 20 characters. If supplied, the fax number

must be valid.

email Required Maximum 255 alphanumeric characters, validated according to rfc822.

Organization contact requirements

Organization vetted certificates require Organization contact details.

Parameter

name Obligation Format/Constraints

first_name Optional Maximum 64 alphanumeric characters. last_name Optional Maximum 64 alphanumeric characters. org_name Required Maximum 64 alphanumeric characters. address1 Required Maximum 100 alphanumeric characters. address2 Optional Maximum 100 alphanumeric characters. address3 Optional Maximum 100 alphanumeric characters.

city Required Maximum 64 alphanumeric characters.

state Required Maximum 32 alphanumeric characters. postal_code Required if country =

CA or US

Maximum 32 alphanumeric characters. country Required Valid ISO-3166 2 letter country code. phone Required Maximum 20 characters, in the format

+CCC.NNNNNNNNNNxEEEE, where C = country code, N = phone number, and E = extension (optional).

(10)

Parameter name

Obligation Format/Constraints

fax Optional Maximum 20 alphanumeric characters. If supplied, the fax number must be valid.

Examples for contact set

... <item key='contact_set'> <dt_assoc> <item key="admin"> <dt_assoc> <item key="first_name">Adler</item> <item key="last_name">Adams</item> <item key="phone">+1.4165550123x1812</item> <item key="fax">+1.4165550125</item> <item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 100</item> <item key="address3">Admin</item> <item key="city">Santa Clara</item> <item key="state">CA</item> <item key="country">US</item> <item key="postal_code">90210</item> <item key="url">http://www.example.com</item> </dt_assoc> </item> <item key="billing"> <dt_assoc> <item key="first_name">Bill</item> <item key="last_name">Burton</item> <item key="phone">+1.4165550123x1248</item> <item key="fax">+1.4165550136</item>

(11)

<item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 200</item> <item key="address3">Billing</item> <item key="city">Santa Clara</item> <item key="state">CA</item> <item key="country">US</item> <item key="postal_code">90210</item> <item key="url">http://www.example.com</item> </dt_assoc> </item> <item key="tech"> <dt_assoc> <item key="first_name">Tim</item> <item key="last_name">Tucker</item> <item key="phone">+1.4165550123x1243</item> <item key="fax">+1.4165550125</item> <item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 100</item> <item key="address3">Tech</item> <item key="city">Santa Clara</item> <item key="state">CA</item> <item key="country">US</item> <item key="postal_code">90210</item> <item key="url">http://www.example.com</item> </dt_assoc> </item> <item key="organization"> <dt_assoc>

(12)

<item key="first_name">Jim</item> <item key="last_name">Johnson</item>

<item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 100</item> <item key="address3">Tech</item> <item key="city">Santa Clara</item> <item key="state">CA</item> <item key="country">US</item> <item key="postal_code">90210</item> <item key="url">http://www.example.com</item> </dt_assoc> </item> <item key="signer"> <dt_assoc> <item key="first_name">Adler</item> <item key="last_name">Adams</item> <item key="phone">+1.4165550123x1812</item> <item key="fax">+1.4165550125</item> <item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 100</item> <item key="address3">Admin</item> <item key="city">Santa Clara</item> <item key="state">CA</item>

(13)

</dt_assoc> </item>

(14)

Trust Service API commands

sw_register (trust_service)

Description

Action & object

action = sw_register object = trust_service Usage

Submits a new Trust Service request or renewal order that obeys the Reseller's 'process immediately' flag setting.

Trust Service free trials

Free 30 day trials are available for the following Trust Service products: • GeoTrust—True BusinessID with EV

• Symantec—SecureSite, Secure Site Pro, Secure Site with EV, and Secure Site Pro with EV

• TRUSTe—Hosted Privacy Policy (HPP) and Privacy Policy with Seal (TPS) The free trial lasts for 30 days, and can be cancelled at any time during that 30 day period without incurring a charge by issuing the cancel_free_trial command. After the 30 days, if the order has not been cancelled, the customer is

automatically charged for the term that they selected when they placed the order. The expiry date is calculated from the date that the paid term begins, not the date that the free trial began. For GeoTrust and Symantec, once the order has passed the free trial stage and become activated, you cannot order another free trial for the same domain until the one year period has passed.

Note:The Symantec certs and the GeoTrust True BusinessID with EV certificate

can only be ordered for a one year term when taking advantage of the 30 day free trial offer.

(15)

Request parameters for sw_register (trust_service)

Standard parameters

action = sw_register object = trust_service

registrant_ip = valid IP address of the registrant (optional)

attributes

Attributes

Parameters within the attributes associative array are described below.

Parameter

name Obligation Definition/Value

additional_

domains Required for SAN certificates

Some Trust Service products (referred to as SAN certificates) allow you to specify a list of additional domains or other entities (other than the primary domain) that will be secured by a single SSL certificate. This means that, depending on the

product, you may be able to specify multiple top-level domains, subdomains, IP addresses, internal server names, and more. The total number that you can protect with a single certificate varies by product. Note: The additional domains are priced as packages, so if the certificate can secure four additional

domains, but you specify only two, you will still be charged the full package price. In most cases, you can add more domains to a package for an additional charge. For more information on pricing, see

http://www.opensrs.com/site/services/trust/pricing. The number of additional domains can be added to each product is as follows:

• Quick SSL Premium—4 (subdomains only) • TrueBusiness ID—4 to 24

• TrueBusiness ID EV—4 to 24 • Secure Site EV—1 to 24 • Secure Site Pro EV—1 to 24 • Secure Site Pro—1 to 24 • Secure Site—1 to 24

(16)

Parameter name Obligation Definition/Value • SGC Super Certs—1 to 4 • SSL WebServer EV—1 to 4 • SSL WebServer Certificates—1 to 4 The following products may allow you to enter intranet and local names as well as domain and subdomain names: QuickSSL Premium (subdomains only), Secure Site, Secure Site Pro, SSL Web Server, SGC SuperCerts, True BusinessID.

approver_email Required for domain vetted certificates.

