Certum品牌VSSL接入文档说明
2025-07-13版本
1.certum品牌的ssl证书,验证方式新增dns_txt 及。dns_cname,涉及的接口有:
1.下订单;
2.重签订单;
3.更新域名验证方式;
4.获取域名列表
产品列表
| ID | 品牌名称 | 品牌级别 | 品牌类型 | 产品名称 | 重签注意事项 | csr算法支持 |
|---|---|---|---|---|---|---|
| 197 | Certum | DV | flex | Certum 域名级 TLS 证书 | csr 不能 更换常用名称 | 支持RSA/ECC |
| 202 | Certum | DV | flex | Certum 域名级 IP 证书 | csr 不能 更换常用名称 | 支持RSA/ECC |
| 198 | Certum | OV | flex | Certum 企业级 TLS 证书 | csr 不能 更换常用名称 | 支持RSA/ECC |
说明:文档代码证书id为199,ev代码证书id为201,197可覆盖单域名多域名泛解析,无需选用单域名产品id,否则不送www
push通知
Certum支持对签发和取消订单操作执行 PUSH 主动通知,以避免您采用轮询方式增加服务器负担。(后续可考虑将Certum服务器ip加入白名单) 接入此通知准备工作:
1.下单参数说明
需要保证您在调用api下单接口时对 notifyUrl参数 赋予合法的api push 地址, 推送统一用 POST
2.验证机制
Certum提供了一种基于哈希消息认证码(HMAC)签名来验证 webhook 的方法
Certum将发送包含 Webhook 签名的特殊header: X-Webhook-Signature
为了验证接口上收到的签名,必须执行以下步骤:
1.将收到的请求的原始正文计算 HMAC。 将获得的 HMAC 编码为 base64 格式——这是计算出的签名。
2.将header中的签名X-Webhook-Signature与上一步中计算出的签名进行比较。如果它们相同,则意味着 Webhook 来自 Certum,并且其有效负载未被任何第 3 方修改。
代码示例-签名验证
NodeJS示例如下:
若apiKey的值是apiKey123
rawBody的值是data_test
则sig的值是ATyqaNp4B+lhM/xFRKyk4//VdVAbxYNbPvrlQrbbMj4=
const crypto = require('crypto');
const apiKey = '...';
module.exports.handler = async event => {
// 验证用的请求头
const sigHeader = event.headers['X-Webhook-Signature'];
//接收的原始正文
const rawBody = event.body;
// 计算 base64 编码的签名
const sig = crypto.createHmac('sha256', apiKey)
.update(rawBody)
.digest('base64');
if (sig !== sigHeader) {
// Webhook 签名不匹配,不被信任
return {
statusCode: 400,
body: JSON.stringify({ message: 'Webhook rejected!' }),
};
}
const webhookPayload = JSON.parse(rawBody).data;
// Webhook 可信, 继续处理内部逻辑。。。
};PHP示例如下:
若apiKey的值是apiKey123
rawBody的值是data_test
则sig的值是ATyqaNp4B+lhM/xFRKyk4//VdVAbxYNbPvrlQrbbMj4=
define('apiKey', '...');
//接收的原始正文
$rawBody = file_get_contents('php://input');
// 验证用的请求头
$sigHeader = getallheaders()['X-Webhook-Signature'];
// 计算 base64 编码的签名
$sig = base64_encode(hash_hmac('sha256', $rawBody, apiKey, true));
// Webhook 签名不匹配,不被信任
if ($sig !== $sigHeader) {
return;
}
$webhookPayload = json_decode($rawBody, true)['data'];
// Webhook 可信, 继续处理内部逻辑。。。
3.确认接收:
正确处理并接收 PUSH 消息后,请您 8s内 返回http状态码 200, 以及json 格式的消息: {"status":"success"} 告知服务器处理成功,否则均表示为接收失败,
当Certum 获取到处理失败信息时,将会按照下列的推送频率继续此消息的推送
4.推送频率:
为保障您的系统可以成功接收到我们推送的信息,我们将按照7个阶段进行推送。您的程序可以在任何一个阶段中的任何一次推送中进行确认接收。一旦完成确认
接收成功,我们将会停止接下来的推送。
倘若您的程序在第七阶段(最后阶段)任然无法完成确认接收,本次通知将会失效,我们不再保留这条推送任务。您需要通过其他API方式获取证书信息。
一阶段: 实时推送一次,若没有完成确认接收;将会立即再推送第二次,若依然没有完成确认接收,则立即继续尝试第三次推送。如果依然没有完成确认接收,则进行下一个阶段。
二阶段: 每隔1分钟再次尝试推送,共尝试5次
三阶段: 每隔5分钟再次尝试推送,共尝试5次
四阶段: 每隔1小时再次尝试推送,共尝试1次
五阶段: 每隔2小时再次尝试推送,共尝试1次
六阶段: 每隔12小时再次尝试推送,共尝试1次
七阶段: 每隔24小时再次尝试推送,共尝试1次
5.请求头数据类型
Content-Type 为 application/json
6.请求体:
Certum根据您的 下单的 notifyUrl 传递的接口地址 使用post 传输 json 推送数据
