uploadWafCertificate — Adding your SSL certificate to Firewall & CDN

The uploadWafCertificate method uploads the user’s SSL/TLS certificate for use with the Firewall & CDN instead of a SiteLock-generated certificate.

Firewall & CDN doesn’t support uploading RSA 4096-bit keys. The public key of your custom SSL/TLS certificate must be less than 4096 bits.

The API endpoint is:

https://api.sitelock.com/v1/partner

Request format

SiteLockOnlineRequest: This element is used to delineate the full API request.
- authentication: The partner’s username, password, and branding
  - username: The partner’s API username
  - password: The partner’s API password
  - partner: (Optional) The brand name to use in messaging
- uploadWafCertificate: The method name
  - site_id: The ID of the site for which to upload the certificate
  - certificate: The contents of a certificate file. See the type element for acceptable certificate file formats. The certificate must be Base64 encoded before uploading.
  - type: The acceptable file formats:
    
    pem: The PEM file format. Requires the private_key element.
    
    cer: The CER file format. Requires the private_key element.
    
    pfx: The PFX file format. Requres the passphrase element.
  - private_key: The private key for use with PEM and CER certificates. The file must be Base64 encoded.
  - passphrase: The passphrase for use with PFX certificates

Example request

<SiteLockOnlineRequest>
    <authentication>
        <user>Username</user>
        <password>Password</password>
    </authentication>
    <uploadWAFCertificate>
        <site_id>1234</site_id>
        <certificate>[base64 encoded file data]</certificate>
        <type>pem</type>
        <private_key>[base64 encoded private key file data for pem- and cer-encoded certificates]</private_key>
        <passphrase>[passphrase for pfx-encoded files]</passphrase>
    </uploadWAFCertificate>
</SiteLockOnlineRequest>

Response format

SiteLockOnlineResponse: This element is used to delineate the full API response.
- uploadWafCertificate: The method name
  - message: The detailed success or error message
  - status: Either ok or error

Example success response

If the request is successful, status will be ok.

<SiteLockOnlineResponse>
    <uploadWAFCertificate>
        <message>Successfully uploaded.</message>
        <status>ok</status>
    </uploadWAFCertificate>
</SiteLockOnlineResponse>

Example error response

This request fails under the following circumstances:

The user is subscribed to a Firewall & CDN plan that doesn’t support uploading SSL Certificates.
The site doesn’t have a certificate installed.
- You may receive this error due to timing issues. For example, you may have sold a certificate to the user, but a delay in certificate installation could lead to our SSL discovery process not detecting a certificate.
Any issue with the certificate or its packaging may also result in an error. For example, the uploaded certificate belongs to a different domain, or the certificate wasn’t Base64 encoded.
Please examine the status and message elements to determine the cause of the error.

<SiteLockOnlineResponse>
    <uploadWAFCertificate>
        <code>2</code>
        <message>Invalid input</message>
        <status>error</status>
    </uploadWAFCertificate>
</SiteLockOnlineResponse>
<SiteLockOnlineResponse>
    <uploadWAFCertificate>
        <code>-98</code>
        <message>The plan does not support uploading SSL Certificates.</message>
        <status>error</status>
    </uploadWAFCertificate>
</SiteLockOnlineResponse>