1. 生成CSR和私钥
输入
{
"domain": "www.domain.xyz",
"org": "网络科技有限公司",
"country": "CN",
"locality": "广州",
"state": "广东",
"algorithms": "rsa"
}
输出
{
"code": 200,
"message": "Command completed successfully",
"data": {
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDAzCCAesCAQAweDEXMBUGA1UEAwwOd3d3LmRvbWFpbi54eXoxITAfBgNVBAoM\nGOe9kee7nOenkeaKgOaciemZkOWFrOWPuDELMAkGA1UECwwCSVQxCzAJBgNVBAYT\nAkNOMQ8wDQYDVQQHDAblub/lt54xDzANBgNVBAgMBuW5v+S4nDCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAKpCMj0duc8mnVcWqnw4Sfo4eJ/H6m7rAM6J\nmuNmoo5G3tDXTsJE6EVmxFjEnxycLfuVdAGb8pTAbmXzlUP+HU4+NYkXpCV93/ozlGLS0N\nZl+fExpVGnoMp5e2Eu0jHg+CUP5JsmBvx+8xK+dmxWtS0ZO0lkJJJiWBObd9U0of\nKZ6l2qDWFAyKWWeL3J73s3QukD4+8SSguBcYbcDJcjAmKd004vUc1qAt+Jqe8eyE\nl626g44izw==\n-----END CERTIFICATE REQUEST-----",
"key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCqQjI9HbnPJp1X\nFqp8OEn6OHifx+pu6wDOiZrjZqKORt7R5VlRHbV1zIpukm9UmR7Mf/obVy3309OH\niqLXC3RqTBSKSPtlOQJ8rXb7GBvjmELzkOMIT3nd+hJfTHLpnizkEWzD30mEVVxynlRIp+kpKzN4VVTlRwLxgN7MX5653ZhipT+7ST\nv+9/8CskUqnfelKuCl9YansoC+0ySO/h1yqTYkmVAoGBALrNM9uz9d/TRWVvj1W8\nuuW4ikdELehgQzq13viFjdJOJn9Z3+2BKFfuUanTKLW8GqkaXYttgmMz1eBj+ZNs\nXQB3dkeYCX6m8YM5kDZ5ZxTriANxJ8fIxlXeIrdxnm2fQkIqpVMNvJW126qU5CnZ\nVg0GMh+ZD2LCOHIaaX9EGbsO\n-----END PRIVATE KEY-----"
}
}
通过该接口,你将得到 CSR和私钥
也可以通过其他方式例如 openssl ,或者是 要安装证书的服务器上的IIS 生成csr和私钥
其中csr用于提交证书订单
2. 提交新订单
提交订单后,您将得到证书的 uuid ,后续可以通过 uuid 通过其他api接口进行相关操作
同时您也获得域名的验证信息,然后按要求完成验证
输入
{
"period": 2,
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIBNTCB3QIBADB7MQswCQYDVQQGEwJNVBAoMGOe9kee7nOenkeaKgOaciexhs916vjaEnAXKqZbU/cXzdY+\nDCAon7+X3qBDKWdFmhK3/zdcDTIMIBZtIKl2pMXF04vqOKAAMAoGCCqBHM9VAYN1\nA0cAMEQCIBT9RwjN5NjmbnXvaOT57B5nOXgKJ9ZtYXlMI3NJA==\n-----END CERTIFICATE REQUEST-----",
"common_name": "777758.xyz",
"dcv_method": "email",
"approver_email": "admin@domain.xyz",
"admin_firstname": "伟",
"admin_lastname": "李",
"admin_phone": "13000000000",
"admin_title": "工程师",
"admin_email": "tech@domain.com"
}
输出
{
"code": 200,
"message": "Command completed successfully",
"data": {
"status": "PENDING",
"productCode": "PositiveSSL",
"dcvStatus": 0,
"uuid": "dcac7d44-16a1-4181-a9a5-257ddf51d282",
"orderId": "11111111111",
"vendorId": "",
"commonName": "domain.xyz",
"dnsNames": "",
"refundRequest": 0,
"refundStatus": 0,
"paymentStatus": 1,
"price": 0,
"created": "2024-01-03 15:43",
"uniquevalue": "",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICkDMt1EZi0PKNyCnXd3U70wL6x\nIurwKobX+/ZLp+9pCmbPxRiP9lcUtNF3owstsOOeaD8tNMMblWXZTxsZKgfmy7Hn\nsddnQgCH6MF8nL7o+RKKbLrzxemDhuMTzi+VA6ueXW/LDIjP\n-----END CERTIFICATE REQUEST-----",
"key": "",
"dcvList": [
{
"domainName": "domain.xyz",
"dcvMethod": "dns",
"dcvEmail": "",
"dcvStatus": "notCompleted",
"value": "",
"validationDomain": "_e2ef3c3b0b2f3368340635b6c50f8609.domain.xyz",