6.1.1证书签发的推送信息: { "auth": { "authToken": "c55eed1e30e4f3cb36de07c9f76d50c8", "randomStr": "success" }, "notifyInfo": { "orderNo": "2021011221355666", "certID": 142932802604630016, "status": "3004", "statusDesc": "issued", "serialNumber": "ebdd502ca70645e0acdbf0c9a43f6af", "certContent": "-----BEGIN CERTIFICATE-----\nMIIFpDCCBIygAwIBAgIQDr3VAspzZF4Kzb8MmkP2rzANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQsQH\n/+YpBRT6Kd1WsedeyquzGBd3DPU94WGn6Kg7VHwP5/Iz7IhAYyNrtg4uVdqXwF0c\nEi4viTme6Deqo8Gizr5n7NlANwGaKKbNP2yiTLipp93bya1WRQvtiES4b17hYYMS\nOj6cikgJBJo=\n-----END CERTIFICATE-----\n", "midCertContent": "-----BEGIN CERTIFICATE-----\bxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFg6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA\nCiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F\nzZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA\nvGp4z7h/jnZymQyd/teRCBaho1+V\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb\nMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowAVGI/6ugLOpyypEBMs1OUIJqsi\nl2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3\nsmPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==\n-----END CERTIFICATE-----\n", "notBefore": 1606262400000, "notAfter": 1637884799000, "commonName": "test.com", "domainNames": [ "test.com" ], "sha1": "77ddc84576d56661867c0f95a341642e9699d350", "sha256": "0e27a14fcb7a6014ab0500171438ce1eeaeffa7d6f2006b344d5d3e1ed2835f7", "issuerCommonName": "Certum RSA Domain Validation Secure Server CA", "issuerCountry": "PL", "issuerOrg": "Certum Limited", "signatureAlgo": "SHA256-RSA", "encryption": "RSA", "keyLength": 2048, "keyCurve": "" }
}
6.1.2证书签发的推送信息解释
文字说明
| 参数名称 | 类型 | 描述 |
|---|---|---|
| auth | object | 身份验证对象 |
| ..authToken | string | 待解密字符串 |
| ..randomStr | string | 随机字符串, authToken的解密结果应与此相等 |
| notifyInfo | object | 通知消息对象 |
| ..orderNo | string | 订单编号 |
| ..certID | int | 证书编号 |
| ..status | string | 订单状态代码 3004 |
| ..statusDesc | string | 状态描述 issued |
| ..serialNumber | string | 证书序列号 |
| ..certContent | string | 证书 |
| ..midCertContent | string | 中间证书 |
| ..notBefore | int | 证书签发日期 时间戳 (毫秒) |
| ..notAfter | int | 证书到期日期 时间戳(毫秒) |
| ..commonName | string | 证书的常用名称 |
| ..domainNames | Array | 证书包含的所有域名数组 |
| ..sha1 | string | 证书的sha1值 |
| ..sha256 | string | 证书的sha256值 |
| ..issuerCommonName | string | 颁发者通用名称 |
| ..issuerCountry | string | 颁发者国家 |
| ..issuerOrg | string | 颁发者组织 |
| ..signatureAlgo | string | 证书签名算法 |
| ..keyCurve | string | 秘钥曲线(encryption为ECDSA(又名ECC)时成对出现) 如signatureAlgo为ECDSA-SHA384,encryption为ECDSA,keyCurve为P256 |
| ..encryption | string | 加密算法 |
| ..keyLength | int | 私钥长度(encryption为RSA时成对出现) |
图片说明
6.2.1证书取消的推送信息:
{ "auth": { "authToken": "c55eed1e30e4f3cb36de07c9f76d50c8", "randomStr": "success" }, "notifyInfo": { "orderNo": "202001016666", "certID": 142932802604630016, "status": "3005", "statusDesc": "canceld" }
}
6.2.2证书取消的推送参数解释
图片说明:
订单状态码状态码 类型 说明 1001 string 未支付(订单未支付或重签的差额未支付) 1002 string 已支付 1003 string 支付成功,但提交到ca申请订单异常,请联系客服 1004 string 已取消 1006 string 支付成功,但提交到ca申请订单超时,请联系客服