The email of one of the individuals who can approve the Trust Service order. The Trust Service provider sends the approver email to the address that you specify.

base_order_id Optional Create a new order based on the specified previous order. When base_order_id is submitted, reg_type must equal new. All other fields are optional, unless you want to apply new values to those fields.

Note: The original order must have the same product_type as the new order.

contact_set Required The SSL Certificate contact information.

Most products require admin, billing and tech contacts.

All organization vetted certificates require an organization contact.

For admin, tech, and billing contacts for thawte, Symantec, and all EV certificates, title is required. For SiteLock and TRUSTe certificates, the admin contact email address is used when creating a Domain Admin account (if username and password are

specified). If you resend the Domain Admin login information (through the Control Panel), this is the address to which the Domain Admin login credentials are sent.

(17)

Parameter name

Obligation Definition/Value

csr Required for all products except SiteLock, TRUSTe, and GeoTrust Web Site Anti-Malware Scan

The certificate signing request for the required certificate. The Trust Service provider uses this information to generate the certificate.

Important: For Trustwave only, you need to remove the word NEW from the BEGIN and END statements of the CSR before you submit the order.

Note: All certificates require 2048 bit CSRs; however, Symantec will accept 1024 bit CSRs for certificates with expiry dates prior to December 31, 2013, except for EV certs, which require 2048, regardless of the term.

domain Required for orders for domain vetted certificates and for SiteLock and TRUSTe services; not required when requesting a SiteLock upgrade

The domain or hostname for which the Trust Service is ordered.

end_user_

auth_info Optional - used only for SiteLock and TRUSTe

Specify the username and password that the end user will use to log in to the Domain Admin interface where they can manage their account. The login credentials will be sent to the specified

email_address. If you resend the Domain Admin login information (through the Control Panel), this is the address to which the Domain Admin login

credentials are sent.

Please note the following conditions:

• If you specify username and password and the user already exists, the command will fail. • If you specify username but not password,

and the user does not already exist, the user credentials cannot be created and the

command will fail.

• If you specify username but not password, and the user already exists, the service will be

(18)

Parameter name

associated with the existing end user profile. If you want to associate the Trust Service product with an existing account, you only need to include the username value.

For more information see the End user auth info table below.

handle Required Instructions for the processing of the order.  save = Pend the order for the RSP's later

approval.

 process = Process the order immediately. inventory_item

_id Optional for renewals; may be used for certificates that were migrated from TPP.

The certificate product ID number that was used in the TPP system.

This value may be used in place of order_id or product_id.

Note: Do not include this parameter for new orders. order_id Required for

renewals and for SiteLock upgrades if product_id is not submitted.

The order ID number of the Trust Service product to be renewed or upgraded.

This value is not required for certificates that were migrated from TPP if inventory_item_id is submitted.

Note: Do not include this parameter for new orders. period Optional; if not

specified, the default of 1 year is used.

The number of years of the registration period. Allowed values are 1 – 4, depending on the Trust Service that is ordered.

 comodo_ev—1 to 2  comodo_instantssl—1 to 4  comodo_premiumssl—1 to 4  comodo_premiumssl_wildcard—1 to 4  comodo_ssl—1 to 4  comodo_wildcard—1 to 4  malwarescan—1  quickssl—1 to 4  quickssl_premium—1 to 4

(19)

Parameter name Obligation Definition/Value  securesite—1 to 4  securesite_ft—1  securesite_ev—1 to 2  securesite_ev_ft—1  securesite_pro—1 to 4  securesite_pro_ft—1  securesite_pro_ev—1 to 2  securesite_pro_ev_ft—1  sgcsuper_certs—1 to 4  sitelock_basic—1  sitelock_premium—1  sitelock_enterprise—1  ssl123—1 to 4  sslwebserver—1 to 4  sslwebserver_ev—1 to 2  sslwebserver_wildcard—1 to 2  truebizid—1 to 4  truebizid_ev—1 to 2  truebizid_ev_ft—1  truebizid_wildcard—1 to 4  truste_hpp—1 to 3  truste_hpp_ft—1 to 3  truste_tps—1 to 3  truste_tps_ft—1 to 3  trustwave_dv—1 to 3  trustwave_ev—1 to 2  trustwave_premiumssl—1 to 3  trustwave_premiumssl_wildcard—1 to 3 product_id Required for

renewals and for SiteLock upgrades if order_id is

The ID number of the Trust Service product to be renewed or upgraded.

This value is not required for certificates that were migrated from TPP if inventory_item_id is

(20)

Parameter name

not submitted. submitted.

Note: Do not include this parameter for new orders. product_type Required The product type from the SSL Certificate inventory.

Allowed values are:  comodo_ev  comodo_instantssl  comodo_premiumssl  comodo_premiumssl_wildcard  comodo_ssl  comodo_wildcard  malwarescan  quickssl  quickssl_premium  securesite

 securesite_ft (30 day free trial)  securesite_pro

 securesite_pro_ft (30 day free trial)  securesite_ev

 securesite_ev_ft (30 day free trial)  securesite_pro_ev

 securesite_pro_ev_ft (30 day free trial)  sgcsuper_certs  sitelock_basic  sitelock_premium  sitelock_enterprise  ssl123  sslwebserver  sslwebserver_ev  sslwebserver_wildcard  truebizid  truebizid_wildcard  truebizid_ev

(21)

Parameter name

 truebizid_ev_ft (30 day free trial)  truste_hpp (Hosted Privacy Policy)  truste_hpp _ft (30 day free trial)

 truste_tps (TRUSTE Privacy Policy with seal)  truste_tps_ft (30 day free trial)

 trustwave_dv  trustwave_ev

 trustwave_premiumssl

 trustwave_premiumssl_wildcard reg_type Required The type of registration being requested:

 new = Submit a new or Trust Service order.  renew = Renew a Trust Service offering.  upgrade = Upgrade a SiteLock Basic or

Premium SSL certificate to a higher level certificate.

