Request

Endpoint: !AutoApplySSL

https://secure.trust-provider.com/products/!AutoApplySSL

Use the POST method for this endpoint.

Submit parameters in the x-www-form-urlencoded format.

Request parameters

The following table displays the required, optional, and conditional parameters.

Parameter Requirement Type Max.Length Description

loginName

required

string

64 chars

Your account username.

This value is case sensitive.

loginPassword

required

string

128 chars

Your account password.

This value is case sensitive.

product

required

string

64 chars

Specifies a comma-separated string of product code integers.

There must be exactly one of the following integers specified:

  • DV SSL certificates:

    • 448 — COMODO SSL certificate.

    • 489 — COMODO SSL Wildcard certificate.

    • 492 — COMODO SSL Unified Communications certificate.

  • EV SSL certificates:

    • 337 — COMODO EV SSL certificate.

    • 410 — COMODO EV Multi-Domain SSL certificate.

  • OV SSL certificates:

    • 7 — PremiumSSL certificate.

    • 24 — InstantSSL certificate.

    • 34 — InstantSSL Pro certificate.

    • 35 — PremiumSSL Wildcard certificate.

    • 43 — Trial SSL certificate.

    • 44 — Intranet SSL certificate.

    • 62 — EliteSSL certificate.

    • 63 — GoldSSL certificate.

    • 64 — PlatinumSSL certificate.

    • 65 — PlatinumSSL Wildcard certificate.

    • 316 — PremiumSSL Legacy certificate.

    • 318 — PlatinumSSL Legacy certificate.

    • 322 — PremiumSSL Legacy Wildcard certificate.

    • 324 — PlatinumSSL Legacy Wildcard certificate.

    • 335 — Multi-Domain SSL certificate.

    • 361 — Unified Communications certificate.

    • 583 — SectigoSSL OV MDC.

  • AMT SSL certificates:

    • 510 — COMODO AMT SSL certificate.

    • 511 — COMODO AMT SSL Wildcard certificate.

    • 512 — COMODO AMT SSL Multi-Domain certificate.

  • eIDAS certificates issued to Natural Persons:

    • 791 — QWAC Natural.

    • 792 — QWAC Natural Multi-Domain.

  • eIDAS certificates issued to Legal Persons:

    • 783 — QWAC Legal.

    • 784 — QWAC Legal Multi-Domain.

    • 788 — QWAC Legal for PSD2.

    • 789 — QWAC Legal for PSD2 Multi-Domain.

  • To order a COMODO SSL TrustLogo with product 488 or 489, add the following integer:

    • 490 — COMODO SSL TrustLogo

  • An OV TrustLogo can be ordered with an OV SSL Certificate, except for the products 43, 44, 335 and 361, by adding any of the following integers:

    • 36 — TrustLogo.

    • 37 — Card Payment TrustLogo.

years

conditional

integer

The validity period, in years.

For most products, it’s 1, 2, or 3.

If days is specified, it is optional. And it is optional if there is only one possible value, for example, Trial SSL.

years is superseded by days, but it is retained for backwards compatibility.

days

conditional

integer

The validity period, in days.

For most products, the days parameter equals 365, 730 or 1095. For some products, 1461 and 1826 values can also be used. For QWAC eIDAS certificates the values are 90 and 365.

If years is specified, it is optional. And it is optional if there is only one possible value, for example, Trial SSL.

servers

optional

integer

The number of server licenses.

The Wildcard product values are from 1 to 100. Otherwise, the parameter will be ignored.

servers is required for the Wildcard products.

serverSoftware

required

integer

Specifies the server software code.

The allowed values are:

  • 1 — AOL.

  • 2 — Apache/ModSSL.

  • 3 — Apache-SSL (Ben-SSL, not Stronghold).

  • 4 — C2Net Stronghold.

  • 5 — Cobalt Raq.

  • 6 — Covalent Server Software.

  • 7 — IBM HTTP Server.

  • 8 — IBM Internet Connection Server.

  • 9 — iPlanet.

  • 10 — Java Web Server (Javasoft/Sun).

  • 11 — Lotus Domino.

  • 12 — Lotus Domino Go!

  • 13 — Microsoft IIS 1.x to 4.x.

  • 14 — Microsoft IIS 5.x to 6.x.

  • 15 — Netscape Enterprise Server.

  • 16 — Netscape FastTrack.

  • 17 — Novell Web Server.

  • 18 — Oracle.

  • 19 — Quid Pro Quo.

  • 20 — R3 SSL Server.

  • 21 — Raven SSL.

  • 22 — RedHat Linux.

  • 23 — SAP Web Application Server.

  • 24 — Tomcat.

  • 25 — Website Professional.

  • 26 — WebStar 4.x and later.

  • 27 — WebTen (from Tenon).

