OpenSRS Trust Service API Command Reference

Transcription

1 OpenSRS Trust Service API Command Reference September 20, 2012

2 Table of Contents Introduction...4 Purchasing Trust Services...4 Before you begin...4 Submitting a Trust Service SSL certificate order...5 Contact Set...5 Trust Service contacts...6 Admin, Billing, Signer, and Tech contact requirements...8 Organization contact requirements...9 Examples for contact set...10 Trust Service API commands...14 sw_register (trust_service)...14 Request parameters for sw_register (trust_service)...15 Response parameters for sw_register (trust_service)...24 Examples for sw_register...25 cancel_free_trial...59 Request parameters for cancel_free_trial...60 Response parameters for cancel_free_trial...60 Examples for cancel_free_trial...61 cancel_order...64 Request parameters for cancel_order...64 Response parameters for cancel_order...64 Examples for cancel_order...65 create_token...68 Request parameters for create_token...68 Response parameters for create_token...69 Examples for create_token...69 get_cert...72 Request parameters for get_cert...72 Response parameters for get_cert...73 Examples for get_cert...76 get_order_info...90 Request parameters for get_order_info...90 Response parameters for get_order_info...90 Examples for get_order_info...96 get_product_info Request parameters for get_product_info Response parameters for get_product_info Examples for get_product_info get_products Request parameters for get_products...119

3 Response parameters for get_products Examples for get_products parse csr Request parameters for parse_csr Response parameters for parse_csr Examples for parse_csr process_pending Request parameters for process_pending Response parameters for process_pending Examples for process_pending query_approver_list Request parameters for query_approver_list Response parameters for query_approver_list Examples for query_approver_list request_on_demand_scan Request parameters for request_on_demand_scan Response parameters for request_on_demand_scan Examples for request_on_demand_scan resend_approve_ Request parameters for resend_approve_ Response parameters for resend_approve_ Examples for resend_approve_ resend_cert_ Request parameters for resend_cert_ Response parameters for resend_cert_ Examples for resend_cert_ update_order Request parameters for update_order Response parameters for update_order Examples for update_order update_product Request parameters for update_product Response parameters for update_product Examples for update_product Revisions...176

4 Introduction This guide provides information about the commands that are specific to the OpenSRS Trust Service. Purchasing Trust Services Each request for a Trust Service product generates an order record with an associated order ID. The order record represents the purchase order for the product and tracks the product request through to the final issuance of the product itself by the Trust Service Provider. Once a Trust Service product is successfully issued, it is considered to be an object in its own right and is tracked by a product ID. These concepts also apply to the search functionality which is discussed later in this document. Note: Some Trust Service products have associated services that can be initiated, or turned on or off. When making such a request, it is the product itself that is referenced, not the order record. Before you begin When collecting data from a customer who is purchasing a Trust Service product, we recommend that you take two initial steps before submitting an order. Step 1 Use the parse_csr command to parse the CSR for the certificate that is submitted by the purchaser to obtain the encoded CSR data. You can then ask the purchaser to confirm the CSR. Step 2 (Domain Vetted Certificates Only) - Use the query_approver_list command to query the list of addresses that are associated with the purchasing customer and ask them to choose one address to ensure they can receive the approval . When an order is submitted through the API for a domain vetted certificate, an approval is sent out by the Trust Service Provider. The customer needs to be able to receive the , follow its instructions, and approve the Trust Service procurement request. The addresses that are available for product approval include the following: Domain s Admin and Technical Contact addresses. Generic predefined addresses within the domain. The Trust Service Provider s address for manual processing. 4

5 Some organization vetted certificates also validate the domain and require that an approver is chosen. Organization verification may require additional company information to be submitted directly to the certificate provider as part of the review process. Submitting a Trust Service SSL certificate order Once the CSR and approver address have been confirmed, use the sw_register command to submit the Trust Service order, including the required customer data, along with the CSR and the approver address. Note: For Organization vetted certificates, you must provide Organization contact information, and you will have some additional approval steps. Once the order has completed, and the Trust Service product has been issued, you can use the get_order_info command to query the order and obtain the Product ID number. The Product ID number can then be used to manage any extra features of the Trust Service product. You need to specify the Product ID in the update_product command to enable or disable the Symantec Search-in-Seal features on qualifying Symantec Trust Service products. Additionally, for Symantec Trust Service products, you need to specify the Product ID in the request_on_demand_scan command to request a malware scan on your website. Contact Set Rather than including the entire contact set in every command example in this guide, where it is required, instead of the contact details you will see an ellipsis (...) and a link to this topic where the contact_set parameters are defined. This example shows a portion of the sw_register command with the contact_set link: <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> 5

6 <item key="object"> trust_service <item key="attributes"> <item <item key='reg_type'>new <item key="contact_set">... see "Contact Set" Trust Service contacts This table lists the contacts that are required for each of the available Trust Service products. Comodo Admin Billing Tech Organization Signer EV SSL Y Y Y InstantSSL Y PremiumSSL Y PremiumSSL Wildcard Y SSL SSL Wildcard Y Y GeoTrust QuickSSL Y Y Y QuickSSL Premium Y Y Y True BusinessID Y Y Y Y True BusinessID Wildcard Y Y Y Y True BusinessID with EV Y Y Y Y SiteLock Basic Y 6

7 Premium Y SMB Enterprise Secure Y Symantec Admin Billing Tech Organization Signer SecureSite Y Y Y Y SecureSite Pro Y Y Y Y SecureSite with EV Y Y Y Y SecureSite Pro with EV Y Y Y Y thawte SSL123 Y Y Y Y SGC SuperCerts Y Y Y Y SSL Webserver Certificate Y Y Y Y SSL Webserver Certificate with EV Y Y Y Y SSL Webserver Certificate Wildcard Y Y Y Y TRUSTe Privacy Policy Y Privacy Policy with Seal Y Trustwave Domain Vetted (DV) Y Premium EV Y Premium SSL Y Premium SSL Wildcard Y 7

8 Admin, Billing, Signer, and Tech contact requirements Most of the Trust Service products require Admin, Billing, and Tech contact details. Please note the following exceptions: Trustwave certificates require only the Admin contact and must include first_name, last_name, address1, city, postal_code, state, country, , and phone. Comodo certificates, other than EV, require only the Organization contact, and must include org_name, address1, city, postal_code, state, country, and . Comodo EV certificates require Organization, Admin, and Signer contacts, and must include address1, city, postal_code, state, country, , title, first_name, last_name, phone, and org_name (only for Organization contact). Note: Fields cannot contain leading or trailing white-spaces. Parameter name Obligation Format/Constraints first_name Required Maximum 64 alphanumeric characters. last_name Required Maximum 64 alphanumeric characters. title Required for thawte and Symantec certs as well as truebizid_ev and Comodo EV certs Maximum 64 alphanumeric characters. org_name Optional Maximum 64 alphanumeric characters. address1 Required Maximum 100 alphanumeric characters. address2 Optional Maximum 100 alphanumeric characters. address3 Optional Maximum 100 alphanumeric characters. city Required Maximum 64 alphanumeric characters. state Required Maximum 32 alphanumeric characters. 8

9 Parameter name postal_code Obligation Required if country = CA or US Format/Constraints Maximum 32 alphanumeric characters. country Required Valid ISO letter country code. phone Required Maximum 20 characters, in the format +CCC.NNNNNNNNNNxEEEE, where C = country code, N = phone number, and E = extension (optional). fax Optional Maximum 20 characters. If supplied, the fax number must be valid. Required Maximum 255 alphanumeric characters, validated according to rfc822. Organization contact requirements Organization vetted certificates require Organization contact details. Parameter name Obligation Format/Constraints first_name Optional Maximum 64 alphanumeric characters. last_name Optional Maximum 64 alphanumeric characters. org_name Required Maximum 64 alphanumeric characters. address1 Required Maximum 100 alphanumeric characters. address2 Optional Maximum 100 alphanumeric characters. address3 Optional Maximum 100 alphanumeric characters. city Required Maximum 64 alphanumeric characters. state Required Maximum 32 alphanumeric characters. postal_code Required if country = CA or US Maximum 32 alphanumeric characters. country Required Valid ISO letter country code. phone Required Maximum 20 characters, in the format +CCC.NNNNNNNNNNxEEEE, where C = country code, N = phone number, and E = extension (optional). 9

10 Parameter name Obligation Format/Constraints fax Optional Maximum 20 alphanumeric characters. If supplied, the fax number must be valid. Examples for contact set... <item key='contact_set'> <item key="admin"> <item key="first_name">adler <item key="last_name">adams <item key="phone"> x1812 <item key="fax"> <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 100 <item key="address3">admin <item key="city">santa Clara <item key="state">ca <item key="country">us <item key="postal_code">90210 <item key="url"> <item key="billing"> <item key="first_name">bill <item key="last_name">burton <item key="phone"> x1248 <item key="fax">

11 <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 200 <item key="address3">billing <item key="city">santa Clara <item key="state">ca <item key="country">us <item key="postal_code">90210 <item key="url"> <item key="tech"> <item key="first_name">tim <item key="last_name">tucker <item key="phone"> x1243 <item key="fax"> <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 100 <item key="address3">tech <item key="city">santa Clara <item key="state">ca <item key="country">us <item key="postal_code">90210 <item key="url"> <item key="organization"> 11

12 <item key="first_name">jim <item key="last_name">johnson <item key="phone"> x1224 <item key="fax"> <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 100 <item key="address3">tech <item key="city">santa Clara <item key="state">ca <item key="country">us <item key="postal_code">90210 <item key="url"> <item key="signer"> <item key="first_name">adler <item key="last_name">adams <item key="phone"> x1812 <item key="fax"> <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 100 <item key="address3">admin <item key="city">santa Clara <item key="state">ca <item key="country">us <item key="postal_code">90210 <item key="url"> 12

13 ... 13

14 Trust Service API commands sw_register (trust_service) Description Action & object action = sw_register object = trust_service Usage Submits a new Trust Service request or renewal order that obeys the Reseller's 'process immediately' flag setting. Trust Service free trials Free 30 day trials are available for the following Trust Service products: GeoTrust True BusinessID with EV Symantec SecureSite, Secure Site Pro, Secure Site with EV, and Secure Site Pro with EV TRUSTe Hosted Privacy Policy (HPP) and Privacy Policy with Seal (TPS) The free trial lasts for 30 days, and can be cancelled at any time during that 30 day period without incurring a charge by issuing the cancel_free_trial command. After the 30 days, if the order has not been cancelled, the customer is automatically charged for the term that they selected when they placed the order. The expiry date is calculated from the date that the paid term begins, not the date that the free trial began. For GeoTrust and Symantec, once the order has passed the free trial stage and become activated, you cannot order another free trial for the same domain until the one year period has passed. Note:The Symantec certs and the GeoTrust True BusinessID with EV certificate can only be ordered for a one year term when taking advantage of the 30 day free trial offer. 14

15 Request parameters for sw_register (trust_service) Standard parameters action = sw_register object = trust_service registrant_ip = valid IP address of the registrant (optional) attributes Attributes Parameters within the attributes associative array are described below. Parameter name additional_ domains Obligation Required for SAN certificates Definition/Value Some Trust Service products (referred to as SAN certificates) allow you to specify a list of additional domains or other entities (other than the primary domain) that will be secured by a single SSL certificate. This means that, depending on the product, you may be able to specify multiple top-level domains, subdomains, IP addresses, internal server names, and more. The total number that you can protect with a single certificate varies by product. Note: The additional domains are priced as packages, so if the certificate can secure four additional domains, but you specify only two, you will still be charged the full package price. In most cases, you can add more domains to a package for an additional charge. For more information on pricing, see The number of additional domains can be added to each product is as follows: Quick SSL Premium 4 (subdomains only) TrueBusiness ID 4 to 24 TrueBusiness ID EV 4 to 24 Secure Site EV 1 to 24 Secure Site Pro EV 1 to 24 Secure Site Pro 1 to 24 Secure Site 1 to 24 15

16 Parameter name approver_ Obligation Required for domain vetted certificates. Definition/Value SGC Super Certs 1 to 4 SSL WebServer EV 1 to 4 SSL WebServer Certificates 1 to 4 The following products may allow you to enter intranet and local names as well as domain and subdomain names: QuickSSL Premium (subdomains only), Secure Site, Secure Site Pro, SSL Web Server, SGC SuperCerts, True BusinessID. The of one of the individuals who can approve the Trust Service order. The Trust Service provider sends the approver to the address that you specify. base_order_id Optional Create a new order based on the specified previous order. When base_order_id is submitted, reg_type must equal new. All other fields are optional, unless you want to apply new values to those fields. Note: The original order must have the same product_type as the new order. contact_set Required The SSL Certificate contact information. Most products require admin, billing and tech contacts. All organization vetted certificates require an organization contact. For admin, tech, and billing contacts for thawte, Symantec, and all EV certificates, title is required. For SiteLock and TRUSTe certificates, the admin contact address is used when creating a Domain Admin account (if username and password are specified). If you resend the Domain Admin login information (through the Control Panel), this is the address to which the Domain Admin login credentials are sent. For more information, see Contact Set. 16

17 Parameter name csr Obligation Required for all products except SiteLock, TRUSTe, and GeoTrust Web Site Anti- Malware Scan Definition/Value The certificate signing request for the required certificate. The Trust Service provider uses this information to generate the certificate. Important: For Trustwave only, you need to remove the word NEW from the BEGIN and END statements of the CSR before you submit the order. Note: All certificates require 2048 bit CSRs; however, Symantec will accept 1024 bit CSRs for certificates with expiry dates prior to December 31, 2013, except for EV certs, which require 2048, regardless of the term. domain Required for orders for domain vetted certificates and for SiteLock and TRUSTe services; not required when requesting a SiteLock upgrade The domain or hostname for which the Trust Service is ordered. end_user_ auth_info Optional - used only for SiteLock and TRUSTe Specify the username and password that the end user will use to log in to the Domain Admin interface where they can manage their account. The login credentials will be sent to the specified _address. If you resend the Domain Admin login information (through the Control Panel), this is the address to which the Domain Admin login credentials are sent. Please note the following conditions: If you specify username and password and the user already exists, the command will fail. If you specify username but not password, and the user does not already exist, the user credentials cannot be created and the command will fail. If you specify username but not password, and the user already exists, the service will be 17

18 Parameter name Obligation Definition/Value associated with the existing end user profile. If you want to associate the Trust Service product with an existing account, you only need to include the username value. For more information see the End user auth info table below. handle Required Instructions for the processing of the order. save = Pend the order for the RSP's later approval. process = Process the order immediately. inventory_item _id Optional for renewals; may be used for certificates that were migrated from TPP. The certificate product ID number that was used in the TPP system. This value may be used in place of order_id or product_id. Note: Do not include this parameter for new orders. order_id period Required for renewals and for SiteLock upgrades if product_id is not submitted. Optional; if not specified, the default of 1 year is used. The order ID number of the Trust Service product to be renewed or upgraded. This value is not required for certificates that were migrated from TPP if inventory_item_id is submitted. Note: Do not include this parameter for new orders. The number of years of the registration period. Allowed values are 1 4, depending on the Trust Service that is ordered. comodo_ev 1 to 2 comodo_instantssl 1 to 4 comodo_premiumssl 1 to 4 comodo_premiumssl_wildcard 1 to 4 comodo_ssl 1 to 4 comodo_wildcard 1 to 4 malwarescan 1 quickssl 1 to 4 quickssl_premium 1 to 4 18

19 Parameter name product_id Obligation Required for renewals and for SiteLock upgrades if order_id is Definition/Value securesite 1 to 4 securesite_ft 1 securesite_ev 1 to 2 securesite_ev_ft 1 securesite_pro 1 to 4 securesite_pro_ft 1 securesite_pro_ev 1 to 2 securesite_pro_ev_ft 1 sgcsuper_certs 1 to 4 sitelock_basic 1 sitelock_premium 1 sitelock_enterprise 1 ssl123 1 to 4 sslwebserver 1 to 4 sslwebserver_ev 1 to 2 sslwebserver_wildcard 1 to 2 truebizid 1 to 4 truebizid_ev 1 to 2 truebizid_ev_ft 1 truebizid_wildcard 1 to 4 truste_hpp 1 to 3 truste_hpp_ft 1 to 3 truste_tps 1 to 3 truste_tps_ft 1 to 3 trustwave_dv 1 to 3 trustwave_ev 1 to 2 trustwave_premiumssl 1 to 3 trustwave_premiumssl_wildcard 1 to 3 The ID number of the Trust Service product to be renewed or upgraded. This value is not required for certificates that were migrated from TPP if inventory_item_id is 19

20 Parameter name Obligation not submitted. Definition/Value submitted. Note: Do not include this parameter for new orders. product_type Required The product type from the SSL Certificate inventory. Allowed values are: comodo_ev comodo_instantssl comodo_premiumssl comodo_premiumssl_wildcard comodo_ssl comodo_wildcard malwarescan quickssl quickssl_premium securesite securesite_ft (30 day free trial) securesite_pro securesite_pro_ft (30 day free trial) securesite_ev securesite_ev_ft (30 day free trial) securesite_pro_ev securesite_pro_ev_ft (30 day free trial) sgcsuper_certs sitelock_basic sitelock_premium sitelock_enterprise ssl123 sslwebserver sslwebserver_ev sslwebserver_wildcard truebizid truebizid_wildcard truebizid_ev 20