You do not need to specify the domain or the period.

When you upgrade, the product_type changes, you are charged the price for a one year term at the new level, and the new expiry date is one year from the date of the upgrade. Note: This feature is currently available only for SiteLock certificates.

search_in_seal Optional Specifies whether to enable the Symantec Seal-in-Search, which displays the Symantec seal next to the link for your web site in online search results.

Allowed values are:

 0—Do not enable Symantec's Seal-in-Search.  1—Enable Symantec's Seal-in-Search.

Important: If you submit this parameter, you must also submit the trust_seal parameter and set the value to 1.

server_count Required when product_type =

securesite*,

The number of servers on which the Trust Service product will be installed.

(22)

Parameter name Obligation Definition/Value ssl123, sgcsuper_ certs, sslwebserver, sslwebserver _ wildcard, sslwebserver _ev

server_type Optional The type of server software used to generate the CSR.

Allowed values are: Symantec, thawte,

and GeoTrust Comodo  apache2  apacheapachessl  apacheopenssl  apacheraven  apachessl  apachessleay  c2net  cobaltseries  cobaltraq3  cobaltraq2  cpanel  domino  dominogo4626  dominogo4625  ensim  hsphere  iis  iis4  iis5  iplanet  apachessl  citrix  domino  ensim  hsphere  iis4  iis6  iis7  iplanet  javawebserver  netscape  ibmhttp  novell  oracle  other  plesk  redhat  sap  tomcat  webstar

(23)

Parameter name

Symantec, thawte,

and GeoTrust Comodo  ipswitch  netscape  ibmhttp  other  plesk  tomcat  weblogic  website  webstar  webstar4  zeusv3  whmcpanel

Note: Trustwave does not support server types. special_

instructions

Optional Any special instructions regarding the Trust Service purchase.

trust_seal Optional Specifies whether to enable the Symantec Trust Seal on your website. Allowed values are:

 0—Do not enable Symantec's Trust Seal.  1—Enable Symantec's Trust Seal.

End_user_auth_info

Parameters within the end_user_auth_info associative array are described below.

Parameter

email_address Optional - used only for SiteLock and TRUSTe to send Domain Admin credentials

Specify the email address to which you want to send the login credentials (username and password) for Domain Admin.

(24)

Parameter name

Obligation Definition/Value

Note: If you want to associate the Trust Service product with an existing account, only username is required.

password Optional - used only for SiteLock and TRUSTe to create Domain Admin credentials

The password must be at least eight characters.

username Optional - used only for SiteLock and TRUSTe to create Domain Admin credentials

The username must be at least six characters.

Response parameters for sw_register

(trust_service)

Standard parameters

action= reply

object = trust_service

is_success= a Boolean is returned, indicating success or failure of the request

response_code = response code indicating outcome of the request

response_text = message describing the outcome of the request

Attributes

Parameters within the attributes associative array are described below.

Parameter

domain Returned for domain

vetted certificates The domain with which the Trust Service is associated. error_details Returned if

is_success = false

Additional information about the reason for the failure.

Allowed values are:

 error_code—A numeric code that represents the error.

(25)

Parameter name

 error_detail—A description of the error that occurred in a failed transaction.  field_name—The parameter that

caused the error. order_id Returned if

is_success = true The ID number of the Trust Service order.

state Returned if

is_success = true

The state of the order Allowed values are:

 approver-confirmed—Owner has confirmed the domain vetted certificate.  awaiting-approval—Order processed

successfully; waiting for supplier approval.

 cancelled—Pending order was cancelled.

 completed—Order is complete.

 declined—Order cancelled after it was processed or declined by the supplier.  in-progress—Order is in progress.  pending—Order saved as pending.

Examples for sw_register

Note: Title is required in the 'contact set' associative array, for Symantec, thawte, TrueBusiness ID with EV, and Comodo EV certificates.

Example 1

This example is an order for a Symantec SecureSite certificate with seal-in-search and trust seal.

Request

<?xml version='1.0' encoding='UTF-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'>

(26)

<version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>sw_register</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='trust_seal'>1</item> <item key='reg_type'>NEW</item> <item key='seal_in_search'>1</item> <item key='contact_set'>

... see "Contact Set" </item>

<item key='special_instructions'>Test ABC</item> <item key='handle'>process</item>

<item key='csr'>---BEGIN CERTIFICATE REQUEST--- MIIC4TCCAckCAQAwgZsxKTAnBgNVBAMTIHNlY3VyZXNpdGUudGVzdDEyODU4NzYw MzY2MDgub3JnMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rv cm9udG8xDzANBgNVBAoTBm5ld29yZzEPMA0GA1UECxMGUUFEZXB0MSAwHgYJKoZI hvcNAQkBFhFxYWZpdmVAdHVjb3dzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAJ0FDLurKaddUzayM5FgICBhy8DkOaBuYzCiHSFw6xRUf9CjAHpC /MiUM5TnegMiU02COAPmfeHZAERv21CoB/HPDcshewHJywzs8nwcbGncz37eFhNG FQNIif5ExoGAcLS9+d1EAmR1CupTBCCq86lGBa/RdwgUNlvLF5IgZZeKphd/FKaY B2KZmRBxM51WvV6AYmRKb6IsuUZCfHO2FCelThDE0EF99GbfSapVj7woSIu0/PTJ cEX4sHURq6pY3ELfNG0BOzrTsT3Af8T3N5xwD0FMatkDrCPCgVx7sRZ05UqenxBO VWBJQcr5QRZSykxBosGjbqO3QSyGsElIKgkCAwEAAaAAMA0GCSqGSIb3DQEBBAUA A4IBAQCEUGNk45qCJiR4Yuce4relbP22EwK7pyX0+0VZ+F3eUxhpZ6S5WN1Juuru 8w48RchQBjGK1jjUfXJIqn/DgX+yAfMj4aW/ohBmovN2ViuNILvNaj0volwoqyMl NrTmBze69qHMfnMGUUUehMr/Nq4QdQTqxy7EYQkNOqx21gfZcUi6zWCeFTRkasD+