"prefix": "_e2ef3c3b0b2f3368340635b6c50f8609",
"dnsType": "CNAME",
"dnsValue": "d1df716ba5d4e4ca8c78013afe3184b9.ddf47ca156915ad36b786a69b770f5c2.sectigo.com",
"filename": "",
"content": "",
"path": ""
}
],
"adminContact": {
"admin_firstname": "伟",
"admin_lastname": "李",
"admin_phone": "13000000000",
"admin_title": "工程师",
"admin_email": "tech@domain.com"
},
"techContact": {
"tech_firstname": "伟",
"tech_lastname": "李",
"tech_phone": "13000000000",
"tech_title": "工程师",
"tech_email": "tech@domain.com"
},
"organizationContact": {
"org_city": "",
"org_division": "",
"org_region": "",
"org_name": "",
"org_phone": "",
"org_addressline1": "",
"org_addressline2": "",
"org_country": "",
"org_postalcode": ""
},
"balance": "18.93",
"fee": 1
}
}
通过上面的返回信息,我们可以得到域名的验证信息,例如下面得到的域名 domain.xyz 验证方式,
DNS验证
{
"dcvList": [
{
"domainName": "domain.xyz",
"dcvMethod": "dns",
"dcvEmail": "",
"dcvStatus": "notCompleted",
"value": "",
"validationDomain": "_e2ef3c3b0b2f3368340635b6c50f8609.domain.xyz",
"prefix": "_e2ef3c3b0b2f3368340635b6c50f8609",
"dnsType": "CNAME",
"dnsValue": "d1df716ba5d4e4ca8c78013afe3184b9.ddf47ca156915ad36b786a69b770f5c2.sectigo.com",
"filename": "",
"content": "",
"path": ""
}
]
}
| 域名 | domain.xyz |
| 验证方式 | dns |
| 记录类型 | CNAME |
| 主机名 | _e2ef3c3b0b2f3368340635b6c50f8609 |
| 记录值 | d1df716ba5d4e4ca8c78013afe3184b9.ddf47ca156915ad36b786a69b770f5c2.sectigo.com |
文件验证
{
"dcvList": [
{
"domainName": "domain.xyz",
"dcvMethod": "http",
"dcvEmail": "",
"dcvStatus": "notCompleted",
"value": "",
"validationDomain": "domain.xyz",
"prefix": "",
"dnsType": "",
"dnsValue": "",
"filename": "A5C3DAF2B0236366A04105371D76803F.txt",
"content": "74bb6cb97aa90168de141a7256e9fb2ed5bfd301ccad0ecb96797047491bcbe4\nsectigo.com",
"path": "http://domain.xyz/.well-known/pkivalidation/A5C3DAF2B0236366A04105371D76803F.txt"
}
]
}
| 域名 | domain.xyz |
| 验证方式 | http文件验证 |
| 验证网址 | http://domain.xyz/.well-known/pkivalidation/A5C3DAF2B0236366A04105371D76803F.txt |
| 文件内容 | 74bb6cb97aa90168de141a7256e9fb2ed5bfd301ccad0ecb96797047491bcbe4 sectigo.com |
EMAIL验证
{
"dcvList": [
{
"domainName": "domain.xyz",
"dcvMethod": "email",
"dcvEmail": "admin@domain.xyz",
"dcvStatus": "notCompleted",
"value": "",
"validationDomain": "",
"prefix": "",
"dnsType": "",
"dnsValue": "",
"filename": "",
"content": "",
"path": ""
}
]
}
| 域名 | domain.xyz |
| 验证方式 | |
| 邮箱 | admin@domain.xyz |
3. 如有需要,可更改域名验证方式
有些情况下,所选的验证方式无法完成,您可以通过 更改域名验证方式接口 更改域名验证方式
把 域名验证方式 改成 文件验证
{
"dcv_method": "http"
}
把 域名验证方式 改成 dns 验证
{
"dcv_method": "dns"
}
把 域名验证方式 改成 EMAIL验证
{
"dcv_method": "email",
"approver_email": "admin@domain.com",
"dns_names": "domain1.com,domain2.com,domain3.com",
"approver_emails": "admin@domain1.com,admin@domain2.com,admin@domain3.com"
}
4. 证书签发后,获取证书
按要求完成域名验证后,通过 证书申请状态接口 查询证书申请状态,当 status 为 COMPLETE 时,表示证书已经签发,可以通过返回值获取证书以及证书链,
{
...
...