21 Parameter name Obligation Definition/Value truebizid_ev_ft (30 day free trial) truste_hpp (Hosted Privacy Policy) truste_hpp _ft (30 day free trial) truste_tps (TRUSTE Privacy Policy with seal) truste_tps_ft (30 day free trial) trustwave_dv trustwave_ev trustwave_premiumssl trustwave_premiumssl_wildcard reg_type Required The type of registration being requested: new = Submit a new or Trust Service order. renew = Renew a Trust Service offering. upgrade = Upgrade a SiteLock Basic or Premium SSL certificate to a higher level certificate. You do not need to specify the domain or the period. When you upgrade, the product_type changes, you are charged the price for a one year term at the new level, and the new expiry date is one year from the date of the upgrade. Note: This feature is currently available only for SiteLock certificates. search_in_seal Optional Specifies whether to enable the Symantec Seal-in- Search, which displays the Symantec seal next to the link for your web site in online search results. Allowed values are: 0 Do not enable Symantec's Seal-in-Search. 1 Enable Symantec's Seal-in-Search. Important: If you submit this parameter, you must also submit the trust_seal parameter and set the value to 1. server_count Required when product_type = securesite*, The number of servers on which the Trust Service product will be installed. 21

22 Parameter name Obligation ssl123, sgcsuper_ certs, sslwebserver, sslwebserver _ wildcard, sslwebserver _ev Definition/Value server_type Optional The type of server software used to generate the CSR. Allowed values are: Symantec, thawte, and GeoTrust Comodo apache2 apachessl apacheapachessl citrix apacheopenssl domino apacheraven ensim apachessl hsphere apachessleay iis4 c2net iis6 cobaltseries iis7 cobaltraq3 iplanet cobaltraq2 javawebserver cpanel netscape domino ibmhttp dominogo4626 novell dominogo4625 oracle ensim other hsphere plesk iis redhat iis4 sap iis5 tomcat iplanet webstar 22

23 Parameter name Obligation Definition/Value Symantec, thawte, and GeoTrust Comodo ipswitch whmcpanel netscape ibmhttp other plesk tomcat weblogic website webstar webstar4 zeusv3 special_ instructions Optional Note: Trustwave does not support server types. Any special instructions regarding the Trust Service purchase. trust_seal Optional Specifies whether to enable the Symantec Trust Seal on your website. Allowed values are: 0 Do not enable Symantec's Trust Seal. 1 Enable Symantec's Trust Seal. End_user_auth_info Parameters within the end_user_auth_info associative array are described below. Parameter name Obligation Definition/Value _address Optional - used only for SiteLock and TRUSTe to send Domain Admin credentials Specify the address to which you want to send the login credentials (username and password) for Domain Admin. 23

24 Parameter name password username Obligation Optional - used only for SiteLock and TRUSTe to create Domain Admin credentials Optional - used only for SiteLock and TRUSTe to create Domain Admin credentials Definition/Value Note: If you want to associate the Trust Service product with an existing account, only username is required. The password must be at least eight characters. The username must be at least six characters. Response parameters for sw_register (trust_service) Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name domain error_details Obligation Returned for domain vetted certificates Returned if is_success = false Definition/Value The domain with which the Trust Service is associated. Additional information about the reason for the failure. Allowed values are: error_code A numeric code that represents the error. 24

25 Parameter name order_id state Obligation Returned if is_success = true Returned if is_success = true Definition/Value error_detail A description of the error that occurred in a failed transaction. field_name The parameter that caused the error. The ID number of the Trust Service order. The state of the order Allowed values are: approver-confirmed Owner has confirmed the domain vetted certificate. awaiting-approval Order processed successfully; waiting for supplier approval. cancelled Pending order was cancelled. completed Order is complete. declined Order cancelled after it was processed or declined by the supplier. in-progress Order is in progress. pending Order saved as pending. Examples for sw_register Note: Title is required in the 'contact set' associative array, for Symantec, thawte, TrueBusiness ID with EV, and Comodo EV certificates. Example 1 This example is an order for a Symantec SecureSite certificate with seal-insearch and trust seal. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> 25

26 <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='trust_seal'>1 <item key='reg_type'>new <item key='seal_in_search'>1 <item key='contact_set'>... see "Contact Set" <item key='special_instructions'>test ABC <item key='handle'>process <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC4TCCAckCAQAwgZsxKTAnBgNVBAMTIHNlY3VyZXNpdGUudGVzdDEyODU4NzYw MzY2MDgub3JnMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rv cm9udg8xdzanbgnvbaotbm5ld29yzzepma0ga1uecxmguufezxb0msawhgyjkozi hvcnaqkbfhfxywzpdmvadhvjb3dzlmnvbtccasiwdqyjkozihvcnaqebbqadggep ADCCAQoCggEBAJ0FDLurKaddUzayM5FgICBhy8DkOaBuYzCiHSFw6xRUf9CjAHpC /MiUM5TnegMiU02COAPmfeHZAERv21CoB/HPDcshewHJywzs8nwcbGncz37eFhNG FQNIif5ExoGAcLS9+d1EAmR1CupTBCCq86lGBa/RdwgUNlvLF5IgZZeKphd/FKaY B2KZmRBxM51WvV6AYmRKb6IsuUZCfHO2FCelThDE0EF99GbfSapVj7woSIu0/PTJ cex4shurq6py3elfng0bozrtst3af8t3n5xwd0fmatkdrcpcgvx7srz05uqenxbo VWBJQcr5QRZSykxBosGjbqO3QSyGsElIKgkCAwEAAaAAMA0GCSqGSIb3DQEBBAUA A4IBAQCEUGNk45qCJiR4Yuce4relbP22EwK7pyX0+0VZ+F3eUxhpZ6S5WN1Juuru 8w48RchQBjGK1jjUfXJIqn/DgX+yAfMj4aW/ohBmovN2ViuNILvNaj0volwoqyMl NrTmBze69qHMfnMGUUUehMr/Nq4QdQTqxy7EYQkNOqx21gfZcUi6zWCeFTRkasD+ 26

27 SYAKsOUIKdrt/Jq5lWFXxhkJHuyA+q1yr/w6zh18JmFAT4y/0q/odFGyIr9yKhQ9 usw1sq8ct3e3anu4jq7sbryfxn0f+92w8gx7wadorta7+6pcsfprzeoqlr5brki7 GSwIuTTSlKFRyZ53DbEGjp2ELnnl -----END CERTIFICATE REQUEST----- <item key='period'>1 <item key='server_type'>apachessl <item key='server_count'>1 <item key='product_type'>securesite </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> 27

28 <item key='domain'>example.com <item key='order_id'>1860 <item key='state'>awaiting-approval </data_block> </body> </OPS_envelope> Example 2 This example is for a domain vetted certificate, which requires approval. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='approver_ '>[email protected] <item key='reg_type'>new <item key='contact_set'>... see "Contact Set" 28

29 <item key='special_instructions'>test ABC <item key='handle'>process <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC2TCCAcECAQAwgZMxIDAeBgNVBAMTF3NzbDEyMy5xYXJlZ3Jlc3Npb24ub3Jn MQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xDzAN BgNVBAoTBlR1Y293czEQMA4GA1UECxMHUUEgRGVwdDEgMB4GCSqGSIb3DQEJARYR cwfmaxzlqhr1y293cy5jb20wggeima0gcsqgsib3dqebaquaa4ibdwawggekaoib AQDpKz48gJG4ImyJi76kH3AdDZoGNZCC8xgWBUDk4yNXPqe3NxJvZooZIoctP2o8 CX6+xoK8p6jMb9iIz7ZVC9LuoUmoYZZWdoatMUwaz3xIa4Fq7HeLtCE3misKMcZq +QomhLFv2yMSgyzWWitHdW5oVDuT83Xs8FTZG33rI8gut1J9+5fhJV4WKuncfLwM xmrj+5iwm+kwoe86dtargapwyhc2fepcblszvbz87dp1cltjlan4potmes83rho1 tehhmjailnzy2pfroylbzlq38x1n10wbhqjmcodyk6csb40plduqbsmjpkoclwu4 H92c2Hmo3bqRGWM2K5SXkj29AgMBAAGgADANBgkqhkiG9w0BAQQFAAOCAQEAKUh6 WH4WtC/LtlJhj+p5i3sLEG/L//8DQh30eOxwMxrSGGZUGTfLBT4RaeDA5JEIF5pK v4mxvdw1+nexmqw3h/9evwxpggjvc2eolgya3ri3ojlqnoyqszovnunk0epawoo+ v9o2ykdh88e7nqzp8pw5jhe9rv9u3+mnw2sztqpzcxydxw3kki2uiip3eur2/iih nsairl5nfupgazcem/zpm1lc3s+evkysn2wf4bwoknyypo4dmghcb7ggsqyhh5vn UAoDkyqu2ZScDZTyDG7YOdobMqwbsCT5er5Bq+NWOZyUE+3zO/1VQpznJehaGLrQ N7UAJliUAO+SFFGdxQ== -----END CERTIFICATE REQUEST----- <item key='period'>1 <item key='server_type'>apachessl <item key='server_count'>1 <item key='product_type'>ssl123 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> 29

30 <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='is_success'>1 <item key='response_code'>200 <item key='attributes'> <item key='domain'>example.com <item key='order_id'>577 <item key='state'>awaiting-approval </data_block> </body> </OPS_envelope> Example 3 This example shows a request that failed because the required title field was missing from the contact_set. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> 30

31 <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='trust_seal'>1 <item key='reg_type'>new <item key='seal_in_search'>1 <item key='contact_set'> <item key="admin"> <item key="first_name">adler <item key="last_name">adams <item key="phone"> x1812 <item key="fax"> <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 100 <item key="address3">admin <item key="city">santa Clara <item key="state">ca <item key="country">us 31

32 <item key="postal_code">90210 <item key="billing"> <item key="first_name">bill <item key="last_name">burton <item key="phone"> x1248 <item key="fax"> <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 200 <item key="address3">billing <item key="city">santa Clara <item key="state">ca <item key="country">us <item key="postal_code">90210 <item key="tech"> <item key="first_name">tim <item key="last_name">tucker <item key="phone"> x1243 <item key="fax"> <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 100 <item key="address3">tech 32

33 <item key="city">santa Clara <item key="state">ca <item key="country">us <item key="postal_code">90210 <item key="organization"> <item key="first_name">jim <item key="last_name">johnson <item key="phone"> x1224 <item key="fax"> <item <item key="org_name">example Inc. <item key="address1">32 Oak Street <item key="address2">suite 100 <item key="address3">tech <item key="city">santa Clara <item key="state">ca <item key="country">us <item key="postal_code">90210 <item key='special_instructions'>test ABC <item key='handle'>process <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC4TCCAckCAQAwgZsxKTAnBgNVBAMTIHNlY3VyZXNpdGUudGVzdDEyODU4NzYw MzY2MDgub3JnMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rv cm9udg8xdzanbgnvbaotbm5ld29yzzepma0ga1uecxmguufezxb0msawhgyjkozi hvcnaqkbfhfxywzpdmvadhvjb3dzlmnvbtccasiwdqyjkozihvcnaqebbqadggep 33

34 ADCCAQoCggEBAJ0FDLurKaddUzayM5FgICBhy8DkOaBuYzCiHSFw6xRUf9CjAHpC /MiUM5TnegMiU02COAPmfeHZAERv21CoB/HPDcshewHJywzs8nwcbGncz37eFhNG FQNIif5ExoGAcLS9+d1EAmR1CupTBCCq86lGBa/RdwgUNlvLF5IgZZeKphd/FKaY B2KZmRBxM51WvV6AYmRKb6IsuUZCfHO2FCelThDE0EF99GbfSapVj7woSIu0/PTJ cex4shurq6py3elfng0bozrtst3af8t3n5xwd0fmatkdrcpcgvx7srz05uqenxbo VWBJQcr5QRZSykxBosGjbqO3QSyGsElIKgkCAwEAAaAAMA0GCSqGSIb3DQEBBAUA A4IBAQCEUGNk45qCJiR4Yuce4relbP22EwK7pyX0+0VZ+F3eUxhpZ6S5WN1Juuru 8w48RchQBjGK1jjUfXJIqn/DgX+yAfMj4aW/ohBmovN2ViuNILvNaj0volwoqyMl NrTmBze69qHMfnMGUUUehMr/Nq4QdQTqxy7EYQkNOqx21gfZcUi6zWCeFTRkasD+ SYAKsOUIKdrt/Jq5lWFXxhkJHuyA+q1yr/w6zh18JmFAT4y/0q/odFGyIr9yKhQ9 usw1sq8ct3e3anu4jq7sbryfxn0f+92w8gx7wadorta7+6pcsfprzeoqlr5brki7 GSwIuTTSlKFRyZ53DbEGjp2ELnnl -----END CERTIFICATE REQUEST----- <item key='period'>1 <item key='server_type'>apachessl <item key='server_count'>1 <item key='product_type'>securesite </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> 34

35 <item key="protocol">xcp <item key="action">reply <item key="object">trust_service <item key="response_text">supplier validation error <item key="error_details"> <dt_array> <item key="0"> <item key="error_detail">title for admin contact object is missing <item key="field_name">admin-title <item key="error_code">3010 </dt_array> <item key="response_code">3000 <item key="attributes"> <item key="domain">example.com <item key="order_id">12345 <item key="state">pending <item key="is_success">0 </data_block> </body> </OPS_envelope> 35

36 Example 4 This example shows an order for a TRUSTe Privacy Service certificate. Request <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="object">trust_service <item key="action">sw_register <item key="attributes"> <item key="product_type">truste_tps <item key="special_instructions">none <item key="domain">example.com <item key="handle">process <item key="period">1 <item key="reg_type">new <item key="end_user_auth_info"> <item key="username">rsanford <item key="password">mypa55w0rd <item key=" _address">[email protected] 36

37 <item key="contact_set"> <item key="admin"> <item key="country">us <item key="address3">admin <item key="org_name">example Inc. <item key="phone"> x1812 <item key="last_name">adams <item key="address2">suite 100 <item key="state">ca <item <item key="city">santa Clara <item key="postal_code">90210 <item key="fax"> <item key="address1">32 Oak Street <item key="first_name">adler </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> 37

38 <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="action">sw_register:reply <item key="object">trust_service <item key="response_text">command completed successfully. <item key="response_code">200 <item key="is_success">1 <item key="attributes"> <item key="domain">example.com <item key="order_id">6792 <item key="state">awaiting-approval </data_block> </body> </OPS_envelope> Example 5 This example shows a renewal order for a QuickSSL certificate. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> 38

39 <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='reg_type'>renew <item key='handle'>process <item key='product_id'>372 <item key='domain'> <item key='period'>1 <item key='product_type'>quickssl <item key='server_type'>apacheopenssl <item <item key='contact_set'>... see "Contact Set" <item key='csr'> -----BEGIN CERTIFICATE REQUEST----- MIICwTCCAakCAQAwfDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgMB09udGFyaW8xEDAO BgNVBAcMB1Rvcm9udG8xEzARBgNVBAoMClR1Y293cyBJbmMxDjAMBgNVBAsMBVNh bgvzmsqwigydvqqddbt3d3cub3blbnnyc2vtywlsc2vydmljzs5jb20wggeima0g CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa8HMJsATmwVoqE4sKNFrxA9FLb9rP F6E/VgL/zYRjmxJgy7ap7Rh6fXLHHNal/pD/TT0FDe11vcocR/A32Ypbyx9CPvvV 040Ik4k+9XCs7jZm1+vKe9RK/MVQcIVaHCL7apbb0TPNGLRfhav5m/pQ7tBz+uXb fmschwq0cjt10gsonxmc0lfsfr9ictwxetxejtkd3xaghsmdfb252efo9lvwp72u G/ofSyH0QA0fREmMeYvxE3L6+CjnAn91QxT4/Oq9b353GMXOHyEdM7Zn2Ei9aGzt bb7ifpvaeph96a5fvrudi881kmuzncjhiphipatgjxthn/cv2nwlsfrzagmbaagg 39

40 ADANBgkqhkiG9w0BAQUFAAOCAQEAajJJ5SGFyTO/tnqcAEpcBs+e3Q61zokmRXPb Zo/LbuseQYXBcgLvEMQwTlzZBbP4JHHOfKXq2iHyMyaj/OX2MilCspjY+Ds6MJsb kf9td/r885os3kp+/umboz1q97qx16okoiuz+kzeh90k141pi2tlbaqlwt9chttm IHVg0319JCKbjieq4AqdaHzQO7NLJYXBzU/uAYe0kggGRV4OtYuFLuKZb46SuFAW pzy42a72pj2a/izf/azgrrd1ju98dkgy1rnzk2zxurg3v7g6j2czlbglekg18lsy qd9+gezyotke4ftnk8ygq8e2jsw2be3sg4oq5ghqhz5vunzejw== -----END CERTIFICATE REQUEST----- <item key='special_instructions'> </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="action">sw_register:reply <item key="object">trust_service <item key="response_text">command completed successfully. <item key="response_code">200 <item key="is_success">1 <item key="attributes"> 40