(27)

SYAKsOUIKdrt/Jq5lWFXxhkJHuyA+q1yr/w6zh18JmFAT4y/0q/odFGyIr9yKhQ9 usW1sQ8CT3e3AnU4jq7sBrYFxN0f+92W8gX7WADortA7+6PcSFPrZEoQlr5Brki7

GSwIuTTSlKFRyZ53DbEGjp2ELnnl ---END CERTIFICATE REQUEST--- </item> <item key='period'>1</item> <item key='server_type'>apachessl</item> <item key='server_count'>1</item> <item key='product_type'>securesite</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Response

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>REPLY</item> <item key='object'>TRUST_SERVICE</item> <item key='is_success'>1</item>

<item key='response_text'>Command completed successfully.</item> <item key='response_code'>200</item>

(28)

<item key='domain'>example.com</item> <item key='order_id'>1860</item> <item key='state'>awaiting-approval</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Example 2

This example is for a domain vetted certificate, which requires approval.

Request

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>sw_register</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='approver_email'>[email protected]</item> <item key='reg_type'>NEW</item> <item key='contact_set'> ... see "Contact Set"

(29)

</item> </dt_assoc> </item>

<item key='csr'>---BEGIN CERTIFICATE REQUEST--- MIIC2TCCAcECAQAwgZMxIDAeBgNVBAMTF3NzbDEyMy5xYXJlZ3Jlc3Npb24ub3Jn MQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xDzAN BgNVBAoTBlR1Y293czEQMA4GA1UECxMHUUEgRGVwdDEgMB4GCSqGSIb3DQEJARYR cWFmaXZlQHR1Y293cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDpKz48gJG4ImyJi76kH3AdDZoGNZCC8xgWBUDk4yNXPqe3NxJvZooZIoctP2o8 CX6+xoK8p6jMb9iIz7ZVC9LuoUmoYZZWdoatMUwaz3xIa4Fq7HeLtCE3misKMcZq +QomhLFv2yMSgyzWWitHdW5oVDuT83Xs8FTZG33rI8gut1J9+5fhJV4WKuncfLwM xMrj+5iWm+KwoE86dTarGAPwYhC2FepcblszVbz87Dp1clTJLaN4potMES83RHo1 teHHmJAilNzy2PfRoylbzlQ38x1n10wbhqjMcoDYk6CSB40PlduqbsMjpkOClwu4 H92c2Hmo3bqRGWM2K5SXkj29AgMBAAGgADANBgkqhkiG9w0BAQQFAAOCAQEAKUh6 WH4WtC/LtlJhj+p5i3sLEG/L//8DQh30eOxwMxrSGGZUGTfLBT4RaeDA5JEIF5pK v4MxvDw1+NExMQW3h/9eVWXpGGjvC2EoLgya3ri3OJlQNOyqSzOvNunk0EPaWoO+ v9o2yKdH88e7NQZp8Pw5jhE9RV9u3+mNw2sztqpzcXYDXW3kKI2UiIP3eur2/iiH nSAIRl5NfUPgAzCem/zpM1lc3s+EVKysn2wF4bwOkNyYPo4DmgHCb7ggSQyhh5vN UAoDkyqu2ZScDZTyDG7YOdobMqwbsCT5er5Bq+NWOZyUE+3zO/1VQpznJehaGLrQ N7UAJliUAO+SFFGdxQ== ---END CERTIFICATE REQUEST---</item> <item key='period'>1</item> <item key='server_type'>apachessl</item> <item key='server_count'>1</item> <item key='product_type'>ssl123</item> </dt_assoc> </data_block> </body> </OPS_envelope>

Response

(30)

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>REPLY</item> <item key='object'>TRUST_SERVICE</item>

<item key='response_text'>Command completed successfully.</item> <item key='is_success'>1</item> <item key='response_code'>200</item> <item key='attributes'> <dt_assoc> <item key='domain'>example.com</item> <item key='order_id'>577</item> <item key='state'>awaiting-approval</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Example 3

This example shows a request that failed because the required title field was missing from the contact_set.

Request

(31)

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>sw_register</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='trust_seal'>1</item> <item key='reg_type'>NEW</item> <item key='seal_in_search'>1</item> <item key='contact_set'> <dt_assoc> <item key="admin"> <dt_assoc> <item key="first_name">Adler</item> <item key="last_name">Adams</item> <item key="phone">+1.4165550123x1812</item> <item key="fax">+1.4165550125</item> <item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 100</item> <item key="address3">Admin</item> <item key="city">Santa Clara</item> <item key="state">CA</item>

(32)

<item key="postal_code">90210</item> </dt_assoc> </item> <item key="billing"> <dt_assoc> <item key="first_name">Bill</item> <item key="last_name">Burton</item> <item key="phone">+1.4165550123x1248</item> <item key="fax">+1.4165550136</item> <item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 200</item> <item key="address3">Billing</item> <item key="city">Santa Clara</item> <item key="state">CA</item> <item key="country">US</item> <item key="postal_code">90210</item> </dt_assoc> </item> <item key="tech"> <dt_assoc> <item key="first_name">Tim</item> <item key="last_name">Tucker</item> <item key="phone">+1.4165550123x1243</item> <item key="fax">+1.4165550125</item> <item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 100</item> <item key="address3">Tech</item>

