uploadWafCertificate — Adding your SSL certificate to Firewall & CDN

The uploadWafCertificate method uploads the user’s SSL/TLS certificate for use with the Firewall & CDN instead of a SiteLock-generated certificate.

Firewall & CDN doesn’t support uploading RSA 4096-bit keys. The public key of your custom SSL/TLS certificate must be less than 4096 bits.

The API endpoint is:

https://api.sitelock.com/v1/partner

Request format

  • SiteLockOnlineRequest: This element is used to delineate the full API request.

    • authentication: The partner’s username, password, and branding

      • username: The partner’s API username

      • password: The partner’s API password

      • partner: (Optional) The brand name to use in messaging

    • uploadWafCertificate: The method name

      • site_id: The ID of the site for which to upload the certificate

      • certificate: The contents of a certificate file. See the type element for acceptable certificate file formats. The certificate must be Base64 encoded before uploading.

      • type: The acceptable file formats:

        • pem: The PEM file format. Requires the private_key element.

        • cer: The CER file format. Requires the private_key element.

        • pfx: The PFX file format. Requres the passphrase element.

      • private_key: The private key for use with PEM and CER certificates. The file must be Base64 encoded.

      • passphrase: The passphrase for use with PFX certificates

Example request

<SiteLockOnlineRequest>
    <authentication>
        <user>Username</user>
        <password>Password</password>
    </authentication>
    <uploadWAFCertificate>
        <site_id>1234</site_id>
        <certificate>[base64 encoded file data]</certificate>
        <type>pem</type>
        <private_key>[base64 encoded private key file data for pem- and cer-encoded certificates]</private_key>
        <passphrase>[passphrase for pfx-encoded files]</passphrase>
    </uploadWAFCertificate>
</SiteLockOnlineRequest>

Response format

  • SiteLockOnlineResponse: This element is used to delineate the full API response.

    • uploadWafCertificate: The method name

      • message: The detailed success or error message

      • status: Either ok or error

Example success response

If the request is successful, status will be ok.

<SiteLockOnlineResponse>
    <uploadWAFCertificate>
        <message>Successfully uploaded.</message>
        <status>ok</status>
    </uploadWAFCertificate>
</SiteLockOnlineResponse>

Example error response

This request fails under the following circumstances:

  • The user is subscribed to a Firewall & CDN plan that doesn’t support uploading SSL Certificates.

  • The site doesn’t have a certificate installed.

    • You may receive this error due to timing issues. For example, you may have sold a certificate to the user, but a delay in certificate installation could lead to our SSL discovery process not detecting a certificate.

  • Any issue with the certificate or its packaging may also result in an error. For example, the uploaded certificate belongs to a different domain, or the certificate wasn’t Base64 encoded.

  • Please examine the status and message elements to determine the cause of the error.

<SiteLockOnlineResponse>
    <uploadWAFCertificate>
        <code>2</code>
        <message>Invalid input</message>
        <status>error</status>
    </uploadWAFCertificate>
</SiteLockOnlineResponse>
<SiteLockOnlineResponse>
    <uploadWAFCertificate>
        <code>-98</code>
        <message>The plan does not support uploading SSL Certificates.</message>
        <status>error</status>
    </uploadWAFCertificate>
</SiteLockOnlineResponse>