Additional request structures

CSR parameter

A Certificate Signing Request (CSR) includes a version field and a subject field. The version field specifies the CSR format. In PKCS#10, the version is always 0. The subject field contains identifying attributes of the certificate requester, such as the domain name and organization details. These attributes are defined using Object Identifiers (OIDs) and are listed in the following table.

The attributes can appear in any order.

OID

Supported ASN.1 Type(s)

Max. Length

Description

Required fields

2.5.4.3

64 chars

DirectoryString

The Common Name.

It must contain the fully qualified domain name (FQDN).

Optional fields

2.5.4.10

64 chars

DirectoryString

The organization name.

2.5.4.11

64 chars

DirectoryString

The organizational unit name.

2.5.4.18

40 chars

DirectoryString

The post office box.

2.5.4.9

128 chars

DirectoryString

The street address.

Ensure that multiple street addresses are in the correct order, if present.

2.5.4.9

128 chars

DirectoryString

The second additional street address.

2.5.4.9

128 chars

DirectoryString

The third additional street address.

2.5.4.7

128 chars

DirectoryString

The locality name.

2.5.4.8

128 chars

DirectoryString

The state or province name.

2.5.4.17

40 chars

DirectoryString

The postal code.

2.5.4.6

2 chars

PrintableString

The ISO-3166 two-character code of the country name.

DirectoryString is a choice of PrintableString, TeletexString, BMPString, UniversalString (ASCII only), or UTF8String.

Any other fields are optional and may be present, but they will be ignored.

The Subject Public Key Info field contains the following data:

RSA: OID — rsaEncryption (PKCS#1). The key size must be from 2048 to 8192 bits.
ECC: OID — id-ecPublicKey (RFC3279). Curve: P-256, P-384 or P-521.

Any other attributes are optional and may be present, but they will be ignored.

The possible values for Signature Algorithm are:

md5WithRSAEncryption (PKCS#1)
sha1WithRSAEncryption (PKCS#1)
sha224WithRSAEncryption (PKCS#1)
sha256WithRSAEncryption (PKCS#1)
sha384WithRSAEncryption (PKCS#1)
sha512WithRSAEncryption (PKCS#1)
ecdsa-with-SHA1 (RFC3279)
ecdsa-with-SHA224 (RFC5758)
ecdsa-with-SHA256 (RFC5758)
ecdsa-with-SHA384 (RFC5758)
ecdsa-with-SHA512 (RFC5758)

For the HTTP_CSR_HASH and CNAME_CSR_HASH values of the dcvMethods parameter, support for request tokens has been introduced as defined in the CA/B Forum baseline requirements (version 1.4.1 or later) and as described in Sectigo’s Domain Control Validation.

Request tokens may be ensured to be unique by:

Generating a new CSR each time.
Providing a previously used CSR and omit the uniqueValue. Sectigo will generate and return a uniqueValue.
Passing the uniqueValue parameter together with the CSR to allow reuse of a CSR.

For S/MIME certificate requests, the Microsoft certificate template extension, if provided in the CSR, is automatically extracted for inclusion in the certificate. For VMC/CMC products, the CSR must not contain domain names that are not in the domainNames parameter.

After sending the request, you can use the following APIs to track the order status and get notified about important events:

Certificate Issuance Push and Webhook to notify you when your certificates change status or are signed and available.
GetDetailedOrderStatus API to fetch the detailed status of order for SSL/TLS certificates, HackerGuardian, CodeGuard products.
getAccountBalance API to fetch the current account balance.

`organizationIdentifier` parameter

Specifies a unique identifier for a legal entity based on a recognized registration scheme (for example, NTR, LEI, VAT, PSD, GOV). The value must follow a strict format that combines the identity type, country code, and organization-specific identifier, depending on the selected scheme and certificate type.