(33)

<item key="city">Santa Clara</item> <item key="state">CA</item> <item key="country">US</item> <item key="postal_code">90210</item> </dt_assoc> </item> <item key="organization"> <dt_assoc> <item key="first_name">Jim</item> <item key="last_name">Johnson</item> <item key="phone">+1.4165550123x1224</item> <item key="fax">+1.4165550126</item> <item key="email">[email protected]</item> <item key="org_name">Example Inc.</item> <item key="address1">32 Oak Street</item> <item key="address2">Suite 100</item> <item key="address3">Tech</item> <item key="city">Santa Clara</item> <item key="state">CA</item> <item key="country">US</item> <item key="postal_code">90210</item> </dt_assoc> </item> </dt_assoc> </item>

<item key='csr'>---BEGIN CERTIFICATE REQUEST--- MIIC4TCCAckCAQAwgZsxKTAnBgNVBAMTIHNlY3VyZXNpdGUudGVzdDEyODU4NzYw MzY2MDgub3JnMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rv cm9udG8xDzANBgNVBAoTBm5ld29yZzEPMA0GA1UECxMGUUFEZXB0MSAwHgYJKoZI hvcNAQkBFhFxYWZpdmVAdHVjb3dzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP

(34)

ADCCAQoCggEBAJ0FDLurKaddUzayM5FgICBhy8DkOaBuYzCiHSFw6xRUf9CjAHpC /MiUM5TnegMiU02COAPmfeHZAERv21CoB/HPDcshewHJywzs8nwcbGncz37eFhNG FQNIif5ExoGAcLS9+d1EAmR1CupTBCCq86lGBa/RdwgUNlvLF5IgZZeKphd/FKaY B2KZmRBxM51WvV6AYmRKb6IsuUZCfHO2FCelThDE0EF99GbfSapVj7woSIu0/PTJ cEX4sHURq6pY3ELfNG0BOzrTsT3Af8T3N5xwD0FMatkDrCPCgVx7sRZ05UqenxBO VWBJQcr5QRZSykxBosGjbqO3QSyGsElIKgkCAwEAAaAAMA0GCSqGSIb3DQEBBAUA A4IBAQCEUGNk45qCJiR4Yuce4relbP22EwK7pyX0+0VZ+F3eUxhpZ6S5WN1Juuru 8w48RchQBjGK1jjUfXJIqn/DgX+yAfMj4aW/ohBmovN2ViuNILvNaj0volwoqyMl NrTmBze69qHMfnMGUUUehMr/Nq4QdQTqxy7EYQkNOqx21gfZcUi6zWCeFTRkasD+ SYAKsOUIKdrt/Jq5lWFXxhkJHuyA+q1yr/w6zh18JmFAT4y/0q/odFGyIr9yKhQ9 usW1sQ8CT3e3AnU4jq7sBrYFxN0f+92W8gX7WADortA7+6PcSFPrZEoQlr5Brki7

GSwIuTTSlKFRyZ53DbEGjp2ELnnl ---END CERTIFICATE REQUEST--- </item> <item key='period'>1</item> <item key='server_type'>apachessl</item> <item key='server_count'>1</item> <item key='product_type'>securesite</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Response

<?xml version='1.0' encoding="UTF-8" standalone="no" ?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd">

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block>

(35)

<dt_assoc>

<item key="protocol">XCP</item> <item key="action">REPLY</item>

<item key="object">TRUST_SERVICE</item>

<item key="response_text">Supplier validation error</item> <item key="error_details">

<dt_array> <item key="0"> <dt_assoc>

<item key="error_detail">Title for admin contact object is missing</item> <item key="field_name">admin-title</item> <item key="error_code">3010</item> </dt_assoc> </item> </dt_array> </item> <item key="response_code">3000</item> <item key="attributes"> <dt_assoc> <item key="domain">example.com</item> <item key="order_id">12345</item> <item key="state">pending</item> </dt_assoc> </item> <item key="is_success">0</item> </dt_assoc> </data_block> </body> </OPS_envelope>

(36)

Example 4

This example shows an order for a TRUSTe Privacy Service certificate.

Request

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key="protocol">XCP</item> <item key="object">TRUST_SERVICE</item> <item key="action">SW_REGISTER</item> <item key="attributes"> <dt_assoc> <item key="product_type">truste_tps</item> <item key="special_instructions">none</item> <item key="domain">example.com</item> <item key="handle">process</item> <item key="period">1</item> <item key="reg_type">NEW</item> <item key="end_user_auth_info"> <dt_assoc> <item key="username">rsanford</item> <item key="password">mypa55w0rd</item> <item key="email_address">[email protected]</item> </dt_assoc> </item>

(37)

<item key="contact_set"> <dt_assoc> <item key="admin"> <dt_assoc> <item key="country">US</item> <item key="address3">Admin</item>

<item key="org_name">Example Inc.</item> <item key="phone">+1.4165550123x1812</item> <item key="last_name">Adams</item>

<item key="address2">Suite 100</item> <item key="state">CA</item>

<item key="email">[email protected]</item> <item key="city">Santa Clara</item>

<item key="postal_code">90210</item> <item key="fax">+1.4165550125</item> <item key="address1">32 Oak Street</item> <item key="first_name">Adler</item> </dt_assoc> </item> </dt_assoc> </item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Response

(38)

<header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key="protocol">XCP</item> <item key="action">SW_REGISTER:REPLY</item> <item key="object">TRUST_SERVICE</item>

<item key="response_text">Command completed successfully.</item> <item key="response_code">200</item> <item key="is_success">1</item> <item key="attributes"> <dt_assoc> <item key="domain">example.com</item> <item key="order_id">6792</item> <item key="state">awaiting-approval</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Example 5

This example shows a renewal order for a QuickSSL certificate.