证书状态码证书状态码 状态码 类型 说明 3002 string 已支付,等待签发 3003 string 支付成功,但提交到ca申请订单异常,请联系客服 3004 string 已签发 3005 string 已取消 3006 string 支付成功,但提交到ca申请订单超时,请联系客服 重签状态码 状态码 类型 说明 "" 空 string 还未申请重签 5001 string 重签申请中 5002 string 重签申请成功 5003 string 重签申请失败 5004 string 重签需要补差价,但没有补交(暗示余额不足),仅与1001有关,但当订单状态为1002时则不需关注 域名验证状态码 状态码 类型 说明 2001 string 未验证 2002 string 已验证 2001-CAA string 未验证且待签发域名存在CAA记录。需要用户删除CAA记录或添加对应ca的记录后重新下单才可以签发 2002-CAA string 已验证但待签发域名存在CAA记录。需要用户删除CAA记录或添加对应ca的记录后重新下单才可以签发 ov验证状态码 状态码 类型 说明 2000 string 不需要此验证 2001 string 未验证 2002 string 已验证 ev验证状态码 状态码 类型 说明 2000 string 不需要此验证 2001 string 未验证 2002 string 已验证 签发前状态汇总状态码 状态码 类型 说明 2001 string 未验证 2002 string 已验证
订单状态码
证书状态码
重签状态码
域名验证状态码
ov验证状态码
ev验证状态码
签发前状态汇总状态码
错误信息格式
code值见错误码
{
"code": 6000,
"msg": "错误信息",
"data": null
}
错误码
//下订单接口
SuccessCode = 200 //success
ServerError = 500 //服务端错误
BalanceNotEnough = 6000 //账户余额不足
NoProduct = 6001 //暂未提供相应产品
ParamFormatInvalid = 6002 //参数类型或参数名有误
YearInvalid = 6003 //年限不支持
DcvMethodInvalid = 6004 //dcvMethod 不支持
GlobalsignNoEmail = 6005 //globalsign暂不支持email域名验证方式
CsrInvalid = 6006 //csr 不合法
UnSupportIP = 6007 //不支持IP
DomainInvalid = 6008 //域名不合法
UnSupportWildCard = 6009 //不支持通配
OrderNoInvalid = 6010 //订单号错误
RecommitDenied = 6011 //此订单不满足重新提交的条件
OrderOverYears = 6012 //订单已超过有效期
FreeCertNoResign = 6013 //免费证书不能重签
CertIssueNotDoneNoResign = 6014 //证书未颁发完成不能重签,重签后未颁发完成,也不能重签
CsrNoOrgInvalid = 6015 //csr 必须包含企业信息
OrderPayedAlready = 6016 //csr 订单已支付
//取消订单
ReCancelDenied = 6100 //不能重复取消订单
ReSignedCancelDenied = 6101 //重签成功的订单不允许取消
ReChargeCancelDenied = 6102 //不支持取消充值订单
FreeCertCancelDenied = 6103 //免费证书不允许取消
IssuedAfter30CancelDenied = 6104 //证书颁发30天后,不能退款
//下载证书
CertUnIssued = 6200 //证书未签发完成
//修改验证方式
UpdateDcvUnSupported = 6300 //此产品不支持修改验证方式
IPUpdateDcvUnSupported = 6301 //ip不允许修改验证方式
DomainNotExist = 6302 //域名不存在,请重试
DomainHasBeenVerified = 6303 //域名已验证,无需更改验证方式
CanNotUpdateSameDcv = 6304 //不能更换相同的验证方式
NoNeed2VerifyDcv = 6305 //此证书无需请求验证
LackOfOrderInfo = 6306 //缺少必要订单信息
//重新生成dcvToken
ReGenDcvTokenUnSupport = 6400 //不支持此品牌
DomainNotFound = 6401 //未找到此域名
//删除域名
DeleteDomainDenied = 6500 //域名已经验证,不允许删除
DeleteDomainUnSupport = 6501 //此产品不支持删除域名,请联系客服处理
//获取域名列表
PageNumError = 6600 //页码输入有误
PageSizeError = 6601 //记录数输入有误
//重发邮件
ReSendEmailFailed = 6702 //重发邮件失败
ReSendEmailNotSupport = 6703 //不支持邮件重发
//订单状态
TryReCommit = 6800 //订单处理失败,请尝试重新提交
OrderCreating = 6801 //订单生成中
//下载证书
CertCancelled = 6900 //证书已退款,被取消使用
//联系人信息参数错误
ContactNull = 7000 //联系人不能为空
FirstNameInvalid = 7001 //FirstName 错误
LastNameInvalid = 7002 //LastName 错误
PositionInvalid = 7003 //Position 错误
EmailInvalid = 7004 //Email 错误
TelephoneInvalid = 7005 //电话 错误
//企业信息参数错误
OrgInfoNull = 7100 //企业信息不能为空
OrgNameInvalid = 7101 //OrgName 错误
CreditCodeInvalid = 7102 //CreditCode 错误
CountryInvalid = 7103 //Country 错误
ProvinceInvalid = 7104 //Province 错误
LocalityInvalid = 7105 //Locality 错误
AddressInvalid = 7106 //Address 错误
PostalCodeInvalid = 7107 //PostalCode 错误
JoiCountryInvalid = 7108 //JoiCountry 错误
JoiProvinceInvalid = 7109 //JoiProvince 错误
JoiLocalityInvalid = 7110 //JoiLocality 错误
RegistAddrInvalid = 7111 //RegistAddr 错误
DateOfIncorporationInvalid = 7112 //DateOfIncorporation 错误
OrgExitsAlready = 7113 //企业信息已存在
OrgNotExist = 7114 //公司不存在