  • 28 — Zeus Web Server.

  • 29 — Ensim.

  • 30 — Plesk.

  • 31 — WHM/cPanel.

  • 32 — H-Sphere.

  • 33 — Cisco 3000 Series VPN Concentrator.

  • 34 — Citrix.

  • 35 — Microsoft IIS 7.x and later.

  • 36 — nginx.

  • -1 — Other.

domainNames

optional

string

32767 chars

(Multi-Domain SSL and Unified Communications certificates only) The comma-separated or whitespace-separated list of domain names to be placed into Multi-Domain SSL certificates.

For non-EV certificates, IP addresses are also allowed.

Domain names are processed as follows:

  • If the CSR’s Subject Alternative Name (SAN) extension includes one or more domain names, and the domainNames parameter is omitted, the domain names from the CSR will be used.

  • If the CSR’s Subject Alternative Name (SAN) extension includes one or more domain names, and the domainNames parameter is specified, the domain names from the CSR will be ignored.

  • If the CSR’s Subject Alternative Name (SAN) extension is not present, or is present but includes zero domain names, the domainNames parameter must be present.

Commas and whitespace may need to be manually URL-encoded (for example, %2C for a comma), depending on whether the calling environment performs this automatically.

primaryDomainName

optional

string

64 chars

(Multi-Domain SSL and Unified Communications certificates) The primary domain name.

One of the domain names listed in the domainNames that should appear as the Common Name in the Subject Distinguished Name (DN) of the resulting EV Multi-Domain SSL certificate, Multi-Domain SSL certificate, or Unified Communications certificate.

If this parameter is omitted for Multi-Domain certificates, no Common Names will be included in the resulting certificate.

If this parameter is omitted for Unified Communications certificates, the value of the CSR’s Common Name will be used as the primary domain name instead.

maxSubjectCNs

optional

integer

The number of Common Names.

It is optional for Multi-Domain SSL certificates. It is ignored for all other certificate types.

If omitted, the value defaults to 1, unless primaryDomainName exceeds 64 bytes, in which case it defaults to 0.

If maxSubjectCNs=1, there will only be one Common Name in the Subject DN of the resulting EV Multi-Domain SSL certificate, Multi-Domain SSL certificate, or Unified Communications certificates. It will use the value from primaryDomainName, which must be provided.

If it is 0, no Common Names will be included in the resulting certificate.

All domain names listed in domainNames will always be included as dnsName components of the Subject Alternative Name extension in the resulting Multi-Domain SSL Certificate or EV Multi-Domain SSL certificate or Unified Communications certificates.

commonName

optional

string

64 chars

(Single-Domain SSL certificates only) The domain name.

If a Common Name is specified here and in the csr, the value of this parameter will be used.

csr

required

string

32767 chars

The Base64-encoded certificate signing request, with or without the -----BEGIN xxxxx----- and -----END xxxxx----- header and footer.

For more information, see CSR parameter structure.

uniqueValue

optional

string

20 chars

An alphanumeric value used to ensure the Request Token is unique for HTTP_CSR_HASH and CNAME_CSR_HASH dcvMethods.

The request tokens are as defined in the CA/B Forum Baseline requirements (version 1.4.1 or later) and used in the manner described in Sectigo’s Domain Control Validation.

If a uniqueValue parameter is omitted, and the same CSR was previously submitted, a uniqueValue is automatically generated and returned.

If a uniqueValue parameter is provided, it must be unique for the given CSR. Reusing the same CSR and uniqueValue combination will result in error code -55. For more information, see Error codes.

prioritiseCSRValues

optional

char

1 char

Specifies which values to use if there are duplicates. For example, if a postal code is specified in both the CSR and as a separate variable.

The allowed values are:

  • Y — Prioritise values in CSR over parameters.

  • N — Prioritise parameters over CSR values.

  • P — Use values from parameters, ignore any CSR values.

  • C — Use values from CSR and ignore any parameters.

If omitted, the value defaults to Y.

signatureHash

optional

string

64 chars

Specifies the preference for the signature hash algorithm to be used when issuing the certificate.

The allowed values are:

  • NO_PREFERENCE — Let Sectigo decide.

  • INFER_FROM_CSR — If the CSR was signed using sha1WithRSAEncryption or md5WithRSAEncryption, then PREFER_SHA1. Otherwise, PREFER_SHA2 will be used.

  • PREFER_SHA2 — If a suitable SHA-2 capable Sub-CA is available, Sectigo will use SHA-2. Otherwise, PREFER_SHA1 will be used.

  • PREFER_SHA1 — If the current industry regulations and Sectigo policies permit, Sectigo will use SHA-1. Otherwise, REQUIRE_SHA2 will be used.