41 <item key="domain">example.com <item key="order_id">8321 <item key="state">awaiting-approval </data_block> </body> </OPS_envelope> Example 6 This example shows a request to upgrade a SiteLock Basic SSL certificate to SiteLock Premium. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='reg_type'>upgrade <item key='product_type'>sitelock_premium 41

42 <item key='period'>1 <item key='product_id'>47811 <item key='handle'>process <item key='special_instructions'>none <item key='contact_set'>...see "Contact Set" </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="action">reply <item key="object">trust_service <item key="response_text">command completed successfully. <item key="response_code">200 <item key="is_success">1 <item key="attributes"> 42

43 <item key="domain">example.com <item key="order_id">5597 <item key="state">awaiting-approval </data_block> </body> </OPS_envelope> Example 7 This example shows an order for a GeoTrust Web Site Anti-Malware Scan certificate. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='domain'>example.com <item key='product_type'>malwarescan <item key='reg_type'>new 43

44 <item key='period'>1 <item key='handle'>process <item key='contact_set'>... see "Contact Set" </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="action">reply <item key="object">trust_service <item key="response_text">command completed successfully. <item key="response_code">200 <item key="is_success">1 <item key="attributes"> <item key="domain">example.com <item key="order_id">

45 <item key="state">awaiting-approval </data_block> </body> </OPS_envelope> Example 8 This example shows an order for a 30 day free trial of a Symantec SecureSite certificate. Request <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="action">sw_register <item key="object">trust_service <item key="attributes"> <item key="special_instructions">none <item key="csr"> -----BEGIN CERTIFICATE REQUEST----- MIIC1zCCAb8CAQAwgZExHjAcBgNVBAMTFTEzMjA3MDU2NzN0ZXN0aW5nLmNvbTEL MAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8x 45

46 DzANBgNVBAoTBlR1Y293czELMAkGA1UECxMCUUExIDAeBgkqhkiG9w0BCQEWEXFh Zml2ZUB0dWNvd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA vfz5bs7x70afyqvk05rse5dsxb8e0atvkj8yixqpulcmxcnsos/hf9ckwkyyd2ip g8o511gzw3va+twdp+een1hcyw1urnnq/yepq0j0h4a0kpxh5mb01wxgvwd5zorm 1QM0gqIW8KTPgUCfi0P+CQkw5TZ2yqJWjcyNwakv/seg2opqUra06jkcdCDliGkW RJfGgJPM1B2fonduruveWDvIiga3+sbfAoBKajX71NgHZtQXZgHZLU2obPU1lvms ZUZGavARcUVt043sJvgZG9xMX8hf0LoT4BLrJ1TK7JWf5Be5ZAkq0Y42Lf1V198/ JKNeMJHPeTvpxkrT0W/R4wIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAIqzgz3z 5JzscIq6XszzrJw79ampGPSz7JE35pjoPAjk7vsjbxnRTAVfLHeSMyjXTFBZB60h lyfo0ft4kq8fj7ektcomr2mvhx1utaorqj9y9rjmtjfhmdfhrna4hliqqdree5tj U4ngidNTTc91qaRrPhAC471BAn7/Ob+ltleIiUuk/ySkh29lR5qQqSTX0FXjsVrN G9gIHn4KAra3W+SgWGJHpVQrCWqqyPDQ7/dj6x1pEli8izkZv33Xw6386nFhSkB0 EH2LCtmzTJNgUicXzbRu4/UXgMJgaFU77fCzCtOBwMTz+ALWIo0NTPwNp5JE/dw0 /GOjMZgid2nuuMY= -----END CERTIFICATE REQUEST----- <item key="reg_type">new <item key="period">1 <item key="product_type">securesite_ft <item key="server_type">apachessl <item key='contact_set'>... see "Contact Set" <item key="handle">process <item key="server_count">1 <item </data_block> </body> </OPS_envelope> 46

47 Response <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="action">reply <item key="object">trust_service <item key="response_text">command completed successfully. <item key="response_code">200 <item key="is_success">1 <item key="attributes"> <item key="domain">example.com <item key="order_id">7737 <item key="state">awaiting-approval </data_block> </body> </OPS_envelope> 47

48 Example 9 This example shows a new order for a QuickSSL certificate based on an existing order. Request <?xml version='1.0' encoding='utf-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='reg_type'>new <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC2zCCAcMCAQAwgZUxIzAhBgNVBAMTGnJlbmV3dGVzdC5xYXJlZ3Jlc3Npb24u b3jnmqswcqydvqqgewjdqtelmakga1uecbmct04xedaobgnvbactb1rvcm9udg8x DzANBgNVBAoTBm5ld29yZzEPMA0GA1UECxMGUUFEZXB0MSAwHgYJKoZIhvcNAQkB FhFxYWZpdmVAdHVjb3dzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggebakeumvmjtbzlim7abu3vpyjtsjqpfo45fzzgcrrcumzsnyv8l/9prelafvgk efmi27ugubexo3eoklmxd1yzwjickfebg3dsmr8hgbrhrzhkazqos0umgs4xiypl 5Rs/WzRRCdhnV7yqSYmC4SLui/8WTEaYsWy5xgbwI7q4ojZurJ65kjeL3e2q7ftr R/YLvP9Fx6mMTECBFbQxlrlXUQCn/goCfI98zFDQJ/cuPuYuU6Ret4IFU4T8Jn87 jida17hqgo/d2reufpe1xuk8lgycckt0nemg1unlihbwwt+nzo7lfym16bdefvkg DOVsasYYFRKQDH7dGTUeZ2hhd5MCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQCY +zscnq+vteockdg+8eaa4hkuhotbut2tsfxtqflmihka0wb5ivkjgvb3menwwwai 3+XpYEBlsaI2NYpLjgRGvoQMUiAXC3JeoxxXXfcdmEpLevD0VZfGtm04RRlFPwEx jzesqmjbgrousjnc3pojucb9y6vferwtatcmdbdmknumrkb1g1g6ua01yqr1vsx0 fjk8bhwxwbcoxcq8lnlqwb9wqecxj+vgufdb0u97+xhkzxhxpij12frnypryjfec ha6odlhvjv2k2p19zjgthgrfw5z7f/mev59a5lx6n4to1wp4fzfw4pojr79umr/k L/tZauY8EjcOfSHZ76vn -----END CERTIFICATE REQUEST----- <item key='base_order_id'>8245 <item key='handle'>process 48

49 <item key='product_type'>quickssl <item key='contact_set'> <item key='admin'> <item key='first_name'>adler <item key='last_name'>adams <item key='title'>admin <item key='org_name'>example Inc. <item key='address1'>32 Oak Street <item key='address2'>suite 100 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='country'>us <item key='postal_code'>90210 <item key='fax'> <item key='phone'> x1812 <item </data_block> </body> </OPS_envelope> 49

50 Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='domain'>example.com <item key='order_id'>8279 <item key='state'>awaiting-approval </data_block> </body> </OPS_envelope> 50

51 Example 10 This example shows a renewal order for a QuickSSL certificate that was submitted by using the order ID. Request <?xml version='1.0' encoding='utf-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='reg_type'>renew <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC2zCCAcMCAQAwgZUxIzAhBgNVBAMTGnJlbmV3dGVzdC5xYXJlZ3Jlc3Npb24u b3jnmqswcqydvqqgewjdqtelmakga1uecbmct04xedaobgnvbactb1rvcm9udg8x DzANBgNVBAoTBm5ld29yZzEPMA0GA1UECxMGUUFEZXB0MSAwHgYJKoZIhvcNAQkB FhFxYWZpdmVAdHVjb3dzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggebakeumvmjtbzlim7abu3vpyjtsjqpfo45fzzgcrrcumzsnyv8l/9prelafvgk efmi27ugubexo3eoklmxd1yzwjickfebg3dsmr8hgbrhrzhkazqos0umgs4xiypl 5Rs/WzRRCdhnV7yqSYmC4SLui/8WTEaYsWy5xgbwI7q4ojZurJ65kjeL3e2q7ftr R/YLvP9Fx6mMTECBFbQxlrlXUQCn/goCfI98zFDQJ/cuPuYuU6Ret4IFU4T8Jn87 jida17hqgo/d2reufpe1xuk8lgycckt0nemg1unlihbwwt+nzo7lfym16bdefvkg DOVsasYYFRKQDH7dGTUeZ2hhd5MCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQCY +zscnq+vteockdg+8eaa4hkuhotbut2tsfxtqflmihka0wb5ivkjgvb3menwwwai 3+XpYEBlsaI2NYpLjgRGvoQMUiAXC3JeoxxXXfcdmEpLevD0VZfGtm04RRlFPwEx jzesqmjbgrousjnc3pojucb9y6vferwtatcmdbdmknumrkb1g1g6ua01yqr1vsx0 fjk8bhwxwbcoxcq8lnlqwb9wqecxj+vgufdb0u97+xhkzxhxpij12frnypryjfec ha6odlhvjv2k2p19zjgthgrfw5z7f/mev59a5lx6n4to1wp4fzfw4pojr79umr/k L/tZauY8EjcOfSHZ76vn -----END CERTIFICATE REQUEST----- <item key='handle'>process <item key='product_type'>quickssl 51

52 <item key='order_id'>8274 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='domain'>example.com <item key='order_id'>8278 <item key='state'>awaiting-approval <item key='is_success'>1 52

53 </data_block> </body> </OPS_envelope> Example 11 This example shows a renewal order for a QuickSSL certificate that was submitted by using the product ID. Request <?xml version='1.0' encoding='utf-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='inventory_item_id'> <item key='reg_type'>renew <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC1zCCAb8CAQAwgZExHzAdBgNVBAMTFnJhcGlkLnFhcmVncmVzc2lvbi5vcmcxCzAJBgNVBA YTAkNBMQswCQYDVQQIEwJPTjEQMA4GA1UEBxMHVG9yb250bzEPMA0G A1UEChMGbmV3b3JnMQ8wDQYDVQQLEwZRQURlcHQxIDAeBgkqhkiG9w0BCQEWEXFhZml2ZUB0dW Nvd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 3FI2z0xXFk5/0iy3Sw6JiXuN1LJmL61NdvuXH+6WLdWDxsheSzmGLtnELmKuKZAVgby1+13Kuv uxotutm/efrnwagrn2copr7wdkogrflyq14jx8cadjciviyisdl+sc ix9hefylt/kmcb/i7owulroyvoz6ahfnthvzxl7yk9su3unfn9zl/bj7gjmxmn8lbh9ajvmevm 8Qa9vLUT4AQR+p7TrdcTeXyBJSt4q1rqKXhq4Q4ChG6rielRu3VN2g x60ccwol/b04w/pswcbmguvzfzwmgifp0a7h+sxsaoftycwkbfobaltksqwkw4dcm4kpzlq20w +IfPXvvrJSUwIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAGTZD3sk qlonk2tx+ciiubvbxrvnzum5psc7lqlfdqkms0zcvqm1ne8yz+lkbjfzywic2njrt8h7agis/s dekkk9vi1vu9cowp+qogtulxa/97rbudrldouiwywj2mir2t9asf0k vxsrdio3urjnrygkf1z2i5sen5hjbiavasae/c7yo9etstsfp2p/sit2d6a3forawppyw0rn01 53

54 YslYBgzV+RsTRPdewpIPe85RnCET76R+/cGMsvoe3ayl/lzZS5irkL ilrltndfa5nhlxtgjuyvrotfyqvuro+2nznzykxzsjun/d+cza6oamgf/q13mk60d8dsqh1ya/ 8rX0g= -----END CERTIFICATE REQUEST----- <item key='handle'>process <item key='product_type'>quickssl <item key='contact_set'> <item key='admin'> <item key='first_name'>adler <item key='last_name'>adams <item key='title'>administrator <item key='org_name'>example Co. <item key='address1'>32 Oak Street <item key='address2'>suite 100 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='country'>us <item key='postal_code'>90210 <item key='fax'> <item key='phone'> x1812 <item </data_block> </body> </OPS_envelope> 54

55 Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='domain'>certtest.example.org <item key='order_id'>8310 <item key='state'>awaiting-approval </data_block> </body> </OPS_envelope> 55

56 Example 12 This example shows a registration for an SSL WebServer with EV SAN certificate. Request <?xml version='1.0' encoding='utf-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>sw_register <item key='object'>trust_service <item key='attributes'> <item key='reg_type'>new <item key='additional_domains'> <dt_array> <item key='0'>additional1.example.org <item key='1'>example.net <item key='2'>example2.org </dt_array> <item key='contact_set'>... see "Contact Set" <item key='special_instructions'>test ABC <item key='handle'>process 56

57 <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC2jCCAcICAQAwgZQxIjAgBgNVBAMTGXNzbHdlYmV2MTM0NzQ3NjI5Mzg1My5v cmcxczajbgnvbaytaknbmqswcqydvqqiewjptjeqma4ga1uebxmhvg9yb250bzep MA0GA1UEChMGbmV3b3JnMQ8wDQYDVQQLEwZRQURlcHQxIDAeBgkqhkiG9w0BCQEW EXFhZml2ZUB0dWNvd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEApc+zO2kbORX06H6jLjmoesh/VQOVcZpGUNy5ZbGILDj/wWiPxurylaYh1aAo aeq2f/uazb+2ytgebmqotntevz02vlueiypzkr2tr9lgijftuvsqgsymwofadw7r w8u9sm6bkomqcwkvgytwbfdugjqgjmy4mofcau0ykolgc1yzydfsptqkfwqh9rl3 ZLWLQv3kmF0cDPHSyFxEjilCeqkZ5gF8tkhpcPEKDw1y7f3a3Bjw7sDyrMmD7bBI H9JYqi6sEGbMFutKUvjWdcgQvQ42qOOO+w+HkAJ6bQxMIHr5cnj3vJ+peIfTjAQl +T+WcRcv15Utw72emN7YNTmtkwIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAJVl wme99uo/z8ldoajskkpww2etwmbp9sxzw7edclkd2sxorpkyjj60ddwodvjhzgr4 9u4dnz6HqfpFi4ldvX9Uz9zUYUSkKPNN2Q5gelLwbG5MjBNG+lxsfuAtvak9yxxt g24agyflblaoloqcklvculcqidz6woh4dloacgeep3thh5ig+pn0lyxb3u3achxn NIpYjwMNogyXNcEefHAjTZQIm+fcHKfEbvSTrlzXMY6/MSK0nsWCHN4CD2bmwXeq J5JmIEZ+Q0mZGefhNUvn3bxiNYlpVU5KiFFX1L42Ed0I16cmQt8k7yC+WtghCT0d KNDYOT15336r+A1KCfc= -----END CERTIFICATE REQUEST----- <item key='period'>1 <item key='server_type'>apachessl <item key='server_count'>1 <item key='product_type'>sslwebserver_ev </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> 57

58 <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='is_success'>1 <item key='response_code'>200 <item key='attributes'> <item key='domain'>example.org <item key='order_id'>8506 <item key='state'>awaiting-approval </data_block> </body> </OPS_envelope> 58

59 cancel_free_trial Description Action & object action = cancel_free_trial object = trust_service Usage Cancel a Trust Service 30 day free trial order. Free trials are available for the following Trust Service products: GeoTrust True BusinessID with EV Symantec SecureSite, Secure Site Pro, Secure Site with EV, and Secure Site Pro with EV TRUSTe Hosted Privacy Policy (HPP) and Privacy Policy with Seal (TPS) You can cancel the free trial at any time during the 30 day free trial period without incurring a charge. If the product is not cancelled by the end of the 30 day period, the product is immediately activated, and the customer is charged for the term that they selected when they placed the order. The expiry date is calculated from the date that the paid term begins, not the date that the free trial began. For TRUSTe, the cancellation is processed immediately, but when GeoTrust and Symantec require customer approval. The supplier sends the customer an asking them to approve the cancellation. Once the cancellation is approved, the status of the order changes to Revoked/Declined. Note: When you cancel a free trial, you will not be able to order another Trust Service order for that domain until the full 30 days of the free trial period have passed. For TRUSTe, a call needs to be made to the supplier to get the domain unlocked. 59

60 Request parameters for cancel_free_trial Standard parameters Action & object action = cancel_order object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Note: You must specify at least one of these parameters. Parameter name Obligation Definition/Value order_id Optional The Trust Service order ID number. product_id Optional The Trust Service product ID number. Response parameters for cancel_free_trial Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value domain Returned for domain vetted certs if is_success = true The domain with which the Trust Service order is associated.. 60

61 Parameter name Obligation Definition/Value product_id state Returned if is_success = true Returned if is_success = true The Trust Service product ID number. The state of the order. Allowed values are: approver-confirmed Owner has confirmed the domain vetted certificate. awaiting-approval Order processed successfully; waiting for supplier approval. cancelled Pending order was cancelled. completed Order is complete. declined Order cancelled after it was processed or declined by the supplier. in-progress Order is in progress. pending Order saved as pending. Examples for cancel_free_trial Request <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp 61

62 <item key="action">cancel_free_trial <item key="object">trust_service <item key="attributes"> <item key="order_id">7712 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding="utf-8" standalone="no"?> <!DOCTYPE OPS_envelope SYSTEM "ops.dtd"> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="action"> REPLY <item key="object">trust_service <item key="response_text">command completed successfully. <item key="response_code">200 <item key="attributes"> <item key="domain"> testing.com <item key="product_id">1848 <item key="state">revoked 62