ProfileAddSuccessCertsExceeded = 8000 //任务添加成功,但证书数量已到达上限,本次任务放弃执行
ProfileAddSuccessTaskRunError = 8001 //任务添加成功,立即执行失败
//生成csr
KeyCurveInvalid = 9000 //请检查加密曲线参数格式
KeySizeInvalid = 9001 //不支持您输入的加密位数
EncryptionHashSignInvalid = 9002 //encryption与hashSign参数格式错误
//多语言另加
PayAimInvalid = 10000 //支付目的错误
ReIssueErrToReCommit =10001 //重签出错,联系客服
//ct log
ParseURLError = 11000 //解析url错误
ParseQueryError = 11001 //解析url query 错误
ParamNullError =11002 //参数为空
账户
GET余额查询
https://sslapi.0654.cn/finance/balance
Example Request
curl --location 'https://sslapi.0654.cn/finance/balance ' \
--header 'apiKey: abcdef'
Example Response
{
"code": 200,
"data": {
"balance": 1312020,
"toBeInvoicedAmount": 505849
},
"msg": "ok"
}
Headers (12)
POST1.生成csr
https://sslapi.0654.cn/certificates/csr
请求参数解释
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/csr' \
--header 'apiKey: ' \
--header 'Content-Type: application/json' \
--data '{
"country": "CN",
"domain": "test.com",
"encryption": "RSA",
"hashSign": "SHA256",
"keySize": 2048,
"locality": "San Gabriel",
"orgUnit": "it",
"organization": "your company name",
"province": "California"
}'
Example Response
{
"code": 200,
"data": {
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICqDCCAZACAQAwYzELMAkGA1UEBhMCQ04xDzANBgNVBAgMBuWbm+W3nTEPMA0G\nA1UEBwwG5oiQ6YO9MRIwEAYDVQQKDAnlhazlj7jlkI0xCzAJBgNVBAsTAml0MREw\nDwYDVQQDEwh0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAK2fpaNeGUc8dqS6otPSslVUQJJwzLS0m+3NqsCSaDltDPZYhWE4L87XnW6w9C6m\nWBKGh8IcXv+bet6aZy5MtNGGW6EDd/VpzbXu4ElBkZAEr7t8wDdLfODQ4gNXUN\nf4vjTS7M1MRyEjyvuEtLBkClhzTtudEzOIp7OAWvXrWayCnn7rH4eBOwWcnnnoI4\nHoZPO+MONHOBUII7cfPNuL1bFwWbMalOX2fdXTsAc3sLdx9CnHYzO9N3I3SQz384\nJnLBrWLFEphkdaWYpXFLxVBr78ImcqEGglPJ4Hud031SsMjucSiB/u1/iLIkopLj\npAocp5EmyfK0klt/0FdfeCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB+n0dW\nWm3O23f57XniXDCZCFFGswKkLYzcwbRwZ+SsodRIixM0w5yXx+0ROePjI/YDPdeh\nbjduegebS6jouCgwrmtB0BAAmRjGSKqbVH/D+f7pmEVVaxjT56mItj0dV1KkZctd\nQiO0CKPUM9aoo4TlvFdh4tTTBt+Q0UV0q5rwPIaG9O7QgrmCZ+MS2l5oMDhTnXQr\np/C3byZb7hTwsaz7ru0W+LagLKQ9TQ3TmDWaLdpLqzLAq2UR0kdjEqKf0/KS1oH8\nGS6WPkbsmUC0o1iuWw6J2sJ3bCfvqAe+ol8XgKAPKhQmKSjV/XmPBZ+Om1zAPyG8\nM2HOUvKxn2tJE2fF\n-----END CERTIFICATE REQUEST-----\n",
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEArZ+lo14ZRzx2pLqi09KyVVRAknDMtLSb7c2qwJJoOW0M9liF\nYTgvztedbrD0LqZYEoaHwhxe/5t63ppnLky00YZboQN39WnNte7gSUGRkASvu3zA\nN0t84NDiA2FJdQ1/i+NNLszUxHISPK+4S0sGQKWHNO250TM4ins4Ba9etZrIKefu\nsfh4E7BZyeeegjgehk874w40c4FQgjtx8824vVsXBZsxqU5fZ91dOwBzewt3H0Kc\ndjM703cjdJDPfzgmcsGtYsUSmGR1pZilcUvFUGvvwiZyoQaCU8nge53TfVKwyO5x\nKIH+7X+IsiSikuOkChynkSbJ8rSSW3/QV194hwIDAQABAoIBAQCM25V1CZV2fq4+\njJAnS6uUoIrWg58AB/rtHcsm+mCGHlvCzCRBsGTQ6Yp20Cb6ZcfUF8KyD3Re6RPw\n3tFQ9bhIuDlEUt0ShCj5LfhWVlSyw6qSb+49rgd9GNoUJeyDg1Tz94+ZpWIEkgsL\nov/gTdifv+sGXMtA1s5LQxY7PoCW0cq6VUKWX+nDapWAALUpFwYbln7u0hQizvqV\nyHePojH1jXtpQIeuBaiaW5V/eYW6t4mhWu7W+F0RGIDBrl8v2sRDhHFl85bR3R48\nBivnYGF7lbleBr0ovnIT/dmX7V4uu+Z/Z7i07t8hAN2J+YwPrLyQ7p0U7EMh/ri\nLP7L0MeBAoGBANrRQCCXogF9AobSfjKkAMGzHUOY7zJmiZhsHViMtKPwViKZp1cy\nzn9iTjMTNlqFMyMj/eGq8AGIbbIr74KUOBXxCWWC74tHbh4eZdwUvw/ju9C5gLNo\nKfHdyBqKFAoMa6i5eC8WCJyXudg9UDboChGvo/40VvfqbRBwwasdL9vHAoGBAMsg\nbYqIgicDIG6ZLzlBZWuc+2fZBoAuPg/bcF0loIPRV0iolMyZK2VSA1tjB/UgjmAU\n61E1veFyktWl6EMb61EYq9ID0L+g3psVM7HU/eMY3xxueZvvwYYPuwnBHOTu3h\n6tceOWS41caYGziYgYMiRi3rZcvDKYdARO6b0/1BAoGBAJNZfXl1Ip8l82GetWSc\nk/XcC8TNY6Xo7pc5lrleZvZOjXJXThymFfAp3sb+FQf30mvDfN9OILinilcExxCD\nhxEfc1hsR6reuwSFK8p8Hf0xOfRgNo6ZgkVhN7LHcJ8jpgvEeW4bxEjO01MOVsni\nj4VBZYl07Wuc7Ty48XGtAeFZAoGAFK0dWV+h1/TChV+EZhCZEUYudRirR7rtSFHu\n8xxUZXaWque2Fcl1mF+rxc6jzbjdpTwb4+1TgbJW7fZwWPxrjJq1SrBmvErUviyz\nRySaTDny018L/yEwRpr4rEYC7PESKba4X+NMtkr2P7vV8YHclQuVFzGB8CbSgFjz\na1JjVsECgYEAnS9F0G9SzlG9uMiMoMFzHJkZiDvi65KVtVMPEBgWFq5FM43uOho9\nIiaotwe6F1eVAejm4HyCwpaO/fPJMZi0ilBgx+N99Rd5FZ/wHQjephLtguLsk6/\n1gneoj/tWbvCFJnEWvhnMXbDEwJvA4ylzBBOofwF6pCW2OQm9IakY4s=\n-----END RSA PRIVATE KEY-----\n"
},
"msg": "ok"
}
POST2.下订单
https://sslapi.0654.cn/certificates/id/:pNo
下订单注意:
1.所有ev证书(增强级)不支持ip和通配, 产品列表里 只有ov(企业级)支持ip
2.所有品牌的包含通配域名的证书都不再支持文件验证。比如 非flex通配符证书 以及flex的证书中含有通配域名都不支持文件验证
3.订单分flex和非flex产品,下单参数有所不同,请查看Example Request(示例请求)右边下拉箭头
请求参数解释:
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/id/197' \
--header 'Content-Type: application/json' \
--header 'apiKey: ' \
--data-raw '{
"year": 1,
"dcvMethod": "dns",
"csr": "csr",
"domainNames": "1.example.com,*.demo.com",
"contactInfo": {
"lastname": "star",
"firstname": "moon",
"position": "it",
"email": "123@gmail.com",
"telephone": "123546"
},
"notifyUrl":"https://test.com/testPush",
"orgInfo": {
"orgName": "your company name",
"creditCode": "X869112948",
"country": "US",
"province": "California",
"locality": "San Gabriel",
"address": "6148 Avon Avenue",
"postalCode": "91775",
"telephone": "+14028935615",
"joiCountry": "US",
"joiProvince": "California",
"joiLocality": "San Gabriel",
"registryAddr": "6148 Avon Avenue",
"dateOfIncorporation": "2010-03-12"
}
}'
Example Response
{
"code": 200,
"msg": "ok",
"data": {
"certID": 142932802604630020,
"cost": 123456,
"orderNo": "20201232020789"
}
}
GET3.获取域名列表
https://sslapi.0654.cn/certificates/domains/:orderNo
响应参数解释
| 参数名称 | 类型 | 描述 |
|---|---|---|
| code | int | 状态码,200; 500及其他错误码 |
| data | object | 返回信息描述的对象 |
| ..domainList | object | 域名的列表 |
| .. ..dnsNames | Array | 相同根域名组成的数组,他们公用一种验证方式. ip单独 |
| .. ..domainID | int | 域名id,仅digicert产品线(geotrust,rapidssl,digicert,securesite,thawte,securesitechina,geotrustchina)有,其他为0 |
| string | 邮箱验证时的邮箱 | |
| .. ..status | string | 域名验证状态 |
| .. ..dcvMethod | string |
域名验证方式(返回的域名验证方式和请求时不一样, (1)CNAME_CSR_HASH对应dns (2)HTTP_CSR_HASH对应file (3)EMAIL对应email (4)DNS_TXT对应dns_txt (5)DNS_CNAME对应dns_cname |
| .. ..fileDcvPath | string | 域名验证方式为文件验证时需要用到的文件验证路径;验证方式为非文件验证时也会返回作为常用参数。注意:路径中的{FQDN}请替换成dnsNames 参数中的完整域名,例: "dnsNames": ["1.example.com","2.example.com"], 则文件验证路径为对应的两个:http://1.example.com/.well-known/pki-validation/gsdv.txt 和 http://2.example.com/.well-known/pki-validation/gsdv.txt。 若"dnsNames": "140.12.56.8",则 http://140.12.56.8/.well-known/pki-validation/gsdv.txt。 本次更新与之前的差别在于:之前的文件验证路径只需要顶级域名或ip进行文件验证即可,而现在是每个域名本身都要进行文件验证 |