  • REQUIRE_SHA2 — If a suitable SHA-2 capable Sub-CA is available, Sectigo will use SHA-2. Otherwise, the issuance of the certificate will be blocked until a suitable Sub-CA becomes available.

If omitted, the value defaults to NO_PREFERENCE.

organizationName

optional

string

64 chars

Specifies the organization name.

If an organization name is specified here and prioritiseCSRValues is set to N, this value will be used instead of the organization name in the CSR.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

organizationalUnitName

optional

string

64 chars

The organizational unit name.

If an organizational unit name is specified here and in the csr, prioritiseCSRValues indicates which value will be used.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

postOfficeBox

optional

string

40 chars

The organization post office box.

If a post office box is specified here and in the csr, prioritiseCSRValues indicates which value will be used.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

streetAddress1

required

string

128 chars

The street address where the organization operates.

If a street address is specified here and in the csr, prioritiseCSRValues indicates which value will be used.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

streetAddress2

optional

string

128 chars

The second part of the company’s street address (if necessary).

If a second street address is specified here and in the csr, prioritiseCSRValues indicates which value will be used.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

streetAddress3

optional

string

128 chars

The third part of the company’s street address (if necessary).

If a third street address is specified here and in the csr, prioritiseCSRValues indicates which value will be used.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

localityName

conditional

string

128 chars

The city in which the organization operates.

If this parameter is specified, stateOrProvinceName is not required.

If a locality name is specified here and in the csr, prioritiseCSRValues indicates which value will be used.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

stateOrProvinceName

conditional

string

128 chars

The state or province in which the organization operates.

If this parameter is specified, localityName is not required.

If a state or province name is specified here and in the csr, prioritiseCSRValues indicates which value will be used.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

postalCode

required

string

40 chars

The company’s postal code.

If a postal code is specified here and in the csr, prioritiseCSRValues indicates which value will be used.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

countryName

required

string

2 chars

An ISO 3166 two-character country code.

If a country name is specified here and prioritiseCSRValues is set to N, this value will be used instead of the country name in the CSR.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

dunsNumber

optional

string

20 chars

A unique nine-digit identifier for businesses, provided by the company Dun & Bradstreet.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

companyNumber

optional

string

64 chars

The registration number of the organization provided for validation purposes.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

joiLocalityName

optional

string

128 chars

(EV certificates only) The jurisdiction of the city in which the organization operates.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

joiStateOrProvinceName

optional

string

128 chars

(EV certificates only) The jurisdiction of the state or province in which the organization operates.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

joiCountryName

conditional

string

2 chars

(EV certificates only) The jurisdiction of the country in which the company operates.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

dateOfIncorporation

optional

string

10 chars

(EV certificates only) The date of incorporation (YYYY-MM-DD) of the company. This is useful information for validation purposes.

assumedName

optional

string

64 chars

(EV certificates only) An optional name under which the organization operates that is different from its legal name. This is often referred to as a DBA (doing business as) name for the company (if any).

If the parameter’s value exceeds the maximum length, it will be truncated.

businessCategory

optional

char

1 char

The legal classification of the organization.

The allowed values are:

  • b — Private organization.

  • c — Government entity.

  • d — Business entity.

If the parameter’s value exceeds the maximum length, it will be truncated.

emailAddress

optional

string

255 chars

The alternative issuance email address.

If specified, the certificate will be emailed to this email address rather than the applicant’s admin email address.

If the value specified is none, no certificate issuance email will be sent. It is recommended to use if you intend to collect the certificate with CollectSSL.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

validationEmailAddress

optional

string

255 chars

The validation email address.

If specified, Sectigo will validate that this is the email address of the end customer. Sectigo will not send any emails to this email address. Sectigo will trust you, the Web Host, to forward emails to this end customer as appropriate.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

contactEmailAddress

optional

string

255 chars

The contact email address.

If specified, this email address will be the only email address that Sectigo validation department will correspond with during the processing of this order.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

dcvMethod

optional

string

32 chars

The Domain Control Validation method.

The allowed values are:

  • EMAIL

  • HTTP_CSR_HASH

  • HTTPS_CSR_HASH

  • CNAME_CSR_HASH

  • DNSTXT_RANDOM_VALUE

If omitted, the value defaults to EMAIL.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

For more information, see Domain Control Validation.

Continued use of email-based DCV methods is discouraged. In line with CA/B Forum Ballot SC-090, all email-based DCV methods are on a deprecation path, with full industry deprecation expected by early 2028.

Plan for earlier enforcement and migrate to DNS-based or HTTP-based validation methods in advance.

dcvEmailAddress

optional

string

255 chars

(Single-domain SSL only) The DCV email address.

Continued use of email-based DCV methods is discouraged. In line with CA/B Forum Ballot SC-090, all email-based DCV methods are on a deprecation path, with full industry deprecation expected by early 2028.