Request

(39)

<version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>sw_register</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='reg_type'>renew</item> <item key='handle'>process</item> <item key='product_id'>372</item> <item key='domain'>www.example.com</item> <item key='period'>1</item> <item key='product_type'>quickssl</item> <item key='server_type'>apacheopenssl</item> <item key='approver_email'>[email protected]</item> <item key='contact_set'>

... see "Contact Set" </item>

---BEGIN CERTIFICATE

REQUEST---MIICwTCCAakCAQAwfDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgMB09udGFyaW8xEDAO BgNVBAcMB1Rvcm9udG8xEzARBgNVBAoMClR1Y293cyBJbmMxDjAMBgNVBAsMBVNh bGVzMSQwIgYDVQQDDBt3d3cub3BlbnNyc2VtYWlsc2VydmljZS5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa8HMJsATmwVoqE4sKNFrxA9FLb9rP F6E/VgL/zYRjmxJgy7ap7Rh6fXLHHNal/pD/TT0FDe11vcocR/A32Ypbyx9CPvvV 040Ik4k+9XCs7jZm1+vKe9RK/MVQcIVaHCL7apbb0TPNGLRfhav5m/pQ7tBz+uXb fMSchwQ0CjT10gSoNxmC0lFSfR9iCTwxETxeJTKD3xAghSmDFB252EFo9lVWp72u G/ofSyH0QA0fREmMeYvxE3L6+CjnAn91QxT4/Oq9b353GMXOHyEdM7Zn2Ei9aGzt bb7iFpVAEPH96a5fVruDI881KmUzncjhIPhiPATGJxThN/Cv2nWlSfrzAgMBAAGg

(40)

ADANBgkqhkiG9w0BAQUFAAOCAQEAajJJ5SGFyTO/tnqcAEpcBs+e3Q61zokmRXPb Zo/LbuseQYXBcgLvEMQwTlzZBbP4JHHOfKXq2iHyMyaj/OX2MilCspjY+Ds6MJsb kF9tD/R885OS3KP+/umBOz1Q97qx16oKOiuz+KZEh90k141PI2tLbaQlWt9cHtTm IHVg0319JCKbjieq4AqdaHzQO7NLJYXBzU/uAYe0kggGRV4OtYuFLuKZb46SuFAW pzY42a72PJ2a/IzF/azGRRD1JU98DKGY1RnzK2ZXuRG3v7G6j2CZLBGLEKG18lSY qD9+gEzYoTKe4fTNK8yGQ8E2jsW2bE3SG4oq5ghqHZ5vUNzEjw==

---END CERTIFICATE </item> <item key='special_instructions'></item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Response

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key="protocol">XCP</item> <item key="action">SW_REGISTER:REPLY</item> <item key="object">TRUST_SERVICE</item>

<item key="response_text">Command completed successfully.</item> <item key="response_code">200</item>

(41)

<dt_assoc> <item key="domain">example.com</item> <item key="order_id">8321</item> <item key="state">awaiting-approval</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Example 6

This example shows a request to upgrade a SiteLock Basic SSL certificate to SiteLock Premium.

Request

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>SW_REGISTER</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='reg_type'>upgrade</item> <item key='product_type'>sitelock_premium</item>

(42)

<item key='product_id'>47811</item> <item key='handle'>process</item>

...see "Contact Set" </item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Response

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key="protocol">XCP</item> <item key="action">REPLY</item> <item key="object">TRUST_SERVICE</item>

<item key="response_text">Command completed successfully.</item> <item key="response_code">200</item>

(43)

<item key="domain">example.com</item> <item key="order_id">5597</item> <item key="state">awaiting-approval</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Example 7

This example shows an order for a GeoTrust Web Site Anti-Malware Scan certificate.

Request

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>SW_REGISTER</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='domain'>example.com</item> <item key='product_type'>malwarescan</item> <item key='reg_type'>new</item>

(44)

<item key='handle'>process</item> <item key='contact_set'>

... see "Contact Set" </item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Response

<item key="response_text">Command completed successfully.</item> <item key="response_code">200</item> <item key="is_success">1</item> <item key="attributes"> <dt_assoc> <item key="domain">example.com</item> <item key="order_id">6854</item>

(45)

<item key="state">awaiting-approval</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

Example 8

This example shows an order for a 30 day free trial of a Symantec SecureSite certificate.

Request

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key="protocol">XCP</item> <item key="action">sw_register</item> <item key="object">trust_service</item> <item key="attributes"> <dt_assoc> <item key="special_instructions">none</item> <item key="csr">

---BEGIN CERTIFICATE

REQUEST---MIIC1zCCAb8CAQAwgZExHjAcBgNVBAMTFTEzMjA3MDU2NzN0ZXN0aW5nLmNvbTEL MAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8x

(46)