| .. ..recordType | string | 用于验证的记录类型 |
| .. ..hostRecord | string | 用于验证的主机记录值 |
| .. ..hashValue | string | 用于验证的 hash值/token |
| ....uniqueValue | string | sectigo.possitivessl类证书重签后返回的唯一值 |
| msg | string | 错误或成功信息提示 |
Example Request
curl --location 'https://sslapi.0654.cn/certificates/domains/2022123456' \
--header 'apiKey: '
Example Response
{
"code": 200,
"data": {
"domainList": [
{
"dnsNames": [
"1.example.com",
"2.example.com"
],
"domainID": 0,
"email": "admin@example.com",
"status": "2002",
"dcvMethod": "CNAME_CSR_HASH",
"fileDcvPath": "http://{FQDN}/.well-known/pki-validation/gsdv.txt",
"recordType": "TXT",
"hostRecord": "@",
"hashValue": "jdhbfkdslfbkjndfskjnajd",
"uniqueValue": ""
},
{
"dnsNames": [
"1.example2.com",
"2.example2.com"
],
"domainID": 0,
"email": "admin@example2.com",
"status": "2002",
"dcvMethod": "CNAME_CSR_HASH",
"fileDcvPath": "http://{FQDN}/.well-known/pki-validation/gsdv.txt",
"recordType": "TXT",
"hostRecord": "@",
"hashValue": "thhsdfhslfbkjndfskjnajd",
"uniqueValue": ""
},
{
"dnsNames": "140.12.56.8",
"domainID": 0,
"email": "",
"status": "2001",
"dcvMethod": "HTTP_CSR_HASH",
"fileDcvPath": "http://{FQDN}/.well-known/pki-validation/gsdv.txt",
"recordType": "TXT",
"hostRecord": "@",
"hashValue": "wgtfkdslfbkjndfskjnajd",
"uniqueValue": ""
}
]
},
"msg": "ok"
}
PUT4.请求验证域名
https://sslapi.0654.cn/certificates/verifyDomains/:orderNo
响应参数解释
| 参数名称 | 类型 | 描述 |
|---|---|---|
| code | int | 状态码,200; 500及其他错误码 |
| msg | string | 错误或成功信息提示 |
| data | object | 返回信息描述的对象 |
Example Request
curl --location --request PUT 'https://sslapi.0654.cn/certificates/verifyDomains/202201020304' \
--header 'apiKey: '
Example Response
{
"code": 200,
"msg": "验证成功",
"data": null
}
GET5.查看订单状态
https://sslapi.0654.cn/certificates/status/:orderNo
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/status/202201020304' \
--header 'apiKey: '
Example Response
{
"code": 200,
"data": {
"status": {
"certPrepareStatus": "2002",
"certStatus": "3004",
"dcvStatus": "2002",
"evValidationStatus": "2000",
"isReSignOrder": "N",
"orderStatus": "1002",
"ovValidationStatus": "2000",
}
},
"msg": "ok"
}
GET6.下载证书
https://sslapi.0654.cn/certificates/download/:orderNo
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/download/202201020304' \
--header 'apiKey: '
Example Response
{
"code": 200,
"data": {
"certInfo": {
"serialNumber": "ebdd502ca70645e0acdbf0c9a43f6af",
"certContent": "-----BEGIN CERTIFICATE-----\nMIIFpDCCBIygAwIBAgIQDr3VAspzZF4Kzb8MmkP2rzANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQsQH\n/+YpBRT6Kd1WsedeyquzGBd3DPU94WGn6Kg7VHwP5/Iz7IhAYyNrtg4uVdqXwF0c\nEi4viTme6Deqo8Gizr5n7NlANwGaKKbNP2yiTLipp93bya1WRQvtiES4b17hYYMS\nOj6cikgJBJo=\n-----END CERTIFICATE-----\n",