Plan for earlier enforcement and migrate to DNS-based or HTTP-based validation methods in advance.

If specified, this email address must be an acceptable email address with which to perform Domain Control Validation (DCV) for this certificate. For more information, see GetDCVEmailAddressList.

Alternative DCV mechanisms are now available. For more information, see Domain Control Validation.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

dcvEmailAddresses

conditional

string

32767 chars

(Multi-Domain SSL and Unified Communications certificates only) The comma or whitespace-separated list of DCV email addresses to be used to perform Domain Control Validation for each domain in this certificate.

Continued use of email-based DCV methods is discouraged. In line with CA/B Forum Ballot SC-090, all email-based DCV methods are on a deprecation path, with full industry deprecation expected by early 2028.

Plan for earlier enforcement and migrate to DNS-based or HTTP-based validation methods in advance.

The order in which these email addresses are listed must be exactly the same as the order of the domain names in the certificate request. For more information, see the preceding domainNames parameter.

Alternative DCV mechanisms are now available. For more information, see Domain Control Validation.

The allowed values for each domain:

  • HTTPCSRHASH

  • CNAMECSRHASH

  • DNSTXTRNDVAL

The allowed magic tokens if all domains in the order need to be set to the same alternative DCV method:

  • ALLHTTPCSRHASH

  • ALLCNAMECSRHASH

  • ALLDNSTXTRNDVAL

The magic token must be the only value passed to the parameter for it to work.

If dcvEmailAddresses is specified, validationTokens is not required.

dcvTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of DCV email template to be used to validate the called certificate.

Contact your account manager to arrange the creation of one or more custom DCV email templates that can be referenced through this parameter.

Continued use of email-based DCV methods is discouraged. In line with CA/B Forum Ballot SC-090, all email-based DCV methods are on a deprecation path, with full industry deprecation expected by early 2028.

Plan for earlier enforcement and migrate to DNS-based or HTTP-based validation methods in advance.

maCreationTemplateID

optional

integer

Specifies whether to override Sectigo’s default email template used for Enterprise Authentication during instant issuance.

Contact your account manager to arrange one or more of custom email templates of this type that can be referenced by this parameter.

callBackTemplateID

optional

integer

Specifies whether to override Sectigo’s default choice of the callback email template to be used to validate the requested certificate.

Contact your account manager to arrange one or more of custom callback email templates that can be referenced by this parameter.

languageName

optional

string

2 chars

The language name, specified using ISO639-1 two-character language code.

If omitted, the default language is English.

An account can contain multiple email templates in different languages for the callback and Enterprise Authentication for the instant issuance.

Contact Support for the email templates.

If callBackTemplateID is specified, the languageName parameter is ignored in the callback template selection.

If maCreationTemplateID is specified, the languageName parameter is ignored in the template selection for Enterprise Authentication for the instant issuance.

You may specify exactly one of the following values:

  • en — English

  • zh — Chinese-Mandarin

  • da — Danish

  • nl — Dutch

  • fr — French

  • de — German

  • it — Italian

  • ja — Japanese

  • ko — Korean

  • pt — Portuguese

  • ru — Russian

  • es — Spanish

  • sv — Swedish

  • tr — Turkish

validationTokens

conditional

string

32767 chars

(Multi-Domain SSL and Unified Communications certificates only) Specifies validation tokens used to perform Domain Control Validation (DCV) for each domain.

You can use one of the following magic tokens:

  • ALLHTTPCSRHASH

  • ALLCNAMECSRHASH

  • ALLDNSTXTRNDVAL

The magic token must be the only value passed to the parameter for it to work.

The comma or whitespace separated list of validation tokens can be used to perform Domain Control Validation for each domain in request.

The order of tokens must exactly match the order of the domain names specified in the domainNames parameter.

Alternative DCV mechanisms are now available. For more information, see Domain Control Validation.

The allowed values for each domain:

  • HTTPCSRHASH

  • CNAMECSRHASH

  • DNSTXTRNDVAL

If validationTokens is specified, dcvEmailAddresses is not required.

caCertificateID

optional

integer

Specifies a particular CA certificate and key to be used for certificate issuance.

If specified, the caCertificateID parameter overrides Sectigo’s default choice of CA certificate and key to be used to issue this certificate.

This functionality is only available by special agreement with Sectigo.

isCustomerValidated

optional

char

1 char

Specifies whether the customer has already been validated by the Web Host.

The allowed values are:

  • Y — The Web Host has validated the customer.

  • N — Sectigo will validate the customer.

If omitted, the value defaults to N.

showCertificateID

optional

char

1 char

Specifies whether to include the SSL certificate generated by the order in the response.

The allowed values are:

  • Y — The certificate ID of the SSL certificate generated by the order is also part of the result set.