63 <item key="is_success">1 </data_block> </body> </OPS_envelope> 63

64 cancel_order Description Action & object action = cancel_order object = trust_service Usage Cancel a Trust Service order. Request parameters for cancel_order Standard parameters Action & object action = cancel_order object = trust_service Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value order_id Required The ID of the order. Response parameters for cancel_order Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request 64

65 Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value domain order_id state Returned for domain vetted certs if is_success = true Returned if is_success = true Returned if is_success = true The domain with which the Trust Service order is associated. The ID of the order. The state of the order. Allowed values are: approver-confirmed Owner has confirmed the domain vetted certificate. awaiting-approval Order processed successfully; waiting for supplier approval. cancelled Pending order was cancelled. completed Order is complete. declined Order cancelled after it was processed or declined by the supplier. in-progress Order is in progress. pending Order saved as pending. Examples for cancel_order Request <?xml version='1.0' encoding='utf-8'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> 65

66 <item key='protocol'>xcp <item key='action'>cancel_order <item key='object'>trust_service <item key='attributes'> <item key='order_id'>578 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='is_success'>1 <item key='response_code'>200 <item key='attributes'> <item key='domain'>example.org 66

67 <item key='order_id'>578 <item key='state'>declined </data_block> </body> </OPS_envelope> 67

68 create_token Description Action & object action = create_token object = trust_service Usage Creates a SiteLock or TRUSTe account so that users can log in and manage the Trust Service product. To use this command, the order cannot be in the pending state. Important: The resulting URL is valid for only a limited period of time that may be as short as five minutes. Request parameters for create_token Standard parameters action = create_token object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Note: You must enter at least one of these parameters. Parameter name Obligation Definition/Value order_id Optional The Trust Service order ID number. product_id Optional The Trust Service product ID number. 68

69 Response parameters for create_token Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name login_url Obligation Returned if is_success = true Definition/Value The The URL where the user can log in to manage the SiteLock or TRUSTe product. Examples for create_token Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp 69

70 <item key='action'>create_token <item key='object'>trust_service <item key='attributes'> <item key='order_id'>50094 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='login_url'> token=ccc038d24c91a7a67d0a12f46f29a260 70

71 </data_block> </body> </OPS_envelope> 71

72 get_cert Description Action & object action = get_cert object = trust_service Usage Returns the certificate for the specified Trust Service product as well as associated product information. Note: This command can only be used for orders whose status is Completed. Request parameters for get_cert Standard parameters action = get_cert object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name order_id product_id Obligation Required if product_id is not submitted Required if order_id is not submitted Definition/Value The Trust Service order ID number. The Trust Service ID number. return_ca_certs Optional If this parameter is included and set to 1, the response will include root CA and intermediate certificates. 72

73 Parameter name Obligation Definition/Value return_pkcs7_cert Optional If this parameter is included and set to 1, the response will include the PKCS#7 format certificate. Response parameters for get_cert Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes If the request is successful, the attributes associative array may include the following: Parameter name Obligation Definition/Value cert_data contact_ domain expiry_date Returned if is_success = true Returned if is_success = true Returned if is_success = true Returned if is_success = true The Trust Service Certificate. For more information, see the cert_data table below. The contact address that was submitted with the Trust Service order; may be the admin address or the organization address, depending on the product type. Note: The contact_ value can be updated by using the update_product command. The domain with which the Trust Service is associated. The date on which the Trust Service certificate expires. 73

74 Parameter name Obligation Definition/Value issue_date product_id product_type Returned if is_success = true Returned if is_success = true Returned if is_success = true The date on which the Trust Service certificate was issued. The ID number for the Trust Service. The Trust Service product type. Allowed values are: comodo_ev comodo_instantssl comodo_premiumssl comodo_premiumssl_wildcard comodo_ssl comodo_wildcard malwarescan quickssl quickssl_premium securesite securesite_pro securesite_ev securesite_pro_ev sgcsuper_certs sitelock_basic sitelock_premium sitelock_enterprise ssl123 sslwebserver sslwebserver_wildcard sslwebserver_ev truebizid truebizid_ev truebizid_wildcard truste_hpp (Hosted Privacy Policy) truste_tps (TRUSTE Privacy Policy 74

75 Parameter name Obligation Definition/Value with seal) trustwave_dv trustwave_ev trustwave_premiumssl trustwave_premiumssl_wildcard start_date state Returned if is_success = true Returned if is_success = true The effective date for the Trust Service. The state of the product. Allowed values are: expired active renewing renewed revoked cert_data Parameters within the cert_data associative array are described below. Parameter name ca_certificates certificate Obligation Returned if return_ca_certs = 1 Returned if is_success = true Definition/Value An array that includes the ROOT or Intermediate CA certificates chain, in order. Note: Trustwave does not return CA certificates; however, the intermediate bundle can be downloaded by visiting the Trustwave Support page. The Trust Service certificate that was issued. pkcs7 Returned if return_pkcs7_cert = 1 The PKCS#7 format certificate that was issued. 75

76 Examples for get_cert Example 1 Uses the order ID to retrieve the properties for a Trust Service product. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>get_cert <item key='object'>trust_service <item key='attributes'> <item key='return_pkcs7_cert'>1 <item key='return_ca_certs'>1 <item key='order_id'>7360 </data_block> </body> </OPS_envelope> 76

77 Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='is_success'>1 <item key='attributes'> <item key='cert_data'> <item key='pkcs7'>miiyfayjkozihvcnaqccoiiybtccgaecaqexadalbgkqhkig9w0bbwggghfpmi IF SzCCBDOgAwIBAgIQKBqJ8LG7xMORrbudRYUgPjANBgkqhkiG9w0BAQUFADByMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQH EwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEYMBYGA1UEAxMP RXNzZW50aWFsU1NMIENBMB4XDTExMTAwNTAwMDAwMFoXDTEyMTAwNTIzNTk1OVow gyuxitafbgnvbastgervbwfpbibdb250cm9sifzhbglkyxrlzdeembwga1uecxmv SG9zdGVkIGJ5IFR1Y293cyBJbmMuMR4wHAYDVQQLExVFc3NlbnRpYWxTU0wgV2ls ZGNhcmQxIDAeBgNVBAMUFyoucmVnNC5xYXJlZ3Jlc3Npb24ub3JnMIIBIjANBgkq hkig9w0baqefaaocaq8amiibcgkcaqeaukplcl1vnnl9kgrhdrz XQ2yo3FqnFbG 77

78 IBZkjg2dJ8X3M/hM Lat5u /A1rkHP3kNvchwjf2kOmh29Hul6JLkfFlv6ZfYNsT va/28p4rmz38cbitomaewsxxru5zdzmoloqy3mg1sifhxt7lma0tggscil8ru9nf /jbanshjx/mdvrdkoro1lgyplwg0 Esho5ODbIOlgEY18qgEDg8f0ir3jlOdsUzH 1A/qyl332eowlzztSmaJkbkjOJhMl9WaGfp0LeybNk7nGiSyIMWsHotlrQdiaftE Rg6SkS9eDFljYGXEnoexa5BbQGO0mpAGO5WbeB0KNWUyRAHYPdaZ1wIDAQABo4IB xzccacmwhwydvr0jbbgwfoau2svqrvsixcz//czuzknlvcy49pgwhqydvr0obbye FLLQDNSlCLlxPNKvHiVYCm/SBridMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E AjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJ YIZIAYb4QgQBMEUGA1UdIAQ MDwwOgYLKwYBBAGyMQECAgcwKzApBggrBgEFBQcC ARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwOwYDVR0fBDQwMjAwoC6g LIYqaHR0cDovL2NybC5jb21vZG9jYS5jb20vRXNzZW50aWFsU1NMQ0EuY3JsMG4G CCsGAQUFBwEBBGIwYDA4BggrBgEFBQcwAoYsaHR0cDovL2NydC5jb21vZG9jYS5j b20vrxnzzw50awfsu1nmq0ffmi5jcnqwjayikwybbquhmaggggh0dha6ly9vy3nw LmNvbW9kb2NhLmNvbTA5BgNVHREEMjAwghcqLnJlZzQucWFyZWdyZXNzaW9uLm9y Z4IVcmVnNC5xYXJlZ3Jlc3Npb24ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBo8rwM rpd2isi45vl69urpeuwmteueugn1v5zw26gxue7nmluowwafkkjfnorxyslbyk7e z61oujx9aynwrycja/0jdmev9phjhsn/mkljxlnkgfmoxx75dsisbpijy5f Q0t5 xzbkvxbv3zgw5ohriy76h0gyrsrtnvr2bk3j apqufqkdlplq2dxhtjjul5xrkvj 4mnUESS8Suhb8nEebc367kyXlVr453dHuQKfOUHtTmNOh5hin9yYOt0c1Dcyqsm ue7tkhwniaryq4qsukxckityiau4q 2BjO0gULy9C/3Nu8guFtLof DEO9t2g0sP CFcn9QtLIdF oemnmiifazcca ugawibagiqgllluqme8aapwflzjkyqsjanbgkq hkig9w0baqufadcbgtelmakga1uebhmcr0ixgzazbgnvbagtekdyzwf0zxigtwfu Y2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExp bwl0zwqxjzalbgnvbamthknptu9etybdzxj0awzpy2f0aw9uief1dghvcml0etae Fw0wNjEyMDEwMDAwMDBaFw0xOTEyMzEyMzU5NTlaMHIxCzAJBgNVBAYTAkdCMRsw GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMRgwFgYDVQQDEw9Fc3NlbnRpYWxTU0wg Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt8AiwcsargxIxF3CJ hakgetsyau2a1nhf5i5zldowiy120j8yc0yzywvhipplc92agvfaol0dds23izp0 XmEbdaqb1IX04XiR0y3hr/yYLgbSeT1awB8hLRyuIVPGOqchfr7tZ291HRqfalsG s2rjsquqag7nbwzdypwmn84hhzwqfdvaglyoibsyd8gsif/f03/o4tjg27z5h6gq 78

79 1huQByH6RSRQXScqoChBRVt9vKCiL6qbfltTxfEFFld Edc7tNkBdtzffRDPUanl OPJ7FAB1WfnwWdsXPvev5gItpHnBXaIcw5rIp6gLSApqLn8tl2X2xQScRMiZln5 pn0vagmbaagjgggdmiibfzafbgnvhsmegdawgbqlwowlxkwvn6raqtcpib5hnlpw /zadbgnvhq4efgqu2svqrvsixcz//czuzknlvcy49pgwdgydvr0paqh/baqdageg MBIGA1UdEwEB/wQIMAYBAf8CAQAwIAYDVR0lBBkwFwYKKwYBBAGCNwoDAwYJYIZI AYb4QgQBMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczov L3NlY3VyZS5jb21vZG8uY29tL0NQUzBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8v Y3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy bdbsbggrbgefbqcbaqrgmf4wngyikwybbquhmakgkmh0dha6ly9jcnquy29tb2rv Y2EuY29tL0NvbW9kb1VUTlNHQ0NBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29j c3auy29tb2rvy2euy29tma0gcsqgsib3dqebbquaa4ibaqatlzr6qdlqcjcvgttl erj3rvuq1xqo2l/zoduetzbln3qo6u6bldudu Ennv1F7Q5Slqz0J790qpL0pcRD AB8OtXj5isWMcL2aejGjKdBZa0wztSz4iw SY1dWrCRnilsvKcKxudokxeRiDn55 w/65g ono7wdq7vuf6r7yjiiatnyfkh2cbozt7g440lx8nqxwcpf3dfxp 0Jj1ag q8mly6ssgigsh6lv Wwz3D5XxqfyH8wqfOQsTEZf6/Nh9yvENZ NWPU6g0QO2JOs TGvMd/QDzczc4BxLXSXaPV7Od4rhPsbXlM1wSTz/Dr0ISKvlUhQVnQ6cGodWaK2c CQBkMIIEqzCCA5OgAwIBAgIQLnmDLpCIh qljvmabuz6rdanbgkqhkig9w0baquf ADCBkzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExh a2ugq2l0eteembwga1uechmvvghlifvtrvjuulvtvcbozxr3b3jrmsewhwydvqql ExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFD b3jwifnhqzaefw0wnjeymdewmdawmdbafw0ymda1mzaxmdq4mzhamigbmqswcqyd VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09N T0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH 7uIzg3jLz8GlvCi KVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGz UvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH 1GImGEaaP vb fgqv useg2l 23IwambV4EajcNxo2f8ESIl33rXp 2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovG ufvdioejpqxsjdlqr6sa1kgzqsx DT nhbrtucelpnqsoo9vucqfzuatne8tja3g 1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVIrLsm9wIDAQABo4IBCTCCAQUwHwYDVR0j BBgwFoAUUzLRs89/ udxof2ftplsnkudte8whqydvr0obbyefaty5yvgtbu3pecp 79

80 MKkhvkc2Wlb/MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MCAGA1Ud JQQZMBcGCisGAQQBgjcKAwMGCWCGSAGG EIEATARBgNVHSAECjAIMAYGBFUdIAAw bqydvr0fbgywzdaxoc glyyrahr0cdovl2nybc5jb21vzg9jys5jb20vvvrolurb VEFDb3JwU0dDLmNybDAvoC2gK4YpaHR0cDovL2NybC5jb21vZG8ubmV0L1VUTi1E QVRBQ29ycFNHQy5jcmwwDQYJKoZIhvcNAQEFBQADggEBANheksSuFNxDrcKkw2dF Bx35N6IZxxw3NZETHAfEfUKmDvCGXENrDkTPviRhOkKpzp1Mr3k5cN0OBCBOlZw8 3rdgumNDQO1qD4FJRrsek8BL8/jhNkkbb7YMDfKQV4r8bZPyKMf6hgoosxcOWYou tr/n4axmzmzyvzfwtzk/ser9teg6ti/bspzaujootswsmn5cnhi8o03guhczzsuo 92uhuyXAALv17BZlgQ771KMhlneaqHS8U6rCOVD/CwIJYcyVt9eIavZcxWjTFJUa R1/Z y3kl48thqsxe0atrg7ttrawixtqqc7ujmrrflw5fj3u m SbR6ivfsCSsVw vvewggsmmiidjqadagecahbg6vcwbuzf4/pl6m6fqszkma0gcsqgsib3dqebbqua MG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMd QWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0 IEV4dGVybmFsIENBIFJvb3QwHhcNMDUwNjA3MDgwOTEwWhcNMjAwNTMwMTA0ODM4 WjCBkzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExh a2ugq2l0eteembwga1uechmvvghlifvtrvjuulvtvcbozxr3b3jrmsewhwydvqql ExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFD b3jwifnhqzccasiwdqyjkozihvcnaqebbqadggepadccaqocggeban/uwbcik25v xi6/lkyj5 AIDy4rehOUG732toCOZQWTAB68r IPjhkNEkfsrK2j i5w N5u 1ZC FZ4uXO8j3iG5BXYnGQ9P1sOctL6UGWPyphEK61NInL7yKTsW6BqgTKbJ9BhZaMBw 8lMAwF5QgqVWbzb5SuBEhqBNTtZHbklKy2fXpsQFuY4e9Pz/zec24JwFbLIzIhXQ todmf8cywpt Mj8pKpV72PKnTg9UfKENgLMJA8H/XN1emj68rrxHimquccofsSq4 X0IFC xgmnfyc8rpvm317994vmg6sqwubey8qkxpfze97 u0jl81 NTD0SgOXDqf cbgzihfeoq8caweaaaocarcwggetmb8ga1udiwqymbaafk29mho0tcb3 sqmvo8d veaky1qamb0ga1uddgqwbbrtmtgzz3/64pggxyvoktkerr20tzaobgnvhq8baf8e BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAgBgNVHSUEGTAXBgorBgEEAYI3CgMDBglg hkgbhvhcbaeweqydvr0gbaowcdagbgrvhsaamhsga1udhwr0mhiwoka2odsgmmh0 dha6ly9jcmwuy29tb2rvy2euy29tl0fkzfrydxn0rxh0zxjuywxdqvjvb3quy3js MDagNKAyhjBodHRwOi8vY3JsLmNvbW9kby5uZXQvQWRkVHJ1c3RFeHRlcm5hbENB Um9vdC5jcmwwDQYJKoZIhvcNAQEFBQADggEBAGOGkhCxE/o3vo4qthuKQ/Vcrg4U 3/dpQH /GnEACdi/1CRKv CT/wHYC8YP7H5HnLBd93wUnfzAM5KEW9KD9FLiIlh0 80