"beginDate": "2023-12-26 08:00:00",
"endDate": "2024-01-25 07:59:59",
"certificate": "-----BEGIN CERTIFICATE-----\nMIIEtDCCA5ygAwIBAgIQDzNcINkZOE/HhL7KUqAj5DANBgkqhkiG9w0BAQsFADBg\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx\nMB4XDTIzMTIyNjAwMDAwMFoXDTI0MDEyNDIzNTk1OVowGzEZMBcGA1UEAxMQbngu\nNzA0NzA1NzA2Lnh5ejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ4Z\ndsfdbS8lLRFfiAFHa7awua2waxHPHDL3yQhC/LRxYDQYCJfiH/2qK2Fd6jxHHiVb5Hbl9sIXt5SkWsKrBgOEe2qFSwZKmS49gu7OvVf2\nz4pgQ+kotuk8xuhXp2hEc2Bh62Yv4e2uQDWB9XfwT1ufwlIAlw9YspGmfax6MKQx\nuOawtFCXejbufejynpyTzBudqpz0tlr08tA0U3E4X1Vo0TIjoBNMatfAPudcf517\nWlwMrW+B3lgtezliPE07cIeOyY/Xe+2Tbg7I99VtBwiusWKcNwrgaUgcFyoEjlSc\n64dR6VMyZeg=\n-----END CERTIFICATE-----",
"certificateChain": [
"-----BEGIN CERTIFICATE-----\nMIIEszCCA5ugAwIBAgIQCyWUIs7ZgSoVoE6ZUooO+jANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH\nMjAeFw0xNzExMDIxMjI0MzNaFw0yNzExMDIxMjI0MzNaMGAxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xHzAdBgNVBAMTFlJhcGlkU1NMIFRMUyBSU0EgQ0EgRzEwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQC/uVklRBI1FuJdUEkFCuDL/I3aJQiaZ6aibRHj\n6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw\nCAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAQEAGUSlOb4K3Wtm\nSlbmE50UYBHXM0SKXPqHMzk6XQUpCheF/4qU8aOhajsyRQFDV1ih/uPIg7YHRtFi\nCTq4G+zb43X1T77nJgSOI9pq/TqCwtukZ7u9VLL3JAq3Wdy2moKLvvC8tVmRzkAe\n0xQCkRKIjbBG80MSyDX/R4uYgj6ZiNT/Zg6GI6RofgqgpDdssLc0XIRQEotxIZcK\nzP3pGJ9FCbMHmMLLyuBd+uCWvVcF2ogYAawufChS/PT61D9rqzPRS5I2uqa3tmIT\n44JhJgWhBnFMb7AGQkvNq9KNS9dd3GWc17H/dXa1enoxzWjE0hBdFjxPhUb0W3wi\n8o34/m8Fxw==\n-----END CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----\nMIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH\nMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2ViV\n5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY\n1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4\nNeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG\nFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91\n8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe\npLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl\nMrY=\n-----END CERTIFICATE-----"
]
...
...
}
5. 如有需要,可重签发SSL证书
证书私钥丢失/多年证书在到期前需要重签证书 ,您可以通过 重新签发证书接口 重签新证书
证书重签发 采用dns验证
{
"common_name": "domain2.xyz",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICkDMt1EZi0PKNyCnXd3U70wL6x\nIurwKobX+/ZLp+9pCmbPxRiP9lcUtNF3owstsOOeaD8tNMMblWXZTxsZKgfmy7Hn\nsddnQgCH6MF8nL7o+RKKbLrzxemDhuMTzi+VA6ueXW/LDIjP\n-----END CERTIFICATE REQUEST-----",
"dcv_method": "dns"
}
多域名证书重签发 采用dns验证
{
"common_name": "domain2.xyz",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICkDMt1EZi0PKNyCnXd3U70wL6x\nIurwKobX+/ZLp+9pCmbPxRiP9lcUtNF3owstsOOeaD8tNMMblWXZTxsZKgfmy7Hn\nsddnQgCH6MF8nL7o+RKKbLrzxemDhuMTzi+VA6ueXW/LDIjP\n-----END CERTIFICATE REQUEST-----",
"dcv_method": "dns",
"dns_names": "domain1.com,domain2.com,domain3.com"
}
多域名证书重签发 采用email验证
{
"common_name": "domain2.xyz",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICkDMt1EZi0PKNyCnXd3U70wL6x\nIurwKobX+/ZLp+9pCmbPxRiP9lcUtNF3owstsOOeaD8tNMMblWXZTxsZKgfmy7Hn\nsddnQgCH6MF8nL7o+RKKbLrzxemDhuMTzi+VA6ueXW/LDIjP\n-----END CERTIFICATE REQUEST-----",
"dcv_method": "email",
"approver_email": "admin@domain2.xyz",
"dns_names": "domain1.com,domain2.com,domain3.com",
"approver_emails": "admin@domain1.com,admin@domain2.com,admin@domain3.com"
}