"midCertContent": "-----BEGIN CERTIFICATE-----\bxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5\nyOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K\n00u/I5sUKUErmgQfky3xxzlIPK1aEn8=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFg6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA\nCiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F\nzZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA\nvGp4z7h/jnZymQyd/teRCBaho1+V\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb\nMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowAVGI/6ugLOpyypEBMs1OUIJqsi\nl2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3\nsmPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==\n-----END CERTIFICATE-----\n",
"notBefore": 1606262400000,
"notAfter": 1637884799000,
"commonName": "test.com",
"domainNames": [
"test.com"
],
"sha1": "77ddc84576d56661867c0f95a341642e9699d350",
"sha256": "0e27a14fcb7a6014ab0500171438ce1eeaeffa7d6f2006b344d5d3e1ed2835f7",
"issuerCommonName": "Sectigo RSA Domain Validation Secure Server CA",
"issuerCountry": "GB",
"issuerOrg": "Sectigo Limited",
"signatureAlgo": "SHA256-RSA",
"encryption": "RSA",
"keyLength": 2048,
"keyCurve": ""
}
},
"msg": "ok"
}
POST7.重签订单
https://sslapi.0654.cn/certificates/reissue
请求参数解释
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/reissue' \
--header 'Content-Type: application/json' \
--header 'apiKey: ' \
--data '{
"csr": "string",
"dcvMethod": "string",
"domainNames": "string",
"orderNo": "string"
}'
Example Response
{
"code": 200,
"msg": "ok",
"data": {
"certID": 142932802604636670,
"priceDiff": 66666
}
}
PUT8.更新域名验证方式
https://sslapi.0654.cn/certificates/dcv
注:
(1)除certum产品外,验证方式仅支持 :file, email, dns 必须小写,certum产品另加dns_txt及dns_cname两种验证方式
(2)globalsign,alphassl不允许 修改
请求参数解释
响应参数解释
Example Request
curl --location --request PUT 'https://sslapi.0654.cn/certificates/dcv' \
--header 'apiKey: ' \
--header 'Content-Type: application/json' \
--data '{
"approverEmailPrefix": "admin",
"newMethod": "dns",
"orderNo": "202011161616021650"
}'
Example Response
{
"code": 200,
"data": null,
"msg": "更新域名验证方式请求成功"
}
PUT9.重发邮件
https://sslapi.0654.cn/certificates/reSendDcvEmail/:orderNo
响应参数解释
Example Request
curl --location --request PUT 'https://sslapi.0654.cn/certificates/reSendDcvEmail/202201020304' \
--header 'apiKey: '
Example Response
{
"code": 200,
"msg": "发送成功",
"data": null
}
GET10.取消订单
https://sslapi.0654.cn/certificates/cancel/:orderNo
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/cancel/202201020304' \
--header 'apiKey: '
Example Response
{
"code": 200,
"msg": "ok",
"data": null
}
GET11.证书日志查询
https://sslapi.0654.cn/certificates/ctLogs?domain=&pageID=&includeSubDomains=
请求参数解释
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/ctLogs?domain=test.com&pageID=1&includeSubDomains=%20false' \
--header 'apiKey: '
Example Response
{
"code": 200,
"data": {
"certs": [
{
"subject": "baidu.com",
"hash": "TAqITLXks/lDBFpaVQxGp669B8zSSn5SXSOLj+O9Gfc=",
"issuer": "GlobalSign Organization Validation CA - SHA256 - G2",
"notBefore": 1555570576000,
"notAfter": 1593063062000,
"ctLogsCount": 6,
"dnsNamesCount": 52
},
…
{
"subject": "baidu.com",
"hash": "5HrK7ywqpEZaaQxwabeHpITp0uIZbDbVPDMCx/QVM24=",