  • N — The certificate ID is not part of the result set.

If omitted, the value defaults to N.

foreignOrderNumber

optional

char

64 chars

The external order number.

This identifier can be returned by some of our other API endpoints to aid in integration with partner systems.

If the parameter’s value exceeds the maximum length, it will be truncated.

checkFONIsUnique

optional

char

1 char

Specifies whether to check the uniqueness of the foreignOrderNumber parameter.

The allowed values are:

  • Y — The foreignOrderNumber parameter (if specified) must have not already been used for any order placed by this account.

  • N — No check of uniqueness is performed for the foreignOrderNumber parameter.

responseFormat

optional

char

1 char

Specifies the response format.

The allowed values are:

  • 0 — Newline-delimited parameters.

  • 1 — URL-encoded parameters.

If omitted, the value defaults to 0.

test

optional

char

1 char

Specifies whether this is a test order.

The allowed values are:

  • Y — The account will not be charged and the order will be processed as a test order.

  • N — The order will be processed as a live order.

If omitted, it defaults to N.

idaEmailAddress

optional

string

255 chars

(TrustLogo only) An email address to add to IdAuthority for display in TrustLogo popups.

If the parameter’s value exceeds the maximum length, it will be truncated.

idaTelephoneNumber

optional

string

32 chars

(TrustLogo only) A telephone number to add to IdAuthority for display in TrustLogo popups.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

idaFaxNumber

optional

string

32 chars

(TrustLogo only) A fax number to add to IdAuthority for display in TrustLogo popups.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepForename

optional

string

64 chars

(OV certificates only) The applicant representative’s name which is used for the organizational callback by Sectigo.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepSurname

optional

string

64 chars

(OV certificates only) The applicant representative’s last name which is used for the organizational callback by Sectigo.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepEmailAddress

optional

string

255 chars

(OV certificates only) The applicant representative’s email address which is used for the organizational callback by Sectigo.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepTelephone

optional

string

32 chars

(OV certificates only) The applicant representative’s phone number which is used for the organizational callback by Sectigo.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepTitle

optional

string

64 chars

(OV certificates only) The applicant representative’s job title which is used for the organizational callback by Sectigo.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepFax

optional

string

32 chars

(OV certificates only) The applicant representative’s fax number to be used for callback.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepOrganizationName

optional

string

255 chars

(OV certificates only) The applicant representative’s organization name which is used for the organizational callback by Sectigo.

Do not specify this field unless the applicant representative’s organization name and Address details are different from the organization name and address details that have been requested to appear in the certificate.

If appRepOrganizationName is not specified, appRepOrganizationalUnitName is ignored.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepOrganizationalUnitName

optional

string

64 chars

(OV certificates only) The applicant representative’s organizational unit name which is used for the organizational callback by Sectigo.

If appRepOrganizationName is not specified, appRepOrganizationalUnitName is ignored.

If the length of the parameter’s value exceeds the maximum, the value will be truncated.

appRepStreetAddress1

appRepStreetAddress2

appRepStreetAddress3

optional

string

128 chars

(OV certificates only) The street address where the applicant representative does business which is used for the organizational callback by Sectigo.

If appRepOrganizationName is not specified, appRepStreetAddress1 is ignored.

If the parameter’s value exceeds the maximum length, it will be truncated.

appRepPostOfficeBox

optional

string

128 chars

(OV certificates only) The applicant representative’s post office box.

If appRepOrganizationName is not specified, appRepPostOfficeBox is ignored.

If the parameter’s value exceeds the maximum length, it will be truncated.

appRepLocalityName

conditional

string

128 chars

(OV certificates only) The city in which the applicant representative operates.

If appRepOrganizationName is not specified, appRepLocalityName will be ignored.

If the parameter’s value exceeds the maximum length, it will be truncated.

appRepStateOrProvinceName

conditional

string

128 chars

(OV certificates only) The applicant representative’s state or province.

If appRepOrganizationName is not specified, appRepStateOrProvinceName will be ignored.

If the parameter’s value exceeds the maximum length, it will be truncated.

appRepPostalCode

conditional

string

128 chars

(OV certificates only) The applicant representative’s postal code.

If appRepOrganizationName is not specified, appRepPostalCode will be ignored.

If the parameter’s value exceeds the maximum length, it will be truncated.

appRepCountryName

conditional

char

2 chars

(OV certificates only) The applicant representative’s country code. It must be an ISO 3166 two-character country code.

If appRepOrganizationName is not specified, appRepCountryName will be ignored.

callbackMethod

optional

char

1 char

The callback method for verification of applicant representative’s identity.

The allowed values are:

  • T — The appRepTelephone number will be called to communicate a callback verification code which will be used to confirm the identity of the applicant representative.

  • E — An email, containing a callback verification code, is sent to the applicant representative.