DzANBgNVBAoTBlR1Y293czELMAkGA1UECxMCUUExIDAeBgkqhkiG9w0BCQEWEXFh Zml2ZUB0dWNvd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA vfz5BS7X70AFyqvk05RSe5dsxB8e0aTVkj8YixqPULcMxcNSos/hF9CkWKyYD2iP g8O511Gzw3VA+TWDp+Een1HCyW1uRnnQ/Yepq0J0H4a0kPXh5Mb01WxGVwD5zorm 1QM0gqIW8KTPgUCfi0P+CQkw5TZ2yqJWjcyNwakv/seg2opqUra06jkcdCDliGkW RJfGgJPM1B2fonduruveWDvIiga3+sbfAoBKajX71NgHZtQXZgHZLU2obPU1lvms ZUZGavARcUVt043sJvgZG9xMX8hf0LoT4BLrJ1TK7JWf5Be5ZAkq0Y42Lf1V198/ JKNeMJHPeTvpxkrT0W/R4wIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAIqzgz3z 5JzscIq6XszzrJw79ampGPSz7JE35pjoPAjk7vsjbxnRTAVfLHeSMyjXTFBZB60h lyFO0Ft4KQ8Fj7eKtCoMR2mvhx1UtaoRqJ9y9RJmTJfHmdfHrNa4hLIQqDreE5Tj U4ngidNTTc91qaRrPhAC471BAn7/Ob+ltleIiUuk/ySkh29lR5qQqSTX0FXjsVrN G9gIHn4KAra3W+SgWGJHpVQrCWqqyPDQ7/dj6x1pEli8izkZv33Xw6386nFhSkB0 EH2LCtmzTJNgUicXzbRu4/UXgMJgaFU77fCzCtOBwMTz+ALWIo0NTPwNp5JE/dw0 /GOjMZgid2nuuMY=

---END CERTIFICATE </item> <item key="reg_type">new</item> <item key="period">1</item> <item key="product_type">securesite_ft</item> <item key="server_type">apachessl</item> <item key='contact_set'>

... see "Contact Set" </item> <item key="handle">process</item> <item key="server_count">1</item> <item key="approver_email">[email protected]</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

(47)

Response

<item key="response_text">Command completed successfully.</item> <item key="response_code">200</item> <item key="is_success">1</item> <item key="attributes"> <dt_assoc> <item key="domain">example.com</item> <item key="order_id">7737</item> <item key="state">awaiting-approval</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

(48)

Example 9

This example shows a new order for a QuickSSL certificate based on an existing order.

Request

<?xml version='1.0' encoding='UTF-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>sw_register</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='reg_type'>NEW</item>

<item key='csr'>---BEGIN CERTIFICATE REQUEST--- MIIC2zCCAcMCAQAwgZUxIzAhBgNVBAMTGnJlbmV3dGVzdC5xYXJlZ3Jlc3Npb24u b3JnMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x DzANBgNVBAoTBm5ld29yZzEPMA0GA1UECxMGUUFEZXB0MSAwHgYJKoZIhvcNAQkB FhFxYWZpdmVAdHVjb3dzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKEUMvmJTbZlIM7aBU3vPYJTsJqPFo45fzzgcrrCUMzsnYV8l/9PRELAfvGK eFMI27uGUbeXO3EoklMXd1YZwJickfEBG3dSmR8hGBRHrzhKazqos0UmgS4xIyPl 5Rs/WzRRCdhnV7yqSYmC4SLui/8WTEaYsWy5xgbwI7q4ojZurJ65kjeL3e2q7ftr R/YLvP9Fx6mMTECBFbQxlrlXUQCn/goCfI98zFDQJ/cuPuYuU6Ret4IFU4T8Jn87 jiDa17hqgo/D2rEUfPe1xuk8LgyCcKT0Nemg1uNLihBwwt+nzo7LfyM16BdEFVkG DOVsasYYFRKQDH7dGTUeZ2hhd5MCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQCY +zsCNQ+vtEocKDg+8eAA4hKUhOTbuT2TsfxtQflmihKa0WB5IvKjgVb3MENWwwAi 3+XpYEBlsaI2NYpLjgRGvoQMUiAXC3JeoxxXXfcdmEpLevD0VZfGtm04RRlFPwEx jZESqMjBGROUsjnC3pOjUcb9Y6vFeRWtatCmdbDMKnumrKB1G1G6uA01yQR1vsx0 fjK8bhWxwbCoXCQ8LnlQwb9wQECXJ+vguFdB0u97+XHKZXhxpij12frnYPRyJfec hA6ODlhvJv2k2P19ZjGthGrfW5z7F/mev59a5LX6n4TO1Wp4FZFw4pOJr79umR/K L/tZauY8EjcOfSHZ76vn ---END CERTIFICATE REQUEST---</item> <item key='base_order_id'>8245</item>

(49)

<item key='product_type'>quickssl</item> <item key='contact_set'> <dt_assoc> <item key='admin'> <dt_assoc> <item key='first_name'>Adler</item> <item key='last_name'>Adams</item> <item key='title'>Admin</item>

<item key='org_name'>Example Inc.</item> <item key='address1'>32 Oak Street</item> <item key='address2'>Suite 100</item> <item key='address3'/>

<item key='city'>Santa Clara</item> <item key='state'>CA</item> <item key='country'>US</item> <item key='postal_code'>90210</item> <item key='fax'>+1.4165350155</item> <item key='phone'>+1.4165550123x1812</item> <item key='email'>[email protected]</item> </dt_assoc> </item> </dt_assoc> </item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

(50)

Response

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>REPLY</item> <item key='object'>TRUST_SERVICE</item> <item key='is_success'>1</item>

<item key='response_text'>Command completed successfully.</item> <item key='response_code'>200</item> <item key='attributes'> <dt_assoc> <item key='domain'>example.com</item> <item key='order_id'>8279</item> <item key='state'>awaiting-approval</item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

(51)

Example 10

This example shows a renewal order for a QuickSSL certificate that was submitted by using the order ID.

Request

<?xml version='1.0' encoding='UTF-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>sw_register</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='reg_type'>RENEW</item>

<item key='csr'>---BEGIN CERTIFICATE REQUEST--- MIIC2zCCAcMCAQAwgZUxIzAhBgNVBAMTGnJlbmV3dGVzdC5xYXJlZ3Jlc3Npb24u b3JnMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x DzANBgNVBAoTBm5ld29yZzEPMA0GA1UECxMGUUFEZXB0MSAwHgYJKoZIhvcNAQkB FhFxYWZpdmVAdHVjb3dzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKEUMvmJTbZlIM7aBU3vPYJTsJqPFo45fzzgcrrCUMzsnYV8l/9PRELAfvGK eFMI27uGUbeXO3EoklMXd1YZwJickfEBG3dSmR8hGBRHrzhKazqos0UmgS4xIyPl 5Rs/WzRRCdhnV7yqSYmC4SLui/8WTEaYsWy5xgbwI7q4ojZurJ65kjeL3e2q7ftr R/YLvP9Fx6mMTECBFbQxlrlXUQCn/goCfI98zFDQJ/cuPuYuU6Ret4IFU4T8Jn87 jiDa17hqgo/D2rEUfPe1xuk8LgyCcKT0Nemg1uNLihBwwt+nzo7LfyM16BdEFVkG DOVsasYYFRKQDH7dGTUeZ2hhd5MCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQCY +zsCNQ+vtEocKDg+8eAA4hKUhOTbuT2TsfxtQflmihKa0WB5IvKjgVb3MENWwwAi 3+XpYEBlsaI2NYpLjgRGvoQMUiAXC3JeoxxXXfcdmEpLevD0VZfGtm04RRlFPwEx jZESqMjBGROUsjnC3pOjUcb9Y6vFeRWtatCmdbDMKnumrKB1G1G6uA01yQR1vsx0 fjK8bhWxwbCoXCQ8LnlQwb9wQECXJ+vguFdB0u97+XHKZXhxpij12frnYPRyJfec hA6ODlhvJv2k2P19ZjGthGrfW5z7F/mev59a5LX6n4TO1Wp4FZFw4pOJr79umR/K L/tZauY8EjcOfSHZ76vn ---END CERTIFICATE REQUEST---</item> <item key='handle'>process</item>

(52)

Response

<OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>REPLY</item> <item key='object'>TRUST_SERVICE</item>

<item key='response_text'>Command completed successfully.</item> <item key='response_code'>200</item> <item key='attributes'> <dt_assoc> <item key='domain'>example.com</item> <item key='order_id'>8278</item> <item key='state'>awaiting-approval</item> </dt_assoc> </item> <item key='is_success'>1</item> </dt_assoc>

(53)

</data_block> </body>

</OPS_envelope>

Example 11

This example shows a renewal order for a QuickSSL certificate that was submitted by using the product ID.

Request

<?xml version='1.0' encoding='UTF-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <dt_assoc> <item key='protocol'>XCP</item> <item key='action'>sw_register</item> <item key='object'>trust_service</item> <item key='attributes'> <dt_assoc> <item key='inventory_item_id'>8887502</item> <item key='reg_type'>RENEW</item>

<item key='csr'>---BEGIN CERTIFICATE REQUEST---

MIIC1zCCAb8CAQAwgZExHzAdBgNVBAMTFnJhcGlkLnFhcmVncmVzc2lvbi5vcmcxCzAJBgNVBA YTAkNBMQswCQYDVQQIEwJPTjEQMA4GA1UEBxMHVG9yb250bzEPMA0G A1UEChMGbmV3b3JnMQ8wDQYDVQQLEwZRQURlcHQxIDAeBgkqhkiG9w0BCQEWEXFhZml2ZUB0dW Nvd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 3FI2z0xXFk5/0iy3Sw6JiXuN1LJmL61NdvuXH+6WLdWDxsheSzmGLtnELmKuKZAVgby1+13Kuv uxOtutM/EfrnWagrn2cOpR7WDkogRFlYQ14jx8CadjCIviyIsdL+SC ix9HeFYLT/kMcB/i7oWUlroyvOZ6aHFnThvZxl7Yk9su3UNfn9ZL/bj7GjmxMn8lBH9AJvmEvM 8Qa9vLUT4AQR+p7TrdcTeXyBJSt4q1rqKXhq4Q4ChG6rielRu3VN2g x60cCWOl/b04w/psWCBmgUvzFzwmgIfP0a7H+sxsAOFTyCwKBfOBALtKsQWkW4DCM4KpZLQ20W +IfPXvvrJSUwIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAGTZD3sk qLoNK2tx+ciIUBvBXrVNzUm5PSc7LQLfDqKms0zcvQM1nE8Yz+LkbjFZyWIc2njrt8H7AGis/s deKKK9Vi1VU9cOwp+QOgtuLxa/97rBudrLdoUiWYWj2MiR2T9aSf0k vxSRdio3UrJNrygkf1z2I5sEn5HjbiavaSAE/c7yo9EtsTSfp2P/siT2D6a3FOrAwPPyw0RN01

(54)

YslYBgzV+RsTRPdewpIPe85RnCET76R+/cGMsvoe3ayl/lzZS5irkL

ilRltNDFa5NHlxtgJuyvrOtfyqVuro+2nznZYkxZsJun/D+CzA6oamgF/q13Mk60d8dsqH1Ya/ 8rX0g= ---END CERTIFICATE REQUEST---</item>

<item key='handle'>process</item> <item key='product_type'>quickssl</item> <item key='contact_set'> <dt_assoc> <item key='admin'> <dt_assoc> <item key='first_name'>Adler</item> <item key='last_name'>Adams</item> <item key='title'>Administrator</item> <item key='org_name'>Example Co.</item> <item key='address1'>32 Oak Street</item> <item key='address2'>Suite 100</item> <item key='address3'/>

<item key='city'>Santa Clara</item> <item key='state'>CA</item> <item key='country'>US</item> <item key='postal_code'>90210</item> <item key='fax'>+1.4165550125</item> <item key='phone'>+1.4165550123x1812</item> <item key='email'>[email protected]</item> </dt_assoc> </item> </dt_assoc> </item> </dt_assoc> </item> </dt_assoc> </data_block> </body> </OPS_envelope>

(55)

Response

<OPS_envelope> <header> <version>0.9</version> </header> <bo