Identity Type Relevant For Parameter Structure

Identity Type	Relevant For	Parameter Structure
National Trade Register (NTR)	eIDAS Employee certificates eIDAS Seal certificates eIDAS QWAC Legal certificates Organization-validated S/MIME certificates	When using this identity type, this parameter must contain information using the following structure in the presented order: `NTR` as a three-character legal person identity type reference. The two-character ISO 3166 [2] country code. The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)). The identifier according to the country and the identity type reference.
National Trade Register (NTR)	Organization-validated S/MIME certificates	When using this identity type where registrations are administrated at the subdivision (state or province) level, this parameter must contain information using the following structure in the presented order: `NTR` as a three-character legal person identity type reference. The two-character ISO 3166 [2] country code. The plus '+' (0x2B (ASCII), U+002B (UTF-8)). The two-character ISO 3166-2 identifier for the subdivision, for example, state or province. the hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)). The identifier according to country and identity type reference.
Global Legal Entity (LEI)	eIDAS Employee certificates eIDAS Seal certificates eIDAS QWAC Legal certificates Organization-validated S/MIME certificates	When using this identity type, this parameter must contain information using the following structure in the presented order: `LEI` as 3 character legal person identity type reference. 2 character ISO 3166 [2] country code which is always to be set to the ISO 3166 code 'XG' for LEI identity type. The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)). The identifier according to country and identity type reference.
National Value Added Tax (VAT)	eIDAS Employee certificates eIDAS Seal certificates eIDAS QWAC Legal certificates Organization-validated S/MIME certificates	When using this identity types, this parameter must contain information using the following structure in the presented order: `VAT` as a three-character legal person identity type reference. The two-character ISO 3166 [2] country code. The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)). The identifier according to country and identity type reference.
Payment Service Provider (PSD)	eIDAS Seal issued under PSD2 eIDAS QWAC Legal issued under PSD2	When using this identity type, this parameter must contain information using the following structure in the presented order: `PSD` as a three-character legal person identity type reference. The two-character ISO 3166-1 [8] country code representing the NCA country. The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)) The 2-8 character NCA identifier without country code. For more information, see the preceding the `ncaName` parameter. The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)). PSP identifier — an authorization number as specified by the NCA.
Government Entity (GOV)	Organization-validated S/MIME certificates	When using this identity type in case this is not a subdivision, this parameter must contain information using the following structure in the presented order: `GOV` as a three-character legal person identity type reference. The two-character ISO 3166 [2] country code. When using this identity type for a subdivision of a government entity, this parameter must contain information using the following structure in the presented order: `GOV` as three-character legal person identity type reference. The two-character ISO 3166 [2] country code. The plus '+' (0x2B (ASCII), U+002B (UTF-8)). The two-character ISO 3166-2 identifier for the subdivision, for example, state or province.
International Organization (INT)	Organization-validated S/MIME certificates	When using this identity type, this parameter must always be set to `INTXG`.

National Trade Register (NTR)

eIDAS Employee certificates
eIDAS Seal certificates
eIDAS QWAC Legal certificates
Organization-validated S/MIME certificates

When using this identity type, this parameter must contain information using the following structure in the presented order:

NTR as a three-character legal person identity type reference.
The two-character ISO 3166 [2] country code.
The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).
The identifier according to the country and the identity type reference.

National Trade Register (NTR)

Organization-validated S/MIME certificates

When using this identity type where registrations are administrated at the subdivision (state or province) level, this parameter must contain information using the following structure in the presented order:

NTR as a three-character legal person identity type reference.
The two-character ISO 3166 [2] country code.
The plus '+' (0x2B (ASCII), U+002B (UTF-8)).
The two-character ISO 3166-2 identifier for the subdivision, for example, state or province.
the hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).
The identifier according to country and identity type reference.

Global Legal Entity (LEI)

eIDAS Employee certificates
eIDAS Seal certificates
eIDAS QWAC Legal certificates
Organization-validated S/MIME certificates

When using this identity type, this parameter must contain information using the following structure in the presented order:

LEI as 3 character legal person identity type reference.
2 character ISO 3166 [2] country code which is always to be set to the ISO 3166 code 'XG' for LEI identity type.
The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).
The identifier according to country and identity type reference.

National Value Added Tax (VAT)

eIDAS Employee certificates
eIDAS Seal certificates
eIDAS QWAC Legal certificates
Organization-validated S/MIME certificates

When using this identity types, this parameter must contain information using the following structure in the presented order:

VAT as a three-character legal person identity type reference.
The two-character ISO 3166 [2] country code.
The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).
The identifier according to country and identity type reference.

Payment Service Provider (PSD)

eIDAS Seal issued under PSD2
eIDAS QWAC Legal issued under PSD2

When using this identity type, this parameter must contain information using the following structure in the presented order:

PSD as a three-character legal person identity type reference.
The two-character ISO 3166-1 [8] country code representing the NCA country.
The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8))
The 2-8 character NCA identifier without country code. For more information, see the preceding the ncaName parameter.
The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).
PSP identifier — an authorization number as specified by the NCA.

Government Entity (GOV)

Organization-validated S/MIME certificates

When using this identity type in case this is not a subdivision, this parameter must contain information using the following structure in the presented order:

GOV as a three-character legal person identity type reference.
The two-character ISO 3166 [2] country code.

When using this identity type for a subdivision of a government entity, this parameter must contain information using the following structure in the presented order:

GOV as three-character legal person identity type reference.
The two-character ISO 3166 [2] country code.
The plus '+' (0x2B (ASCII), U+002B (UTF-8)).
The two-character ISO 3166-2 identifier for the subdivision, for example, state or province.

International Organization (INT)

Organization-validated S/MIME certificates

When using this identity type, this parameter must always be set to INTXG.

`ncaIdentifier` parameter

Identifies the National Competent Authority (NCA) responsible for regulating Payment Service Providers under PSD2. This parameter uses predefined codes mapped to specific authorities and countries and is required for applicable eIDAS PSD2 certificate requests.