If the parameter’s value exceeds the maximum length, it will be truncated.

isAppRepValidated

optional

char

1 char

Specifies who is accountable for the verification of the applicant representative’s contact details before the callback is performed.

The allowed values are:

  • Y — The Web Host Reseller has verified that the applicant representative’s contact details are legitimate, using a data source other than the applicant. Only Web Host Resellers with sufficient RA privileges may specify Y.

  • N — Sectigo will verify the applicant representative’s contact details before performing the callback using the method specified by callbackMethod.

isCallbackCompleted

optional

char

1 char

Specifies who is accountable for performing the callback.

The allowed values are:

  • Y — The Web Host has completed the callback and verified the identity of the applicant representative. Only Web Host Resellers with sufficient RA privileges may specify Y. If isCallbackCompleted=Y is specified, then isAppRepValidated=Y must also be specified.

  • N — Sectigo will perform the callback using the method specified by callbackMethod.

showCertificateState

optional

char

1 char

Specifies whether to show the certificate state.

The allowed values are:

  • Y — The state of the SSL certificate generated by the order is also part of the result set.

  • N — The state of the certificate generated by the order isn’t included in the part of the result set.

omitAdditionalFQDN

optional

char

1 char

(Single-domain SSL certificates only) Specifies whether to omit additional fully qualified domain names (FQDN) from the certificate.

The allowed values are:

  • N — Sectigo will add an additional FQDN for www.<domain> if the certificate was requested for <domain>. If the certificate was requested for www.<domain>, then <domain> will be added as an additional FQDN.

  • Y — An additional FQDN will not be added.

If omitted, the value defaults to N.

doAutoOV

optional

char

1 char

Specifies whether to perform automatic OV validation.

The allowed values are:

  • Y — Sectigo will initiate an automated process of the organizational validation for end user’s organization.

  • N — Sectigo will not initiate auto-validation process.

If omitted, the value defaults to N.

IgnoreMasterAccount

optional

char

1 char

(EV/OV certificates only) Specifies whether to ignore the master account settings.

The allowed values are:

  • Y — Enterprise Authentication for the instant issuance will not be applied to this order.

  • N — Sectigo will apply Enterprise Authentication for the instant issuance to this order. An email requesting for confirmation will be sent to the applicant representative.

Enterprise Authentication should be enabled for your account.

If omitted, the value defaults to N.

disableSWP

optional

char

1 char

Specifies whether to disable the Secure Website Platform (SWP).

The allowed values are:

  • Y — Disable inclusion of free web products in a particular SSL certificate order.

  • N — Free web products will be added to SSL certificate when applicable.

If omitted, the value defaults to N.

organizationIdentifier

optional

char

100 char

(eIDAS only) The organization identifier or the PSD2 authorization identifier recognized by the National Competent Authority.

Required for QWAC-legal, including for PSD2, Qualified Certificate Profiles with product IDs 783, 784, 786, 787, 788, 789.

personalIdentifier

optional

char

100 char

(eIDAS only) Semantics information for the attributes stored in the Subject Field related to a natural person.

This parameter has a deprecated synonym — semanticsIdentifier which is preserved for backwards compatibility.

Required for QWAC Natural Qualified Certificate Profiles with product IDs 791 and 792.

For more information, see personalIdentifier parameter structure.

ncaIdentifier

optional

char

100 char

(eIDAS only) The abbreviated unique identifier of the National Competent Authority.

Required for PSD2 Qualified Certificate Profiles with product IDs 788 and 789.

This parameter must contain information using the following structure in the presented order:

  • The two-character ISO 3166-1 [8] country code representing the NCA country.

  • The hyphen-minus '-' (0x2D (ASCII), U+002D (UTF-8)).

  • 2-8 character NCA identifier without country code, A-Z uppercase only, no separator.

For more information, see ncaIdentifier parameter structure.

accountServicingRole

optional

char

1 char

(eIDAS only) Specifies one of the possible roles of the payment service provider.

Required for PSD2 Qualified Certificate Profiles with product IDs 788 and 789.

The allowed values are:

  • Y — Assign the role.

  • N — Do not assign the role.

paymentInitiationRole

optional

char

1 char

(eIDAS only) Specifies one of possible roles of the payment service provider.

Required for PSD2 Qualified Certificate Profiles with product IDs 788 and 789.

The allowed values are:

  • Y — Assign the role.

  • N — Do not assign the role.

accountInformationRole

optional

char

1 char

(eIDAS only) Specifies one of possible roles of the payment service provider.

Required for PSD2 Qualified Certificate Profiles for product IDs 788 and 789.

The allowed values are:

  • Y — Assign the role.

  • N — Do not assign the role.

paymentServiceRole

optional

char

1 char

(eIDAS only) Specifies one of the possible roles of the payment service provider.