"issuer": "GlobalSign Organization Validation CA - SHA256 - G2",
"notBefore": 1571908623000,
"notAfter": 1593063062000,
"ctLogsCount": 9,
"dnsNamesCount": 50
}
],
"currentPage": 4,
"lastPageID": "YmFpZHUuY29tOnRydWU6ZmFsc2U6OkNCUVFBUT09",
"nextPageID": "YmFpZHUuY29tOnRydWU6ZmFsc2U6OkNDZ1FBUT09",
"totalPage": 18
},
"msg": "ok"
}
GET12.证书日志某证书详情
https://sslapi.0654.cn/certificates/ctLogs/cert?certHash=
请求参数解释
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/ctLogs/cert?certHash=AJ%252Bdx9ghIcyjs7QtAIWpTIRiwd1UVoPUOqLgzMKYWX4%253D' \
--header 'apiKey: '
Example Response
{
"code": 200,
"data": {
"certInfo": {
"subject": "C=CN, O=Beijing Baidu Netcom Science Technology Co., Ltd, OU=service operation department, L=beijing, ST=beijing, CN=baidu.com",
"issuer": "C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2",
"serialNumber": "72:58:78:36:6E:9F:56:E8:1D:41:88:48",
"notBefore": 1585811098000,
"notAfter": 1627277462000,
"dnsNames": [
"baidu.com",
"baifubao.com",
"www.baidu.cn",
"www.baidu.com.cn",
"mct.y.nuomi.com",
"apollo.auto",
"dwz.cn",
".baidu.com", ".baifubao.com",
".baidustatic.com", ".bdstatic.com",
".bdimg.com", ".hao123.com",
".nuomi.com", ".chuanke.com",
".trustgo.com", ".bce.baidu.com",
".eyun.baidu.com", ".map.baidu.com",
".mbd.baidu.com", ".fanyi.baidu.com",
".baidubce.com", ".mipcdn.com",
".news.baidu.com", ".baidupcs.com",
".aipage.com", ".aipage.cn",
".bcehost.com", ".safe.baidu.com",
".im.baidu.com", ".baiducontent.com",
".dlnel.com", ".dlnel.org",
".dueros.baidu.com", ".su.baidu.com",
".91.com", ".hao123.baidu.com",
".apollo.auto", ".xueshu.baidu.com",
".bj.baidubce.com", ".gz.baidubce.com",
".smartapps.cn", ".bdtjrcv.com",
".hao222.com", ".haokan.com",
".pae.baidu.com", ".vd.bdstatic.com",
"click.hm.baidu.com",
"log.hm.baidu.com",
"cm.pos.baidu.com",
"wn.pos.baidu.com",
"update.pan.baidu.com"
]
}
},
"msg": "ok"
}
GET13.订单筛选
https://sslapi.0654.cn/certificates/orders?commonName=&certPrepareStatus=&pageNumber=&certStatus=&orderStatus=
请求参数解释
响应参数解释
Example Request
curl --location 'https://sslapi.0654.cn/certificates/orders?commonName=&certPrepareStatus=&pageNumber=&certStatus=&orderStatus=%20' \
--header 'apiKey: '
Example Response
{
"code": 200,
"data": {
"currentPage": 1,
"orders": [{
"orderNo": "2021062217143494639798",
"productNo": "197",
"commonName": "example.com",
"orderStatus": "1001",
"ovValidationStatus": "2000",
"evValidationStatus": "2000",
"dcvStatus": "2001",
"certPrepareStatus": "2001",
"certStatus": "3002",
"submitDateStamp": 1624353275000,
"payDateStamp": 0
},
…省略
{
"orderNo": "2021062214412634516222",
"productNo": "197",
"commonName": "example2.com",
"orderStatus": "1002",
"ovValidationStatus": "2000",
"evValidationStatus": "2000",
"dcvStatus": "2001",
"certPrepareStatus": "2001",
"certStatus": "3002",
"submitDateStamp": 1624344086000,
"payDateStamp": 1624344089000
}
],
"returnCount": 100,
"totalOrders": 636,
"totalPages": 7
},
"msg": "ok"
}
注意:余额查询时默认小数点两位,如有疑问请联系合作伙伴。
本文作者为VSSL管理员,转载请注明。