81 /EMbP6ejWNoD/bzwOuTtzBK7ybmuewSgBHK/6d4t0qdRZgBz0r1 qp5tln1pshg jq1wuh731bd/owjlgoywv8op92d2wo00h/xpq Xbvxyq9obN5t8RP40H922DE8A4 idlgox4w4eoipqs7y28s6ypolo6waaweyefptg6dckz2etjix0hpb5qpdls8ym9x Tbl1cZYNigYL693Q8Dx9xi6YRmo4xwK1yLiyZXXe2pAItne4UwAly0fKc18wggQ2 MIIDHqADAgECAgEBMA0GCSqGSIb3DQEBBQUAMG8xCzAJBgNVBAYTAlNFMRQwEgYD VQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQ IE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcN MDAwNTMwMTA0ODM4WhcNMjAwNTMwMTA0ODM4WjBvMQswCQYDVQQGEwJTRTEUMBIG A1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/caM byaaqtoebow 0fvGwP zbx6i7bo3psrm5ekkux9k5 9SryT7QMa44/P5W1QWtaXKZRagLBJetsulf24yr83 OC0ePpFBrXBWx/BPP gynntkyjbu6czfd3idmka8dqxhql4uj56howpq3neatq8f s6zxljxxs1bgcsctntghhgko6ahpjhiqq0ywtyorok E2N/On Fpb7vXQtdrROTH re5tqv9ywnein7n5zarzojq39wavdcksctrqohlbfkhfxf0qfbe01sturm0trlfj K91DACX6YblpalgjEbenM49WdVn1zSnXRrcKK2W200JvFbK4e/vv6V1T1TRaJwID AQABo4HcMIHZMB0GA1UdDgQWBBStvZh6NLQm9/rEJlTvA73gJMtUGjALBgNVHQ8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBmQYDVR0jBIGRMIGOgBStvZh6NLQm9/rE JlTvA73gJMtUGqFzpHEwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0 IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAG A1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdIIBATANBgkqhkiG9w0BAQUF AAOCAQEAsJvghSXC1iPiD5YGkp1BmJzZhHmB2R5bFAcjNmWPsNh3u6xBbEdgg1Gw TI95/z2JhPHgBalv1r8h894eYkhmuJMBwqGNbzy3lHE0pa33H5O7nD9HDnrDAJR FC2OvRbgwd9Gdeckrez0QrSFk3AQZ7qdBjVKGNMresxRQqF6Y9Hmu6HFK8I2vhMN 5r1jfnl7pwkNQKtq3Y Kw/b2jBpCBVHURfWfp2IhaBUgQzyZ53y9JNipkRdziD9W GzE4GLRxD5rNyA6eji4b4YyYg8sfMfFETMYEc0l2YA/H L0XgGsu6cxMDlqaeQ8g Ci7VnmMmHlWSlNiCF1p70LzHj06GBDEA <item key='ca_certificates'> <dt_array> <item key='0'>-----begin CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU 81

82 MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bcbuvfagtmv0d29yazeimcaga1ueaxmzqwrkvhj1c3qgrxh0zxjuywwgq0egum9v ddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebalf3gjpm8gaeltngtlvt H7xsD821 io2zt6betoxpclmfzofvuq8k 0DGuOPz VtUFrWlymUWoCwSXrbLpX9 umq/nzgthj6rqa1wvsfwtz/omp50ysiqvongxw94nzpapa6syapefi eh6fqunzx mk6vbbomczsccbnqyarhe504b4ycqomoasyykktmse8jqzpphnjfzp/haw 710LX a0tkx63ubuffclpxcdezewwkwacun/calw3cknla0dhy2xsorcrdkn23tnbe7qzn E0S3ySvdQwAl mg5awpyixg3pzopvnvz9c0p10a3citlttncbxwyuhv77 ldu9u0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnvzdcbbqjemmcqga1uecxmdqwrkvhj1c3qgrxh0zxjuywwgvfrqie5ldhdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/vhsxobi0cq azcgono4ug GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkpiaou1z5jjh5vkptyghdae9c8x49ohgq= -----END CERTIFICATE----- <item key='1'>-----begin CERTIFICATE----- MIIEpjCCA46gAwIBAgIQRurwlgVMxeP6Zepun0LGZDANBgkqhkiG9w0BAQUFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF ehrlcm5hbcbdqsbsb290mb4xdta1mdywnza4mdkxmfoxdtiwmduzmdewndgzofow gzmxczajbgnvbaytalvtmqswcqydvqqiewjvvdexmbuga1uebxmou2fsdcbmywtl IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY ahr0cdovl3d3dy51c2vydhj1c3quy29tmrswgqydvqqdexjvve4glsbeqvrbq29y 82

83 ccbtr0mwggeima0gcsqgsib3dqebaquaa4ibdwawggekaoibaqdf7lgqoituvcso vy5gcefgca8uk3otlbu99raajmufkwaevk/id44zdrjh7kyto/oucpjebvtwqhwe LlzvI94huQV2JxkPT9bDnLS lblj8qyrcuttsjy 8ik7FugaoEymyfQYWWjAcPJT AMBeUIKlVm82 UrgRIagTU7WR25JSstn16bEBbmOHvT8/83nNuCcBWyyMyIV0LTg zbfassd0/ji/ksqve9jyp04pvhyhdyczcqpb/1zdxpo vk68r4pqrnhkh7equf9c BQvsRjDRcgvK6VZt9e/feL5hurKlrgRMvKisaRWXve/rtIy/NfjUw9EoDlw6n3AY MyB3xKKvAgMBAAGjggEXMIIBEzAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g JMtUGjAdBgNVHQ4EFgQUUzLRs89/ udxof2ftplsnkudte8wdgydvr0paqh/baqd AgEGMA8GA1UdEwEB/wQFMAMBAf8wIAYDVR0lBBkwFwYKKwYBBAGCNwoDAwYJYIZI AYb4QgQBMBEGA1UdIAQKMAgwBgYEVR0gADB7BgNVHR8EdDByMDigNqA0hjJodHRw Oi8vY3JsLmNvbW9kb2NhLmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA2 odsgmoywahr0cdovl2nybc5jb21vzg8ubmv0l0fkzfrydxn0rxh0zxjuywxdqvjv b3quy3jsma0gcsqgsib3dqebbquaa4ibaqbjhpiqsrp6n76okrybikp1xk4ofn/3 aub/vxpxaanyv9qksr/gk/8b2avgd x R5ywXfd8FJ38wDOShFvSg/RS4iJYdPxD Gz no1jaa/288drk7cwsu8m5rnseoaryv neldknuwyac9k9fqqeu5z9abiypo6t VlB 99Ww/zliZYKMllfDj/dg9sKNNIf8T0Pl278cqvaGzebfET NB/dtgxPAOIg5 YKF MOHjiD6ku2NvLOmKaCzulmmsBGHhT04OnXJM9nk4yMdIaW UD3S0vMjPV025 dxgwdyogc vd0pa8fcyumezqomcctci4smv13tqqclz3ufmajcthynnf -----END CERTIFICATE----- <item key='2'>-----begin CERTIFICATE----- MIIEqzCCA5OgAwIBAgIQLnmDLpCIh qljvmabuz6rdanbgkqhkig9w0baqufadcb kzelmakga1uebhmcvvmxczajbgnvbagtalvumrcwfqydvqqhew5tywx0iexha2ug Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho dhrwoi8vd3d3lnvzzxj0cnvzdc5jb20xgzazbgnvbamtelvutiatierbvefdb3jw IFNHQzAeFw0wNjEyMDEwMDAwMDBaFw0yMDA1MzAxMDQ4MzhaMIGBMQswCQYDVQQG EwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3jkmrowgaydvqqkexfdt01pre8gq0egtgltaxrlzdenmcuga1ueaxmeq09nt0rp IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH 7uIzg3jLz8GlvCiKVCZ rts7ovewdffxze1cku1b/qni2gqgd0s7wwaxuf601cxwrm/an5vcatwwxhgzuvah TaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH 1GImGEaaP vb fgqv useg2l23iw 83

84 ambv4eajcnxo2f8esil33rxp 2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVD ioejpqxsjdlqr6sa1kgzqsx DT nhbrtucelpnqsoo9vucqfzuatne8tja3g1cez 0o7KBWFxB3NH5YoZEr0ETc5OnKVIrLsm9wIDAQABo4IBCTCCAQUwHwYDVR0jBBgw FoAUUzLRs89/ udxof2ftplsnkudte8whqydvr0obbyefaty5yvgtbu3pecpmkkh vkc2wlb/ma4ga1uddweb/wqeawibbjapbgnvhrmbaf8ebtadaqh/mcaga1udjqqz MBcGCisGAQQBgjcKAwMGCWCGSAGG EIEATARBgNVHSAECjAIMAYGBFUdIAAwbQYD VR0fBGYwZDAxoC glyyrahr0cdovl2nybc5jb21vzg9jys5jb20vvvrolurbvefd b3jwu0ddlmnybdavoc2gk4ypahr0cdovl2nybc5jb21vzg8ubmv0l1vuti1eqvrb Q29ycFNHQy5jcmwwDQYJKoZIhvcNAQEFBQADggEBANheksSuFNxDrcKkw2dFBx35 N6IZxxw3NZETHAfEfUKmDvCGXENrDkTPviRhOkKpzp1Mr3k5cN0OBCBOlZw83rdg umndqo1qd4fjrrsek8bl8/jhnkkbb7ymdfkqv4r8bzpykmf6hgoosxcowyoutr/n 4axMZmzyVZFWtzK/seR9teg6ti/bspzaUJOOTsWsmn5cnhI8O03GUHCzZSuO92uh uyxaalv17bzlgq771kmhlneaqhs8u6rcovd/cwijycyvt9eiavzcxwjtfjuar1/z y3kl48thqsxe0atrg7ttrawixtqqc7ujmrrflw5fj3u m SbR6ivfsCSsVwvvE= -----END CERTIFICATE----- <item key='3'>-----begin CERTIFICATE----- MIIFAzCCA ugawibagiqgllluqme8aapwflzjkyqsjanbgkqhkig9w0baqufadcb gtelmakga1uebhmcr0ixgzazbgnvbagtekdyzwf0zxigtwfuy2hlc3rlcjeqma4g A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw MDBaFw0xOTEyMzEyMzU5NTlaMHIxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVh dgvyie1hbmnozxn0zxixedaobgnvbactb1nhbgzvcmqxgjaybgnvbaoteunptu9e TyBDQSBMaW1pdGVkMRgwFgYDVQQDEw9Fc3NlbnRpYWxTU0wgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt8AiwcsargxIxF3CJhakgEtSYau2A1NHf 5I5ZLdOWIY120j8YC0YZYwvHIPPlC92AGvFaoL0dds23Izp0XmEbdaqb1IX04XiR 0y3hr/yYLgbSeT1awB8hLRyuIVPGOqchfr7tZ291HRqfalsGs2rjsQuqag7nbWzD ypwmn84hhzwqfdvaglyoibsyd8gsif/f03/o4tjg27z5h6gq1huqbyh6rsrqxscq ochbrvt9vkcil6qbflttxfeffld Edc7tNkBdtzffRDPUanlOPJ7FAB1WfnwWdsX Pvev5gItpHnBXaIcw5rIp6gLSApqLn8tl2X2xQScRMiZln5 pn0vagmbaagjgggd MIIBfzAfBgNVHSMEGDAWgBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAdBgNVHQ4EFgQU 2svqrVsIXcz//CZUzknlVcY49PgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQI 84

85 MAYBAf8CAQAwIAYDVR0lBBkwFwYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMD4GA1Ud IAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21v ZG8uY29tL0NQUzBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9kb2Nh LmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBsBggrBgEFBQcB AQRgMF4wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NvbW9k b1vutlnhq0nblmnyddakbggrbgefbqcwayyyahr0cdovl29jc3auy29tb2rvy2eu Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAtlzR6QDLqcJcvgTtLeRJ3rvuq1xqo2l/z oduetzbln3qo6u6bldudu Ennv1F7Q5Slqz0J790qpL0pcRDAB8OtXj5isWMcL2a ejgjkdbza0wztsz4iw SY1dWrCRnilsvKcKxudokxeRiDn55w/65g ono7wdq7vu F6r7yJiIatnyfKH2cboZT7g440LX8NqxwCPf3dfxp 0Jj1agq8MLy6SSgIGSH6lv Wwz3D5XxqfyH8wqfOQsTEZf6/Nh9yvENZ NWPU6g0QO2JOsTGvMd/QDzczc4BxL XSXaPV7Od4rhPsbXlM1wSTz/Dr0ISKvlUhQVnQ6cGodWaK2cCQBk -----END CERTIFICATE----- </dt_array> <item key='certificate'>-----begin CERTIFICATE----- MIIFSzCCBDOgAwIBAgIQKBqJ8LG7xMORrbudRYUgPjANBgkqhkiG9w0BAQUFADBy MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD VQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEYMBYGA1UE AxMPRXNzZW50aWFsU1NMIENBMB4XDTExMTAwNTAwMDAwMFoXDTEyMTAwNTIzNTk1 OVowgYUxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UE CxMVSG9zdGVkIGJ5IFR1Y293cyBJbmMuMR4wHAYDVQQLExVFc3NlbnRpYWxTU0wg V2lsZGNhcmQxIDAeBgNVBAMUFyoucmVnNC5xYXJlZ3Jlc3Npb24ub3JnMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukPlCL1vnnl9kgRhdRZ XQ2yo3Fq nfbgibzkjg2dj8x3m/hm Lat5u /A1rkHP3kNvchwjf2kOmh29Hul6JLkfFlv6Zf YNsTva/28P4RMZ38CBiTomAEwsxxrU5zDZmOLOqY3mg1sifhXT7lma0tgGSCil8R u9nf/jbanshjx/mdvrdkoro1lgyplwg0 Esho5ODbIOlgEY18qgEDg8f0ir3jlOd suzh1a/qyl332eowlzztsmajkbkjojhml9wagfp0leybnk7ngisyimwshotlrqdi afterg6sks9edfljygxenoexa5bbqgo0mpago5wbeb0knwuyrahypdaz1widaqab o4ibxzccacmwhwydvr0jbbgwfoau2svqrvsixcz//czuzknlvcy49pgwhqydvr0o BBYEFLLQDNSlCLlxPNKvHiVYCm/SBridMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB 85

86 Af8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoD AwYJYIZIAYb4QgQBMEUGA1UdIAQ MDwwOgYLKwYBBAGyMQECAgcwKzApBggrBgEF BQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwOwYDVR0fBDQwMjAw oc6gliyqahr0cdovl2nybc5jb21vzg9jys5jb20vrxnzzw50awfsu1nmq0euy3js MG4GCCsGAQUFBwEBBGIwYDA4BggrBgEFBQcwAoYsaHR0cDovL2NydC5jb21vZG9j YS5jb20vRXNzZW50aWFsU1NMQ0FfMi5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v Y3NwLmNvbW9kb2NhLmNvbTA5BgNVHREEMjAwghcqLnJlZzQucWFyZWdyZXNzaW9u Lm9yZ4IVcmVnNC5xYXJlZ3Jlc3Npb24ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBo 8rwMrpd2iSi45Vl69urPeUwMTeuEugN1V5zW26gxUE7nMLuOwwaFKKJFnOrxYSLb YK7ez61Oujx9AyNwRyCja/0JdMEV9PHJHsn/mkLjXLnkgFmoxX75dsISBpIjy5f Q0t5xzbkVxBV3ZGW5OHRIy76h0gyrsRTNVr2BK3j apqufqkdlplq2dxhtjjul5x rkvj 4mnUESS8Suhb8nEebc367kyXlVr453dHuQKfOUHtTmNOh5hin9yYOt0c1Dc yqsmue7tkhwniaryq4qsukxckityiau4q 2BjO0gULy9C/3Nu8guFtLof DEO9t2 g0spcfcn9qtlidf oemn -----END CERTIFICATE----- <item key='expiry_date'> t00:00: :00 <item key='state'>active <item key='product_type'>truebizid_wildcard <item key='domain'>*.example.com <item key='issue_date'> t00:00: :00 <item key='product_id'>1701 <item <item key='start_date'> t00:00: :00 </data_block> </body> </OPS_envelope> 86

87 Example 2 Uses the product ID to retrieve the properties for a Trust Service product. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>get_cert <item key='object'>trust_service <item key='attributes'> <item key='product_id'>2096 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> 87

88 </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='cert_data'> <item key='certificate'>-----begin CERTIFICATE----- MIIEUTCCAzmgAwIBAgIDAX8yMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxHZW9UcnVzdCBJbmMxKTAnBgNVBAMTIEdlb1RydXN0IFByZS1Q cm9kdwn0aw9uifnvqibdqsazmb4xdteymdqyodizndizmfoxdteymduwodexmzq0 OVowgZoxEzARBgNVBAsTCkdUMDgzMjUxNzMxMTAvBgNVBAsTKFNlZSB3d3cucmFw awrzc2wuy29tl3jlc291cmnlcy9jchmgkgmpmtixlzatbgnvbastjkrvbwfpbibd b250cm9sifzhbglkyxrlzcatifjhcglku1nmkfipmr8whqydvqqdexzyyxbpzc5x YXJlZ3Jlc3Npb24ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 01fy13nKyEaR7BcXW/ZOzrgNbW/v57Q4HtJsFLhakoVU30C6N+xUwZMVMTpMlq5f xmhjc8/bjn1vho9l3ei9w+qefxcyh3o9f/11spqfxstja/f1r5uziqumwmpe4z3o EPAusTDDEZDn6KtDMrsjgDRXNUL6IjWHTErj9G4bl13bwqBUy6LyCQoGOpME5qNA skj3hwdv99xjy4b1xjow5qekiryyxcslv3indnv+v+jr/luu+juqtazkl5fnip5i n6wdtk1eyq7l1kna4wlxl0coy7xcnh2ajr5iv+gox0mypj0rbcywmwfqc+1bxlvp /wlljvtkiazkigkjpz3kuwidaqabo4hpmihmmb8ga1udiwqymbaafgv1rijo592u KxNo1SwYK4YYVaDFMA4GA1UdDwEB/wQEAwIFoDAhBgNVHREEGjAYghZyYXBpZC5x YXJlZ3Jlc3Npb24ub3JnMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly90ZXN0LWNy bc5nzw90cnvzdc5jb20vy3jscy9wcmvwcm9kc3viy2ezlmnybdambgnvhrmbaf8e 88