Required for PSD2 Qualified Certificate Profiles for product IDs 788 and 789.

The allowed values are:

  • Y — Assign the role.

  • N — Do not assign the role.

ncaName

optional

char

100 char

(eIDAS only) The name of the National Competent Authority (NCA) in English that registered the payment service provider.

Required for PSD2 Qualified Certificate Profiles with product IDs 788 and 789.

If the ncaName parameter is omitted, the value is defined automatically based on the given ncaIdentifier. For more information, see ncaIdentifier parameter structure.

Sample request

curl --location 'https://secure.trust-provider.com/products/!AutoApplySSL' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'loginName=login_name' \
--data-urlencode 'loginPassword=login_password' \
--data-urlencode 'csr=-----BEGIN CERTIFICATE REQUEST-----
MIIC8zCCAdsCAQAwgY8xFjAUBgNVBAMTDSoua2lja2Fzcy5uZXQxIDAeBgkqhkiG
9w0BCQETEWFkbWluQGtpY2thc3MubmV0MRAwDgYDVQQKEwdraWNrYXNzMRUwEwYD
...
NeYGClM8JaMUDs25RlnY8ajFaGeCMRU3fgUJ89hBRL/fdduc1+A9Twi3Oy6DINmt
IbAzvOrWpZ11gKpTB3SpzVMerx/M7T6W2/Q7iFttcbfz+ctY3aTg
-----END CERTIFICATE REQUEST-----
' \
--data-urlencode 'product=732' \
--data-urlencode 'days=365' \
--data-urlencode 'appRepForename=John' \
--data-urlencode 'appRepSurname=Doe' \
--data-urlencode '[email protected]' \
--data-urlencode 'appRepTelephone=201-123-1233' \
--data-urlencode 'organizationName=organizational_name' \
--data-urlencode 'appRepTitle=title' \
--data-urlencode 'streetAddress1=Lincoln Road 50' \
--data-urlencode 'localityName=Houston' \
--data-urlencode 'stateOrProvinceName=TX' \
--data-urlencode 'postalCode=12345' \
--data-urlencode 'countryName=US' \
--data-urlencode 'prioritiseCSRValues=N' \
--data-urlencode 'joiCountryName=US' \
--data-urlencode 'stubOrderNumber=1234567' \
--data-urlencode '[email protected],[email protected]' \
--data-urlencode 'domainNames=test.net,sample.net' \
--data-urlencode 'primaryDomainName=test.net' \
--data-urlencode 'serverSoftware=31' \
--data-urlencode 'isCustomerValidated=N' \
--data-urlencode 'responseFormat=1'

Response

The request is successful when the server returns a response with the status code 0 or 1.

Any status code less than 0 indicates an error condition.

The list of codes and their descriptions can be found in Error codes.

Whether 0 or 1 is returned for successful orders depends on how your account is configured with Sectigo. Usually, you will take payment from your customer and Sectigo will debit your account funds when you place the order. However, in special circumstances, it can be arranged for Sectigo to take payment from your customer on your behalf.

Sectigo reserves the right to define additional error codes and error messages in the future.

Response format 0 (Plain text)

The MIME type will be text/plain for responseFormat=0 (by default).

The first line of the response contains a status code.

If the status code is less than 0, the second line contains an error message with description.

If the status code is greater than or equal to 0, the response can contain the following lines which provide:

Line Description Possible Value

Line 1

The status code.

The status of the order. For more information, see Error codes.

Line 2

The second line contains an order number.

An integer.

Line 3

  • If the status code = 0, it contains the debited amount.

  • If the status code = 1, it contains the required amount, not including UK VAT (if required).

Amount in your account’s native currency, without a currency symbol.

Line 4

The expected delivery time.

Expected number of hours before this order will be completed:

  • 0 — This order has been automatically validated and the certificate has been issued immediately. This is not implemented yet.

  • 1 — This order has been automatically validated, and the certificate will be issued as soon as possible—typically within the next hour.

  • 24 — This order, although marked as validated by the Web Host, is awaiting final approval by an account manager.

  • 48 — This order was not marked as validated by the Web Host and could not be automatically validated by Sectigo. The 48 hours starts when Sectigo has received various documents from the end-user.

Line 5 (if applicable)

The SSL certificate ID. Returned only if showCertificateID=Y.

A numeric certificate ID (up to 16 digits).

240 indicates an EV certificate. The validation process for EV certificates typically requires significantly more time than for other SSL certificate types.

Line 6 (if applicable)

The SSL certificate state. Returned only if showCertificateState=Y.

The status of the purchased SSL certificate.

Line 7 (if applicable)

The unique value. Returned if uniqueValue was provided or generated by Sectigo for this order.

A unique alphanumeric value up to 20 characters long.