Code Authority Name Country 2-Char

Code	Authority Name	Country 2-Char
`AT-FMA`	Austrian Financial Market Authority	`AT`
`BE-NBB`	National Bank of Belgium	`BE`
`BG-BNB`	Bulgarian National Bank	`BG`
`HR-HNB`	Croatian National Bank	`HR`
`CY-CBC`	Central Bank of Cyprus	`CY`
`CZ-CNB`	Czech National Bank	`CZ`
`DK-DFSA`	Danish Financial Supervisory Authority	`DK`
`EE-FI`	Estonia Financial Supervisory Authority	`EE`
`FI-FINFSA`	Finnish Financial Supervisory Authority	`FI`
`FR-ACPR`	Prudential Supervisory and Resolution Authority	`FR`
`DE-BAFIN`	Federal Financial Supervisory Authority	`DE`
`GR-BOG`	Bank of Greece	`GR`
`HU-CBH`	Central Bank of Hungary	`HU`
`IS-FME`	Financial Supervisory Authority	`IS`
`IE-CBI`	Central Bank of Ireland	`IE`
`IT-BI`	Bank of Italy	`IT`
`LI-FMA`	Financial Market Authority Liechtenstein	`LI`
`LV-FCM`	Financial and Capital Markets Commission	`LV`
`LT-BL`	Bank of Lithuania	`LT`
`LU-CSSF`	Commission for the Supervision of Financial Sector	`LU`
`NO-FSA`	The Financial Supervisory Authority of Norway	`NO`
`MT-MFSA`	Malta Financial Services Authority	`MT`
`NL-DNB`	The Netherlands Bank	`NL`
`PL-PFSA`	Polish Financial Supervision Authority	`PL`
`PT-BP`	Bank of Portugal	`PT`
`RO-NBR`	National Bank of Romania	`RO`
`SK-NBS`	National Bank of Slovakia	`SK`
`SI-BS`	Bank of Slovenia	`SIV`
`ES-BE`	Bank of Spain	`ES`
`SE-FINA`	Swedish Financial Supervisory Authority	`SE`

AT-FMA

Austrian Financial Market Authority

AT

BE-NBB

National Bank of Belgium

BE

BG-BNB

Bulgarian National Bank

BG

HR-HNB

Croatian National Bank

HR

CY-CBC

Central Bank of Cyprus

CY

CZ-CNB

Czech National Bank

CZ

DK-DFSA

Danish Financial Supervisory Authority

DK

EE-FI

Estonia Financial Supervisory Authority

EE

FI-FINFSA

Finnish Financial Supervisory Authority

FI

FR-ACPR

Prudential Supervisory and Resolution Authority

FR

DE-BAFIN

Federal Financial Supervisory Authority

DE

GR-BOG

Bank of Greece

GR

HU-CBH

Central Bank of Hungary

HU

IS-FME

Financial Supervisory Authority

IS

IE-CBI

Central Bank of Ireland

IE

IT-BI

Bank of Italy

IT

LI-FMA

Financial Market Authority Liechtenstein

LI

LV-FCM

Financial and Capital Markets Commission

LV

LT-BL

Bank of Lithuania

LT

LU-CSSF

Commission for the Supervision of Financial Sector

LU

NO-FSA

The Financial Supervisory Authority of Norway

NO

MT-MFSA

Malta Financial Services Authority

MT

NL-DNB

The Netherlands Bank

NL

PL-PFSA

Polish Financial Supervision Authority

PL

PT-BP

Bank of Portugal

PT

RO-NBR

National Bank of Romania

RO

SK-NBS

National Bank of Slovakia

SK

SI-BS

Bank of Slovenia

SIV

ES-BE

Bank of Spain

ES

SE-FINA

Swedish Financial Supervisory Authority

SE

`personalIdentifier` parameter

Specifies a unique identifier for an individual based on an official identity document (for example, passport or national ID). The value must follow a defined structure that includes the identity type, country code, and document identifier, and is required for natural person certificates.

Identity Type Relevant For Parameter Structure

Identity Type	Relevant For	Parameter Structure
Passport (PAS)	eIDAS Citizen certificates eIDAS Employee certificates eIDAS QWAC Natural certificates	When using this identity type, this parameter must contain information using the following structure in the presented order: `PAS` as 3 character natural identity type reference. The two-character ISO 3166 [2] country code. The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)). The identifier according to country and identity type reference.
National Identity Card (IDC)	eIDAS Citizen certificates eIDAS Employee certificates eIDAS QWAC Natural certificates	When using this identity type, this parameter must contain information using the following structure in the presented order: `IDC` as a three-character natural identity type reference. The two-character ISO 3166 [2] country code. The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)). The identifier according to country and identity type reference.

Passport (PAS)

eIDAS Citizen certificates
eIDAS Employee certificates
eIDAS QWAC Natural certificates

When using this identity type, this parameter must contain information using the following structure in the presented order:

PAS as 3 character natural identity type reference.
The two-character ISO 3166 [2] country code.
The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).
The identifier according to country and identity type reference.

National Identity Card (IDC)

eIDAS Citizen certificates
eIDAS Employee certificates
eIDAS QWAC Natural certificates

When using this identity type, this parameter must contain information using the following structure in the presented order:

IDC as a three-character natural identity type reference.
The two-character ISO 3166 [2] country code.
The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).
The identifier according to country and identity type reference.

Additional request structures

CSR parameter

organizationIdentifier parameter

ncaIdentifier parameter

personalIdentifier parameter

`organizationIdentifier` parameter

`ncaIdentifier` parameter

`personalIdentifier` parameter