89 AjAAMB0GA1UdDgQWBBQDOAEoYLLChTqOW8wOPRiHwcgQMjAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAMBPQE2zs+68mvwQ xws5ajdpkderr5igwwapx9n9yonniydhub5wqan6tr34f8wt4hqwmhgo1jpzzeyf I3flV4Ca5P14bpLC96G4O8/XDG0off2tDYf5OVQgbNP/s93mvMhSo3jAHN3Enpn0 ildrxuc+uvfmiaklransvgkzmrebewtk0tej6onsc0ds6pgrlzhsxcwhr9wd1dvf +1vKnaS2pp4nXBQthh1wbvk8+VekrYRaPy/5h3/9hRHVb85rb8hbLWSBfN6oyLRw KZnecg3wOB449Hfi072JKEgEViBkuYJLr94KQ8gTSEtDlGmSLGCZaGsrtgmNbyne anzofsa= -----END CERTIFICATE----- <item key='expiry_date'> t07:34: :00 <item key='state'>active <item key='product_type'>quickssl <item key='domain'>example.com <item key='issue_date'> t11:27: :00 <item key='product_id'>2096 <item <item key='start_date'> t19:42: :00 </data_block> </body> </OPS_envelope> 89

90 get_order_info Description Action & object action = get_order_info object = trust_service Usage Queries the Trust Service order information. Request parameters for get_order_info Standard parameters action = get_order_info object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value order_id Required The ID of the order to query. Response parameters for get_order_info Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request 90

91 Attributes Parameters within the attributes associative array for Trust Service orders are described below. Parameter name Obligation Definition/Value approver_ contact_ contact_set Returned for domain vetted certificates if is_success = true. Returned if is_success = true Returned if is_success = true One of the approver s. The contact from the order. The current contact information for organization, admin, billing, and tech contacts. csr Optional The Certificate Signing Request for the certificate. domain Optional The full domain name for which the SSL Certificate was purchased. notes_list order_id period Returned if is_success = true Returned if is_success = true Returned if is_success = true Event logging for the Trust Service order. For more information, see the Notes_list table below. The ID of the Trust Service order. The number of years of the registration period. Allowed values are 1 4, depending on the Trust Service. comodo_ev 1 to 2 comodo_instantssl 1 to 4 comodo_premiumssl 1 to 4 comodo_premiumssl_wildcard 1 to 4 comodo_ssl 1 to 4 comodo_wildcard 1 to 4 malwarescan 1 91

92 Parameter name Obligation Definition/Value price product_id product_type Returned if is_success = true Returned if order is complete and is_success = true Returned if is_success = true quickssl 1 to 4 quickssl_premium 1 to 4 securesite 1 to 4 securesite_ev 1 to 2 securesite_pro 1 to 4 securesite_pro_ev 1 to 2 sgcsuper_certs 1 to 4 sitelock_basic 1 sitelock_premium 1 sitelock_enterprise 1 ssl123 1 to 4 sslwebserver 1 to 4 sslwebserver_wildcard 1 to 2 sslwebserver_ev 1 to 2 truebizid 1 to 4 truebizid_wildcard 1 to 4 truebizid_ev 1 to 2 truste_hpp 1 to 3 truste_tps 1 to 3 trustwave_dv 1 to 3 trustwave_ev 1 to 2 trustwave_premiumssl 1 to 3 trustwave_premiumssl_wildcard 1 to 3 The price charged for the Trust Service. The ID number of the Trust Service product. The product type from the SSL Certificate inventory. The product types are detailed in the allowed values section for this key. Allowed values are: 92

93 Parameter name Obligation Definition/Value reg_type Returned if is_success = true comodo_ev comodo_instantssl comodo_premiumssl comodo_premiumssl_wildcard comodo_ssl comodo_wildcard malwarescan quickssl quickssl_premium securesite securesite_ev securesite_pro securesite_pro_ev sgcsuper_certs sitelock_basic sitelock_premium sitelock_enterprise ssl123 sslwebserver sslwebserver_wildcard sslwebserver_ev truebizid truebizid_wildcard truebizid_ev truste_hpp (Hosted Privacy Policy) truste_tps (TRUSTE Privacy Policy with seal) trustwave_dv trustwave_ev trustwave_premiumssl trustwave_premiumssl_wildcard Type of order, for example, new, renewal, transfer, upgrade. 93

94 Parameter name Obligation Definition/Value server_type Optional The type of server software used to generate the CSR. Allowed values are: Symantec, thawte, and GeoTrust Comodo apache2 apachessl apacheapaches sl apacheopenssl apacheraven apachessl apachessleay c2net cobaltseries cobaltraq3 cobaltraq2 citrix domino ensim hsphere iis4 iis6 iis7 iplanet javawebse rver cpanel domino dominogo4626 dominogo4625 ensim hsphere iis iis4 iis5 iplanet ipswitch netscape ibmhttp novell oracle other plesk redhat sap tomcat webstar whmcpanel netscape ibmhttp other plesk tomcat weblogic 94

95 Parameter name Obligation Definition/Value Symantec, thawte, and GeoTrust Comodo website webstar webstar4 zeusv3 Note: Trustwave does not support server types. special_instructions Optional User defined instructions regarding the Trust Service certificate purchase. state supplier_order_id Returned if is_success = true Returned if is_success = true The state of the order Allowed values are: approver-confirmed Owner has confirmed the domain vetted certificate. awaiting-approval Order processed successfully; waiting for supplier approval. cancelled Pending order was cancelled. completed Order is complete. declined Order cancelled after it was processed or declined by the supplier. in-progress Order is in progress. pending Order saved as pending. The ID number for the vendor. 95

96 Notes_list Parameters within the notes_list associative array are described below. Parameter name Obligation Definition/Value date Optional The date that the note was created. note Optional The text of the note. type Optional The type of note. Allowed values are: order_created order_processed order_cancelled order_completed order_resend_approve_ money_held, money_unheld money_charged, money_refunded supplier_order_cancelled supplier_appr_confirmed supplier_appr_rejected supplier_product_created supplier_product_rejected product_renewed, product_active product_renewing, product_revoked product_expired, product_updated product_scan_requested product_resend_cert_ Examples for get_order_info Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> 96

97 <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>get_order_info <item key='object'>trust_service <item key='attributes'> <item key='order_id'>780 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service 97

98 <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='special_instructions'>test ABC <item key='period'>1 <item key='notes_list'> <dt_array> <item key='0'> <item key='date'> t15:02: :00 <item key='type'>order_processed <item key='note'>order id [780] has been processed, supplierorderid is [141777]. created. [780]. <item key='1'> <item key='date'> t15:02: :00 <item key='type'>order_created <item key='note'>order id [780] has been <item key='2'> <item key='date'> t15:02: :00 <item key='type'>money_held <item key='note'>money has been held for order id 98

99 <item key='3'> <item key='date'> t15:26: :00 <item key='type'>supplier_product_created <item key='note'>the supplier product has been created for order id [780]. id [780]. <item key='4'> <item key='date'> t15:26: :00 <item key='type'>money_charged <item key='note'>the money has been charged for order <item key='5'> <item key='date'> t15:26: :00 <item key='type'>order_completed <item key='note'>the order with the id [780] has been completed and product has been created with product id [194]. </dt_array> <item key='order_id'>780 <item key='state'>completed <item key='product_type'>truebizid <item key='domain'>truebiz.example.com <item key='product_id'>194 <item <item key='contact_set'> 99

100 ... see "Contact Set" <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC2jCCAcICAQAwgZQxITAfBgNVBAMTGHRydWViaXoucWFyZWdyZXNzaW9uLm9y ZzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ8w DQYDVQQKEwZUdWNvd3MxEDAOBgNVBAsTB1FBIERlcHQxIDAeBgkqhkiG9w0BCQEW EXFhZml2ZUB0dWNvd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAo+4AzMq3JeXV5KlAD3BBOGdAOuJYBW3Bz1BooLPX4MGefxqzfVcR8KLGg5MS PLqdiY4Sqc+/tK8qabpHttdbAZ1WBvgYmviMkhRjpSrbVjOca0CmydPCVsXu5nnE HMEZODrzhpuHHIzrkclBpGAqEhf9v1g4OFt1sInVB0o8NpeT10aFyvX2HbtsJyfZ S4RMsP+XjVWzWZ+8v2bH6gapJ0tzXvTKwXzhUzElvVqpldpzO0FgnJtHmfJ/EOs5 gntzvixzp12zkff0dyyuj0okwu+aqodlic2ovxetywkcox5w7jqgptv/vaf7nqy8 Y9VtV6SE5yQRYPJutDTk2PouEwIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAAUr DUNxyrYpt3t9r0GCIiIDVyQdJvY4tQUFIEJdxcvRo2TUcrgiWPyntGc1OCtUFE9Z 2JX4BNEmFVN1jUdBzh6/0loAA36iGYWTSB6CPVe5+y+dcgbViWcNV4or7FOslzRH /Eu0CquMGmGtSdaT/DNIrJvM2iGOtuhFBhFyru61YMoeaQLU12i5XvK7bR4wHrG6 8DwlwUdzBRqiaq32rM/ZF2KmMzfLFKug1Hubt3OBQHSKwXz3CR7hrJSzf1q3lF/w HD47TC982HXaUuskI+E0LcuR/qprLkvAO6hKT60CP+V/yNwcBu79Zjeg1MsAmH/W SzFmc1swYutlFBxmyLU= -----END CERTIFICATE REQUEST----- <item key='reg_type'>new <item key='price'>99.0 <item key='server_type'>apachessl <item key='supplier_order_id'> </data_block> </body> </OPS_envelope> 100

101 get_product_info Description Action & object action = get_product_info object = trust_service Usage Queries the properties of the specified Trust Service product. Request parameters for get_product_info Standard parameters action = get_product_info object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value all_info Optional If included and set to 1, the response includes the CSR and contact information. If the certificate was migrated from TPP, the response includes the TPP order ID and inventory ID. inventory_item_id Optional; may The certificate product ID number that was used be used for in the TPP system. certificates that This value may be used in place of product_id. were migrated from TPP. product_id Required The Trust Service ID number. Note: This value is not required for certificates that were migrated from TPP if inventory_item_id is submitted. 101

102 Response parameters for get_product_info Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name contact_ csr Obligation Returned if is_success = true Returned if is_success = true Definition/Value The administrator address. Certificate Signing Request. The Trust Service provider uses this information to generate the certificate. domain Returned for domain vetted certs if is_success = true The domain with which the Trust Service is associated. expiry_date inventory_item_id is_renewable Returned if is_success = true Returned if is_success = true and cert was migrated from TPP Returned if is_success = true The date that the Trust Service certificate expires. The certificate product ID number that was used in the TPP system. Indicates whether the product is can be renewed at this time. Trust Service products can be renewed between 60 days before the expiry date and 15 days after expiry date. Allowed values are: 0 Product cannot be renewed at this time. 102

103 Parameter name issue_date product_id product_type Obligation Returned if is_success = true Returned if is_success = true Returned if is_success = true Definition/Value 1 Product can be renewed. The date that the Trust Service certificate was issued. The ID number for the Trust Service. The product type from the SSL Certificate inventory. The product types are detailed in the allowed values section for this key. Allowed values are: comodo_ev comodo_instantssl comodo_premiumssl comodo_premiumssl_wildcard comodo_ssl comodo_wildcard malwarescan quickssl quickssl_premium securesite securesite_ev securesite_pro securesite_pro_ev sgcsuper_certs sitelock_basic sitelock_premium sitelock_enterprise ssl123 sslwebserver sslwebserver_ev sslwebserver_wildcard truebizid truebizid_ev 103

104 Parameter name Obligation Definition/Value truebizid_wildcard truste_hpp (Hosted Privacy Policy) truste_tps (TRUSTE Privacy Policy with seal) trustwave_dv trustwave_ev trustwave_premiumssl trustwave_premiumssl_wildcard start_date state tpp_order_id Returned if is_success = true Returned if is_success = true Returned if cert was migrated from TPP and is_success = true The effective date for the Trust Service. The state of the product. Allowed values are: expired active renewing renewed revoked The order number that was used in the TPP system. upgrade_options Returned if is_success = true and product_type = sitelock_basic or sitelock_premium Indicates the product types to which the existing product could be upgraded. Currently, this applies to Sitelock products only. If product_type = sitelock_basic, values returned are sitelock_premium and sitelock_enterprise; if product_type = sitelock_premium, value returned is sitelock_enterprise. 104

105 Examples for get_product_info Example 1 Retrieves the properties for a Trust Service product. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>get_product_info <item key='object'>trust_service <item key='attributes'> <item key='product_id'>99 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> 105

106 <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='product_type'>truebizid_wildcard <item key='issue_date'> :00 <item key='domain'>*.example.com <item key='product_id'>99 <item <item key='start_date'> :00 <item key='expiry_date'> :00 <item key='is_renewable'>0 <item key='state'>expired </data_block> </body> </OPS_envelope> 106

107 Example 2 Retrieves all information for a Trust Service product. Request <?xml version='1.0' encoding='utf-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>get_product_info <item key='object'>trust_service <item key='attributes'> <item key='all_info'>1 <item key='product_id'>2071 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> 107

108 </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='csr_data'> <item key='country'>us <item key='organization_unit'>qa Dept <item key='valid_true_domain'>1 <item key='state'>ca <item key='locality'>santa Clara <item <item key='domain'>abc123.example.org <item key='valid_quick_domain'>1 <item key='has_bad_extensions'>0 <item key='organization'>example Co. <item key='notes_list'> <dt_array> <item key='0'> <item key='date'> t10:05: :00 108

109 <item key='type'>product_active <item key='note'>the product with the id [2071] has been created. </dt_array> <item key='expiry_date'> t18:59: :00 <item key='state'>active <item key='product_type'>sitelock_premium <item key='domain'>trust.example.org <item key='issue_date'> t10:02: :00 <item key='product_id'>2071 <item key='is_renewable'>0 <item <item key='contact_set'> <item key='admin'> <item key='first_name'>adler <item key='last_name'>adams <item key='title'>administrator <item key='org_name'>example Co. <item key='address1'>32 Oak Street <item key='address2'>suite 100 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='country'>us <item key='postal_code'>90210 <item key='phone'> x1812 <item 109

110 <item key='fax'> <item key='tech'> <item key='first_name'>tim <item key='last_name'>tucker <item key='title'/> <item key='org_name'>example Co. <item key='address1'>32 Oak Street <item key='address2'>suite 100 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='country'>us <item key='postal_code'>90210 <item key='phone'> x1243 <item key='fax'> <item <item key='organization'> <item key='first_name'>jim <item key='last_name'>johnson <item key='title'>director <item key='org_name'>example Co. <item key='address1'>32 Oak Street <item key='address2'>suite 100 <item key='address3'/> <item key='city'>santa Clara 110

111 <item key='state'>ca <item key='country'>us <item key='postal_code'>90210 <item <item key='phone'> x1224 <item key='fax'> <item key='billing'> <item key='first_name'>bill <item key='last_name'>burton <item key='title'/> <item key='org_name'>example Co. <item key='address1'>32 Oak Street <item key='address2'>suite 200 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='country'>us <item key='postal_code'>90210 <item key='phone'> x1248 <item key='fax'> <item <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC2TCCAcECAQAwgZMxIDAeBgNVBAMTF3NzbDEyMy5xYXJlZ3Jlc3Npb24ub3Jn MQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xDzAN BgNVBAoTBlR1Y293czEQMA4GA1UECxMHUUEgRGVwdDEgMB4GCSqGSIb3DQEJARYR cwfmaxzlqhr1y293cy5jb20wggeima0gcsqgsib3dqebaquaa4ibdwawggekaoib AQDpKz48gJG4ImyJi76kH3AdDZoGNZCC8xgWBUDk4yNXPqe3NxJvZooZIoctP2o8 111

112 CX6+xoK8p6jMb9iIz7ZVC9LuoUmoYZZWdoatMUwaz3xIa4Fq7HeLtCE3misKMcZq +QomhLFv2yMSgyzWWitHdW5oVDuT83Xs8FTZG33rI8gut1J9+5fhJV4WKuncfLwM xmrj+5iwm+kwoe86dtargapwyhc2fepcblszvbz87dp1cltjlan4potmes83rho1 tehhmjailnzy2pfroylbzlq38x1n10wbhqjmcodyk6csb40plduqbsmjpkoclwu4 H92c2Hmo3bqRGWM2K5SXkj29AgMBAAGgADANBgkqhkiG9w0BAQQFAAOCAQEAKUh6 WH4WtC/LtlJhj+p5i3sLEG/L//8DQh30eOxwMxrSGGZUGTfLBT4RaeDA5JEIF5pK v4mxvdw1+nexmqw3h/9evwxpggjvc2eolgya3ri3ojlqnoyqszovnunk0epawoo+ v9o2ykdh88e7nqzp8pw5jhe9rv9u3+mnw2sztqpzcxydxw3kki2uiip3eur2/iih nsairl5nfupgazcem/zpm1lc3s+evkysn2wf4bwoknyypo4dmghcb7ggsqyhh5vn UAoDkyqu2ZScDZTyDG7YOdobMqwbsCT5er5Bq+NWOZyUE+3zO/1VQpznJehaGLrQ N7UAJliUAO+SFFGdxQ== -----END CERTIFICATE REQUEST----- <item key='upgrade_options'>sitelock_enterprise <item key='start_date'> t19:00: :00 </data_block> </body> </OPS_envelope> Example 3 Retrieves all information for a Trust Service product that was migrated from the TPP system. Request <?xml version='1.0' encoding='utf-8'?> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>get_product_info <item key='object'>trust_service 112