Response format 1 (URL‑encoded)

Most of Sectigo’s API endpoints use URL-encoded responses. AutoApplySSL can return responses in the same format by specifying responseFormat=1 in the request.

The MIME type will be application/x-www-form-urlencoded for responseFormat=1.

The following table displays the various parameters that can appear for responseFormat=1.

Parameter Description

errorCode

A numeric code that identifies the type of the error.

Always present in the response.

For more information, see Error codes.

errorMessage

A description of the error.

errorMessage is not present when the status code = 0.

orderNumber

The order number. orderNumber is only present when the status code = 0.

totalCost

Amount in your account’s native currency, without a currency symbol.

totalCost is only present when the status code = 0.

expectedDeliveryTime

The expected number of hours before this order will be completed.

The possible values are:

  • 0

  • 1

  • 24

  • 48

  • 240

expectedDeliveryTime is only present when the status code = 0.

certificateID

The internal certificate ID of the SSL certificate purchased by this order.

certificateID is only present when showCertificateID=Y and the status code = 0.

certificateStatus

The status of the SSL certificate purchased by this order.

certificateStatus is only present when showCertificateState=Y and the status code = 0.

uniqueValue

A unique alphanumeric value up to 20 characters long.

Returned if the uniqueValue parameter is included in the AutoApplySSL call, or if uniqueValue has been generated by Sectigo for this order.

Sample success response

errorCode=0&orderNumber=8436698&totalCost=100.00&expectedDeliveryTime=48&uniqueValue=oDA7uXM0

The displayed price is for sample purposes only.

Sample error response

errorCode=-4&errorMessage=The+value+of+the+%27appRepEmailAddress%27+argument+is+invalid%21&errorDetail=Invalid+Internet+TLD

Error codes

The following table outlines error responses returned by the AutoApplySSL API endpoint. Each error response consists of an errorCode and an errorMessage indicating why the request failed.

Error Code Error Message Description

-1

Request was not made over HTTPS!

The request must use HTTPS protocol.

-2

'xxxx' is an unrecognised argument!

The provided argument is not recognized.

-3

The 'xxxx' argument is missing!

The required argument is missing from the request.

-4

The value of the 'xxxx' argument is invalid!

The argument value does not meet validation requirements.

-5

The CSR’s Common Name may NOT contain a wildcard!

The Common Name in the certificate signing request (CSR) must not include a wildcard character.

-6

The CSR’s Common Name MUST contain ONE wildcard!

The Common Name in the CSR must include exactly one wildcard character.

-7

'xx' is not a valid ISO-3166 country!

The specified country code is not valid according to the ISO-3166 standard.

-8

The CSR is missing a required field!

The CSR does not include all required fields.

-9

The CSR is not valid Base-64 data!

The CSR must be encoded in valid Base-64 format.

-10

The CSR cannot be decoded!

The CSR could not be decoded properly.

-11

The CSR uses an unsupported algorithm!

The CSR’s algorithm is not supported.

-12

The CSR has an invalid signature!

The signature on the CSR is invalid.

-13

The CSR uses an unsupported key size!

The key size in the CSR is not supported.

-14

An unknown error occurred!

An unknown error occurred.

-15

Not enough credit!

The account does not have sufficient credit.

-16

Incorrect login details, account is locked, password has expired or your source IP is blocked.

Authentication has failed due to one of the specified reasons.

Verify your login credentials or check account restrictions.

-17

Request used GET rather than POST!

The request method should be POST.

-18

The CSR’s Common Name may not be a Fully-Qualified Domain Name!

Common Names must not be fully qualified domain names (FQDNs).

-19

The CSR’s Common Name may not be an Internet-accessible IP Address!

Common names must not be Internet-accessible IP addresses.

-35

The CSR’s Common Name may not be an IP Address!

The CSR’s Common Name must not be an IP address.

-40

The CSR uses a key that is believed to have been compromised!

The CSR’s key is on the compromised key list.

-55

This Request Token is not unique!

The provided request token has already been used.

-83

'xxxx' is not applicable to this order!

The specified argument is not applicable for the current order.

-90

Permission denied for using “voucher” with 'xxxx'

The user does not have permission to use a voucher with the specified context.

-91

Permission denied 'xxxx'

The user does not have permission for the specified context.

-120

"Role" arguments are missing for PSD2 certificate type!

The required role arguments for PSD2 certificate type are missing.

-121

"TAX" value is deprecated. The value "TIN" should be used instead'

The semantic error.

The value TAX is deprecated. Use TIN instead.

-121

Wrong format of 'xxxx' identifier.

The semantic error.

The format of the provided identifier is incorrect.

-121

Wrong country code value in 'xxxx' identifier.

The semantic error.

The country code in the provided identifier is incorrect.