113 <item key='attributes'> <item key='all_info'>1 <item key='product_id'>2076 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='is_success'>1 <item key='attributes'> <item key='tpp_order_id'> <item key='csr_data'> 113

114 <item key='country'>us <item key='organization_unit'>qa Dept <item key='valid_true_domain'>1 <item key='state'>ca <item key='locality'>santa Clara <item <item key='domain'>renewtest.example.org <item key='valid_quick_domain'>1 <item key='has_bad_extensions'>0 <item key='organization'>example Co. <item key='notes_list'> <dt_array> <item key='0'> <item key='date'> t11:20: :00 <item key='type'>product_active <item key='note'>the product with the id [2076] has been created. the process <item key='1'> of being renewed. <item key='date'> t11:20: :00 <item key='type'>product_renewing <item key='note'>the product with the id [2076] is in <item key='2'> 114

115 <item key='date'> t11:25: :00 <item key='type'>product_renewed <item key='note'>the product with the id [2076] has been renewed. </dt_array> <item key='expiry_date'> t20:46: :00 <item key='inventory_item_id'> <item key='state'>renewed <item key='product_type'>quickssl <item key='domain'>renewtest.example.org <item key='issue_date'> t11:19: :00 <item key='product_id'>2076 <item key='is_renewable'>0 <item <item key='contact_set'> <item key='admin'> <item key='first_name'>adler <item key='last_name'>adams <item key='title'>administrator <item key='org_name'>example Co. <item key='address1'>32 Oak Street <item key='address2'>suite 100 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='postal_code'>

116 <item key='country'>us <item key='phone'> x1812 <item key='fax'> <item <item key='tech'> <item key='first_name'>ted <item key='last_name'>tucker <item key='title'/> <item key='org_name'>example Co. <item key='address1'>32 Oak Street <item key='address2'>suite 100 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='postal_code'>90210 <item key='country'>us <item key='phone'> x1243 <item key='fax'> <item <item key='organization'> <item key='first_name'>jim <item key='last_name'>johnson <item key='title'>director <item key='org_name'>example Co. <item key='address1'>32 Oak Street 116

117 <item key='address2'>suite 100 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='country'>us <item key='postal_code'>90210 <item key='phone'> x1224 <item <item key='fax'> <item key='billing'> <item key='first_name'>bill <item key='last_name'>burton <item key='title'/> <item key='org_name'>example Co. <item key='address1'>32 Oak Street <item key='address2'>suite 200 <item key='address3'/> <item key='city'>santa Clara <item key='state'>ca <item key='country'>us <item key='postal_code'>90210 <item key='phone'> x1248 <item key='fax'> <item 117

118 <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC3DCCAcQCAQAwgZYxIzAhBgNVBAMTGnJlbmV3dGVzdC5xYXJlZ3Jlc3Npb24ub3JnMQswCQ YDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x DzANBgNVBAoTBlR1Y293czEQMA4GA1UECxMHUUEgRGVwdDEgMB4GCSqGSIb3DQEJARYRcWFmaX ZlQHR1Y293cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDS7+XQflaRIXlWlRv9MRwa5vidu4uKciZdthDVkWo50lYPVZcwSY1v5bhTwIGpGna22a k3snh+gdcykqy9umy0cvbjrm16jswnivc4xgylr6jd/rgxg7dvluu/ qjk1t8tl09pglz9yrwnlsb9bbz85trgq1+up57/o4zxngznrzhxibr5mgb4w/5ywga/eluat6g JNLsbvZo+k516JgCk2trudH9+tr72454T8ZR5fbdw23GruqvQGilUY UsKe1Uywv8vgml1AIGTPctPwfxcFhRPMdWbZ/YmmaxNvd1/DBXZKL8F0wh672aGNEx5DXTkso2 tvpwpadgyljfqmahdzagmbaaggadanbgkqhkig9w0baqqfaaocaqea YYLY/3lGaxxxQASKwm4mUY4QAytqp24A0/i1OSOJNG86OOR8ws7VtFSGKa2B//gx6y2KAI6zom WL4Zpl4DcD8ttckv343DqFwjzJWn5P5/uLBg1z1QVJfVXAyWOt7PQb qx3efaivmgohycyqgxx50/ikg1w+k2q2pugpvjqftbdxkbn5earjjw2jnjvhanok9peagseadx TUGMrKpU0iaExWTvHBN3v9jjF1tow/hhbUqBGk80OVb2MGsa5Rp5aP WG8wWgI67EYcDe2IKvRfoPfzKw6WsLHq2GHp+qqJjXAUB4TBP3/cb3nIrAA8+h9lR3UCZ0LyB0 rqm7pkk0t9jw== -----END CERTIFICATE REQUEST----- <item key='start_date'> t09:02: :00 </data_block> </body> </OPS_envelope> 118

119 get_products Description Action & object action = get_products object = trust_service Usage Returns a list of the Trust Service products whose expiry dates are within a specific date range. Request parameters for get_products Standard parameters action = get_products object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value max_expiry_date Required min_expiry_date Required Used in conjunction with min_expiry_date attribute. The latest expiry date to use to generate a list of Trust Service products. Date must be in the format YYYY-MM-DD. Used in conjunction with max_expiry_date attribute. The earliest expiry date to use to generate a list of Trust Service products. Date must be in the format YYYY-MM-DD. state Optional The state of the Trust Service products that you want returned. Allowed values are: activated active expired renewed 119

120 Parameter name Obligation Definition/Value revoked upgraded Response parameters for get_products Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name product_list Obligation Returned if is_success = true Definition/Value An array that lists the products whose expiry dates are within a specific date range. For more information, see the product_list table below. product_list Parameters within the product_list associative array are described below. Parameter name contact_ domain Obligation Returned if is_success = true Returned if is_success = true Definition/Value The contact from the order. The domain or hostname to which the Trust Service applies. 120

121 Parameter name expiry_date is_renewable issue_date product_id product_type Obligation Returned if is_success = true Returned if is_success = true Returned if is_success = true Returned if is_success = true Returned if is_success = true Definition/Value The date that the Trust Service product expires. Indicates whether the product is can be renewed at this time. Trust Service products can be renewed between 60 days before the expiry date and 15 days after expiry date. Allowed values are: 0 Product cannot be renewed at this time. 1 Product can be renewed. The date that the Trust Service product was issued. The ID number of the Trust Service product The product type from the SSL Certificate inventory. Allowed values are: comodo_ev comodo_instantssl comodo_premiumssl comodo_premiumssl_wildcard comodo_ssl comodo_wildcard malwarescan quickssl quickssl_premium securesite securesite_ev securesite_pro securesite_pro_ev sgcsuper_certs sitelock_basic 121

122 Parameter name Obligation Definition/Value sitelock_premium sitelock_enterprise ssl123 sslwebserver sslwebserver_ev sslwebserver_wildcard truebizid truebizid_ev truebizid_wildcard truste_hpp (Hosted Privacy Policy) truste_tps (TRUSTE Privacy Policy with seal) trustwave_dv trustwave_ev trustwave_premiumssl trustwave_premiumssl_wildcard start_date state Returned if is_success = true Returned if is_success = true The effective date for the Trust Service. The state of the Trust Service product. Allowed values are: approver-confirmed Owner has confirmed the domain vetted certificate. awaiting-approval Order processed successfully; waiting for supplier approval. cancelled Pending order was cancelled. completed Order is complete. declined Order cancelled after it was processed or declined by the supplier. in-progress Order is in progress. pending Order saved as pending. 122

123 Examples for get_products Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>get_products <item key='object'>trust_service <item key='attributes'> <item key='min_expiry_date'> <item key='state'>expired <item key='max_expiry_date'> </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> 123

124 <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='product_list'> <dt_array> <item key='0'> <item key='expiry_date'> t10:41: :00 <item key='state'>expired <item key='product_type'>quickssl <item key='issue_date'> t09:17: :00 <item key='domain'>example.org <item key='product_id'>2094 <item <item key='is_renewable'>0 <item key='start_date'> t20:14: :00 <item key='1'> 124

125 <item key='expiry_date'> t07:34: :00 <item key='state'>expired <item key='product_type'>securesite_pro <item key='issue_date'> t11:27: :00 <item key='domain'>example.net <item key='product_id'>2096 <item <item key='is_renewable'>0 <item key='start_date'> t19:42: :00 </dt_array> <item key='is_success'>1 </data_block> </body> </OPS_envelope> 125

126 parse csr Description Action & object action = parse_csr object = trust_service Usage Parses the CSR and identifies its data elements. Request parameters for parse_csr Standard parameters action = parse_csr object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value csr Required A Certificate Signing Request for the required SSL Certificate. Note: All certificates require 2048 bit CSRs; however, Symantec will accept 1024 bit CSRs for certificates with expiry dates prior to December 31, 2013, except for EV certs, which require 2048, regardless of the term. product_type Required The product type from the SSL Certificate inventory. Allowed values are: comodo_ev comodo_instantssl comodo_premiumssl comodo_premiumssl_wildcard quickssl quickssl_premium 126

127 Parameter name Obligation Definition/Value securesite securesite_ev securesite_pro securesite_pro_ev sgcsuper_certs ssl123 sslwebserver sslwebserver_ev sslwebserver_wildcard truebizid truebizid_ev truebizid_wildcard trustwave_dv trustwave_ev trustwave_premiumssl trustwave_premiumssl_wildcard Response parameters for parse_csr Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request 127

128 Attributes Parameters within the attributes associative array are described below. Parameter name csr_data Obligation Returned if is_success = true Definition/Value A list of the data elements of the CSR. For more information, see the csr_data table. csr_data Parameters within the csr_data associative array are described below. Parameter name Obligation Definition/Value country Required The country specified in the CSR. domain Required The domain specified in the CSR. Required The address specified in the CSR. has_bad_extensions Required Indicates whether the CSR contains any unsupported extensions. Allowed values are: 0 the CSR can be used. 1 re-generate the CSR without the unsupported extensions. locality Required The city specified in the CSR. organization Required The organization specified in the CSR. organization_unit Required The organization unit specified in the CSR. state Required The state specified in the CSR. valid_quick_domain Required for QuickSSL Certificates only Indicates whether the CSR is valid for QuickSSL certificates. Allowed values are: 0 No 1 Yes 128

129 Parameter name Obligation Definition/Value valid_true_domain Required for True BusinessID Certificates only Indicates whether the CSR is valid for True BusinessID certificates. Allowed values: 0 No 1 Yes Examples for parse_csr Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>parse_csr <item key='object'>trust_service <item key='attributes'> <item key='product_type'>quickssl <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIBqTCCARICAQAwaTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAm9uMRAwDgYDVQQH Ewd0b3JvbnRvMQ8wDQYDVQQKEwZ0dWNvd3MxCzAJBgNVBAsTAnFhMR0wGwYDVQQD ExR3d3cucWFyZWdyZXNzaW9uLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gyeaz+hbqqne5bsw0thf7txxsjxf8vtca2ul52iuti1srtm9j6nntajgmbl9upom SFnObpWKriUIlvxKrecygGWkjiMeyU/F6auAS9/vwDdxYEVT2szK+Q2At1FgU433 Pds53v2J/vyB6SL+k/w54H2gF4ORpU1hjUggo7fM353TeeMCAwEAAaAAMA0GCSqG 129

130 SIb3DQEBBAUAA4GBAIYvVThVeocN7N7HbsO/au9AXnx6LULQ5LMDWx6FlyBB5g9h 5HYZa6xieYCYDxYIsjLjR3qx1BWl9+0kSL2MW4EdDPzbcrZvHAtrw2/hPrm9EGA3 2w3a26W79N3clCkrahnpcNFLFyzU3CtZASJ+VuixGXTEkdiBAliqtGp+QBhf -----END CERTIFICATE REQUEST----- </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='csr_data'> <item key='country'>us 130

131 <item key='organization_unit'>qa <item key='valid_true_domain'>1 <item key='state'>ca <item key='locality'>santa Clara <item key=' '/> <item key='domain'> <item key='valid_quick_domain'>1 <item key='has_bad_extensions'>0 <item key='organization'>example Inc. </data_block> </body> </OPS_envelope> 131

132 process_pending Description Action & object action = process_pending object = trust_service Usage Processes pending Trust Service orders; also applicable to any order that is declined. The order is cancelled and a new order is created. Can also be used to process cancelled orders, provided the cancelled order was a new order. Request parameters for process_pending Standard parameters action = process_pending object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value order_id Required The ID of the order to be processed. Response parameters for process_pending Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request 132

133 response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name domain order_id state supplier_order_ id Obligation Returned for domain vetted certs if is_success = true Returned if is_success = true Returned if is_success = true Returned if is_success = true Definition/Value The domain with which the Trust Service order is associated. The ID of the order. The state of the order. Allowed values are: awaiting-approval Order processed successfully; waiting for supplier approval. in-progress Order is in progress. The ID number for the vendor. Examples for process_pending Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> <msg_id> </msg_id> <msg_type>standard</msg_type> </header> <body> 133

134 <data_block> <item key="protocol">xcp <item key="action">process_pending <item key="object">trust_service <item key="attributes"> <item key="order_id">6617 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key="protocol">xcp <item key="action">reply <item key="object">trust_service <item key="response_text">command completed successfully. <item key="is_success">1 <item key="response_code">200 <item key="attributes"> 134

135 <item key="domain">example.com <item key="order_id">6617 <item key="supplier_order_id">219 <item key="state">awaiting-approval </data_block> </body> </OPS_envelope> 135

136 query_approver_list Description Action & object action = query_approver_list object = trust_service Usage Queries the list of approvers for the Trust Service that is associated with the specified domain. Note: This command is currently not supported for Trustwave certificates. Request parameters for query_approver_list Standard parameters action = query_approver_list object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value domain Required The domain to which the Trust Service approver list belongs. product_type Required The product type from the SSL Certificate inventory. Allowed values are: comodo_ev comodo_instantssl comodo_premiumssl comodo_premiumssl_wildcard quickssl quickssl_premium 136

137 Parameter name Obligation Definition/Value securesite securesite_pro securesite_ev securesite_pro_ev sgcsuper_certs ssl123 sslwebserver sslwebserver_ev sslwebserver_wildcard truebizid truebizid_wildcard truebizid_ev Response parameters for query_approver_list Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name approver_list Obligation Returned if is_success = true Definition/Value The list of approvers and their properties. For more information, see the approver_list table. 137

138 Approver_list Parameters within the approver_list associative array are described below. Parameter name domain type Obligation Always returned Always returned Always returned Definition/Value The domain to which the Trust Service applies. Trust Service approver address. Trust Service approver type. Allowed values are: generic Generated by pre-pending predefined list of prefixes to the domain name. Prefixes include admin, administrator, hostmaster, root, webmaster, postmaster, and support. manual A list of support addresses taken from WHOIS. Examples for query_approver_list Request <?xml version='1.0' encoding='utf-8'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>query_approver_list <item key='object'>trust_service <item key='attributes'> 138

139 <item key='domain'>example.com <item key='product_type'>quickssl </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='is_success'>1 <item key='response_code'>200 <item key='attributes'> <item key='approver_list'> <dt_array> <item key='0'> 139

140 <item <item key='domain'>example.com <item key='type'>manual <item key='1'> <item <item key='domain'>example.com <item key='type'>manual <item key='2'> <item <item key='domain'>example.com <item key='type'>generic <item key='3'> <item <item key='domain'>example.com <item key='type'>generic <item key='4'> <item <item key='domain'>example.com <item key='type'>generic 140

141 <item key='5'> <item <item key='domain'>example.com <item key='type'>generic <item key='6'> <item <item key='domain'>example.com <item key='type'>generic <item key='7'> <item <item key='domain'>example.com <item key='type'>generic <item key='8'> <item <item key='domain'>example.com <item key='type'>manual </dt_array> 141

142 </data_block> </body> </OPS_envelope> 142

143 request_on_demand_scan Description Action & object action = request_on_demand_scan object = trust_service Usage If you have a Symantec or SiteLock seal, or the GeoTrust Web Site Anti-Malware Scan product, and you have corrected a malware issue on your site, you can ask the Trust Service provider to rescan your system immediately and reinstate the seal. Note: You can only request a scan if the Trust Seal order is complete. Request parameters for request_on_demand_scan Standard parameters action = request_on_demand_scan object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Note: You must specify at least one of these parameters. Parameter name Obligation Definition/Value order_id Optional The Trust Service order ID number. product_id Optional The Trust Service product ID number. 143

144 Response parameters for request_on_demand_scan Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value product_id Returned if is_success = true The Trust Service product ID number. Examples for request_on_demand_scan Example 1 This example requests a scan for a site by submitting the product ID. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> 144

145 <item key='protocol'>xcp <item key='action'>request_on_demand_scan <item key='object'>trust_service <item key='attributes'> <item key='product_id'>275 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='is_success'>1 <item key='response_code'>200 <item key='attributes'> <item key='product_id'>

146 </data_block> </body> </OPS_envelope> Example 2 This example requests a scan for a site by submitting the order ID. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>request_on_demand_scan <item key='object'>trust_service <item key='action'>request_on_demand_scan <attributes> <item key='order_id'>49841 </attributes> </data_block> </body> </OPS_envelope> 146

147 Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='is_success'>1 <item key='response_code'>200 <item key='attributes'> <item key='product_id'>275 </data_block> </body> </OPS_envelope> 147

148 resend_approve_ Description Action & object action = resend_approve_ object = trust_service Usage Resends the Approver . Note: This command is not supported for SiteLock products or for Comodo EV SSL certificates or for Trustwave Premium EV, Premium SSL and Premium SSL Wildcard certificates, or the GeoTrust Web Site Anti-Malware Scan product. For TRUSTe products, this command resends the confirmation after the order is submitted. Request parameters for resend_approve_ Standard parameters action = resend_approve_ object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value order_id Required The ID number of the Trust Service order. 148

149 Response parameters for resend_approve_ Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name order_id Obligation Returned if is_success = true Definition/Value The ID number of the Trust Service order. Examples for resend_approve_ Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>resend_approve_ 149

150 <item key='object'>trust_service <item key='attributes'> <item key='order_id'>1859 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='order_id'>

151 </data_block> </body> </OPS_envelope> 151

152 resend_cert_ Description Action & object action = resend_cert_ object = trust_service Usage Resends the certificate . In order to request the SSL Certificate , the order must be completed. Note: This command is not supported for SiteLock or Comodo certs, or the GeoTrust Web Site Anti-Malware Scan product. For TRUSTe products, this command resends the fulfillment after the order is completed. Request parameters for resend_cert_ Standard parameters action = resend_cert_ object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value order_id Required The ID number of the Trust Service order. 152

153 Response parameters for resend_cert_ Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value order_id Returned if is_success = true The ID number of the Trust Service order. Examples for resend_cert_ Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>resend_cert_ <item key='object'>trust_service 153

154 <item key='attributes'> <item key='order_id'>1799 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='order_id'>

155 </data_block> </body> </OPS_envelope> 155

156 update_order Description Action & object action = update_order object = trust_service Usage Submits a Trust Service order update to the OpenSRS system. When updating existing trust service orders, the general rules are: Include the parameters and values that you want to change. To remove a remove a value, submit the parameter with an empty value. Omit any parameters that you do not want to change. Note: This command can only be used on pending orders. Important: If you are using this command to add or change the additional domains for a SAN certificate order, you must specify all of the domains that will be secured by the certificate. The additional_domains list specified in this command overwrites the additional_domains list in the original order. Request parameters for update_order Standard parameters action = update_order object = trust_service attributes 156

157 Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value additional_ domains Optional. May be used for SAN certificates. The list of additional domains or other entities (other than the primary domain) that will be secured by the SSL certificate. This list overwrites the previous list in the order, so be sure to specify all of the domains that you want to secure with this certificate. For more information, see Request parameters for sw_register (trust_service) approver_ Optional The of one of the individuals who can approve the Trust Service order. The Trust Service provider sends the approver to the address that you specify. contact_set Optional The SSL Certificate contact information. Most products require: admin, billing and tech contacts. All organization vetted certificates require an organization contact. For admin, tech, and billing contacts for thawte, Symantec, and all EV certificates, title is required. For more information, see Contact Set. csr Optional The certificate signing request for the required certificate. The Trust Service provider uses this information to generate the certificate. end_user_auth_ info Optional - used only for SiteLock and TRUSTe Note: All certificates require 2048 bit CSRs; however, Symantec will accept 1024 bit CSRs for certificates with expiry dates prior to December 31, 2013, except for EV certs, which require 2048, regardless of the term. Specify the username and password that the end user will use to log in to the Domain Admin interface where they can manage their account. The login credentials will be sent to the specified _address. If you resend the Domain Admin login information (through the Control Panel), this is the address to which the Domain 157

158 Parameter name Obligation Definition/Value Admin login credentials are sent. Please note the following conditions: If you specify username and password and the user already exists, the command will fail. If you specify username but not password, and the user does not already exist, the user credentials cannot be created and the command will fail. If you specify username but not password, and the user already exists, the service will be associated with the existing end user profile. If you want to associate the Trust Service product with an existing account, you only need to include the username value. For more information see the End user auth info table below. order_id Required The ID of the Trust Service order. period Optional The number of years of the registration period. Allowed values are 1 4, depending on the Trust Service that is ordered. comodo_ev 1 to 2 comodo_instantssl 1 to 4 comodo_premiumssl 1 to 4 comodo_premiumssl_wildcard 1 to 4 comodo_ssl 1 to 4 comodo_wildcard 1 to 4 malwarescan 1 quickssl 1 to 4 quickssl_premium 1 to 4 securesite 1 to 4 securesite_ev 1 to 2 securesite_pro 1 to 4 securesite_pro_ev 1 to 2 sgcsuper_certs 1 to 4 158

159 Parameter name Obligation Definition/Value sitelock_basic 1 sitelock_premium 1 sitelock_enterprise 1 ssl123 1 to 4 sslwebserver 1 to 4 sslwebserver_ev 1 to 2 sslwebserver_wildcard 1 to 2 truebizid 1 to 4 truebizid_ev 1 to 2 truebizid_wildcard 1 to 4 truste_hpp 1 to 3 truste_tps 1 to 3 trustwave_dv 1 to 3 trustwave_ev 1 to 2 trustwave_premiumssl 1 to 3 trustwave_premiumssl_wildcard 1 to 3 product_type Optional The product type from the SSL Certificate inventory. The product types are detailed in the allowed values section for this key. Allowed values are: comodo_ev comodo_instantssl comodo_premiumssl comodo_premiumssl_wildcard comodo_ssl comodo_wildcard malwarescan quickssl quickssl_premium securesite securesite_ev securesite_pro securesite_pro_ev 159

160 Parameter name Obligation Definition/Value sgcsuper_certs sitelock_basic sitelock_premium sitelock_enterprise ssl123 sslwebserver sslwebserver_ev sslwebserver_wildcard truebizid truebizid_ev truebizid_wildcard truste_hpp (Hosted Privacy Policy) truste_tps (TRUSTE Privacy Policy with seal) trustwave_dv trustwave_ev trustwave_premiumssl trustwave_premiumssl_wildcard reg_type Optional The type of registration being requested: new = submit a new or Trust Service order. renew = renew a Trust Service offering. upgrade = Upgrade a SiteLock Basic or Premium SSL certificate to a higher level certificate. When you upgrade, the product_type changes, you are charged the price for a one year term at the new level, and the new expiry date is one year from the date of the upgrade. Note: This feature is currently available only for SiteLock certificates. 160

161 Parameter name server_count Obligation Required when product_type = securesite*, ssl123, sgcsuper_certs, sslwebserver, sslwebserver_ wildcard, sslwebserver_ ev, comodo_ premiumssl_ wildcard, comodo_wildcar d Definition/Value The number of servers on which the Trust Service product will be installed. server_type Optional The type of server software used to generate the CSR. Allowed values are: Symantec, thawte, and GeoTrust Comodo apache2 apachessl apacheapachessl citrix apacheopenssl domino apacheraven ensim apachessl hsphere apachessleay iis4 c2net iis6 cobaltseries iis7 cobaltraq3 iplanet cobaltraq2 javawebserver cpanel netscape domino ibmhttp dominogo4626 novell dominogo4625 oracle ensim other hsphere plesk 161

162 Parameter name Obligation Definition/Value Symantec, thawte, and GeoTrust Comodo iis iis4 iis5 iplanet ipswitch netscape ibmhttp other plesk tomcat weblogic website webstar webstar4 zeusv3 redhat sap tomcat webstar whmcpanel Note: Trustwave does not support server types. special_instructions Optional Any special instructions regarding the Trust Service purchase. End_user_auth_info Parameters within the end_user_auth_info associative array are described below. Parameter name Obligation Definition/Value _address Optional - used only for SiteLock and TRUSTe to send Domain Admin credentials Specify the address to which you want to send the login credentials (username and password) for Domain Admin. Note: If you want to associate the Trust Service product with an existing account, only username is required. 162

163 Parameter name password username Obligation Optional - used only for SiteLock and TRUSTe to create Domain Admin credentials Optional - used only for SiteLock and TRUSTe to create Domain Admin credentials Definition/Value The password must be at least eight characters. The username must be at least six characters. Response parameters for update_order Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value domain order_id state Returned if is_success = true Returned if is_success = true Returned if is_success = true The domain with which the Trust Service order is associated. The ID number of the Trust Service order. The state of the order. Allowed values are approver-confirmed Owner has confirmed the domain vetted certificate. awaiting-approval Order processed successfully; waiting for 163

164 Parameter name Obligation Definition/Value supplier approval. cancelled Pending order was cancelled. completed Order is complete. declined Order cancelled after it was processed or declined by the supplier. in-progress Order is in progress. pending Order saved as pending. Examples for update_order Example 1 This example changes the information associated with an order, but does not change it's processing state. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>update_order <item key='object'>trust_service <item key='attributes'> <item key='server_type'>apachessl <item key='special_instructions'> 164

165 <item <item key='csr'>-----begin CERTIFICATE REQUEST----- MIIC3DCCAcQCAQAwgZYxJTAjBgNVBAMTHHVwZGF0ZW9yZGVyLnFhcmVncmVzc2lv bi5vcmcxczajbgnvbaytaknbmqswcqydvqqiewjptjeqma4ga1uebxmhvg9yb250 bzenmasga1uechmevgvzddeqma4ga1uecxmhuuegrgvwddegmb4gcsqgsib3dqej ARYRcWFmaXZlQHR1Y293cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDkMouJLDenKrVS9FdcmdY3BHrJ9iS5o8TbNSAKf2loYF1afa6tJyxO6bCj Mk6WegE+Yugb42ONAgz0zhJq5bNTuWb9FvBZLEuN/jUBR/iVdTlf//W/BPoE2CmK lbgskzfooq7v3ssaoyl3tjwfn8ipwwni/yldmjyjekxcztsro7vugtl2hzdrhxly B0WB0y8Kx3lh1c7xC9CbXfqjJf+j1sKiGEh+cy1H71VdcakleoG+Tll8qvtWreEf pzyczmeyn1ppzfbdzvw9ar9x1yohrwaah1knzomip0tavtkme/nnedmp2rm7y8ak Eof49VBrRfDGkW135EYYJCHxBvXJAgMBAAGgADANBgkqhkiG9w0BAQQFAAOCAQEA nqhocqylm/b7nuqfuowrg9r1gp6/gjixhqyyv4fe2c66hlbhckr1tm88cpt8mfu2 oe2hw55dvutkrbfndvzqvxek8yfiuf2ekuvk+34ancwwiqog4o6oy3xbu1oikpqx 1x0Z7HZJ097DK6uwUqFsviEWyxrNCfJ3DYU5TfrZtnzIdOB6ztI3wBv1IYZyYzk/ zu65n4mdv64yuazmqjzkgxvl4thhwefvppy+4dk8k8dkupkcqhdxejvwntg7tqiw utv8ishy2ckhvc0urv1rhbr660ygd/fae3hgjzpbdgwu1dllc5anlpsfgejc3fek sqc2b/efphfdbtu6+ejggw== -----END CERTIFICATE REQUEST----- <item key='server_count'>2 <item key='period'>2 <item key='order_id'>2326 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> 165

166 <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='domain'>updateorder.example.com <item key='order_id'>2326 <item key='state'>pending </data_block> </body> </OPS_envelope> Example 2 This example creates login credentials for Domain Admin and changes the processing instruction for the order from save to process. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> 166

167 </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>update_order <item key='object'>trust_service <item key='attributes'> <item key='handle'>process <item key='order_id'>7419 <item key='product_type'>sitelock_premium <item key='end_user_auth_info'> <item <item key='username'>customer111 <item key='password'>changeit </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> 167

168 <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='domain'>example.ca <item key='order_id'>7419 <item key='state'>awaiting-approval </data_block> </body> </OPS_envelope> Example 3 This example updates the list of domains that are secured by the Trust Service product. Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> 168

169 <data_block> <item key='protocol'>xcp <item key='action'>update_order <item key='object'>trust_service <item key='attributes'> <item key='additional_domains'> <dt_array> <item key='0'>upadditional1.example.org <item key='1'>upadditional2.example.org <item key='2'>upadditional3.example.org <item key='3'>upadditional4.example.org <item key='4'>upadditional5.example.org </dt_array> <item key='handle'>save <item key='order_id'> </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> 169

170 <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> <item key='domain'>example.org <item key='order_id'> <item key='state'>pending <item key='is_success'>1 </data_block> </body> </OPS_envelope> 170

171 update_product Description Action & object action = update_product object = trust_service Usage Updates the Trust Service product. Also used to enable or disable the Symantec Trust Seal and/or the Symantec Search-in-Seal. Note: In order to enable the Symantec Search-in-Seal, Trust Seal must be enabled. Request parameters for update_product Standard parameters action = update_product object = trust_service attributes Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value contact_ Optional The address for the new Trust Service contact. let_expire Optional Specifies whether renewal reminder messages will be sent for the Trust Service product. This parameter may be used for any active Trust Service product. Allowed values are: 0 Send renewal reminder s when the certificate is approaching its expiry date. This is the default. 1 Do not send any renewal reminder s. 171

172 Parameter name Obligation Definition/Value product_id Required The ID number for the Trust Service. seal_in_search Optional Specifies whether to enable the Symantec Seal-in- Search which displays the Symantec seal next to the link for your web site in online search results. Allowed values are: 0 Do not enable Symantec's Seal-in-Search. 1 Enable Symantec's Seal-in-Search Important: If you submit this parameter, you must also submit the trust_seal parameter with the value equal to 1. trust_seal Optional Specifies whether to enable the Symantec Trust Seal on your website. Allowed values are: 0 Do not enable Symantec's Trust Seal. 1 Enable Symantec's Trust Seal. Response parameters for update_product Standard parameters action = reply object = trust_service is_success = a Boolean is returned, indicating success or failure of the request response_code = response code indicating outcome of the request response_text = message describing the outcome of the request Attributes Parameters within the attributes associative array are described below. Parameter name Obligation Definition/Value contact_ Optional The address for the new Trust Service contact. let_expire Optional Indicates whether renewal reminder messages will be sent for the Trust Service product. 172

173 Parameter name product_id Obligation Returned if is_success = true Definition/Value Allowed values are: 0 Send renewal reminder s when the certificate is approaching its expiry date. This is the default. 1 Do not send any renewal reminder s. The ID number for the Trust Service. seal_in_search Optional The status of the Symantec Seal-in-Search. Allowed values are: 0 Not enabled. 1 Enabled. trust_seal Optional The status of the Symantec Trust Seal. Allowed values are: 0 Not enabled. 1 Enabled. Examples for update_product Request <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>update_product 173

174 <item key='object'>trust_service <item key='attributes'> <item key='trust_seal'>1 <item <item key='seal_in_search'>1 <item key='let_expire'>1 <item key='product_id'>279 </data_block> </body> </OPS_envelope> Response <?xml version='1.0' encoding='utf-8' standalone='no'?> <!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'> <OPS_envelope> <header> <version>0.9</version> </header> <body> <data_block> <item key='protocol'>xcp <item key='action'>reply <item key='object'>trust_service <item key='is_success'>1 <item key='response_text'>command completed successfully. <item key='response_code'>200 <item key='attributes'> 174

175 <item key='trust_seal'>1 <item key='product_id'>279 <item <item key='let_expire'>1 <item key='seal_in_search'>1 </data_block> </body> </OPS_envelope> 175

176 Revisions September 20, 2012 You can now secure more than one domain under a single SSL certicate for these products: GeoTrust Quick SSL Premium (subdomains only), TrueBusiness ID EV, and TrueBusiness ID Symantec Secure Site EV, Secure Site Pro EV, Secure Site Pro, and Secure Site Thawte SGC Super Certs, SSL Web Server EV, and SSL Web Server Certificate You can now use the update_product command to specify whether or not renewal reminder s are sent when a Trust Service product is approaching its expiry date. You can now use the update_order command to add or change the additional domains in a Trust Service order. Added information about the get_products command, which returns a list of the Trust Service products whose expiry dates are within a specific date range. Incremented version to May 15, 2012 Added information about the get_cert command, which returns the certificate for the specified Trust Service product as well as associated product information. Incremented version to April 17, 2012 As of April 17, 2012, you can use the OpenSRS API to renew and manage SSL certificates that were ordered through the TPP API. All SSL orders that were placed through the TPP system will be migrated to the OpenSRS API by April 20, after which all purchasing and management of OpenSRS Trust products must be done through the OpenSRS API or the OpenSRS Control Panel as the TPP API and the RWI2 are decommissioned. The get_product_info command now includes two additional request parameters - all_info and inventory_item_id - that facilitate searches of products that were migrated from TPP. For products that were migrated from TPP, the command result includes the following parameters: tpp_order_id and inventory_item_id. 176

177 The sw_register command now includes the new parameter base_order_id, which allows you to create a new order based on a previous order. The maximum registration period for Trust Service products is now four years. VeriSign Trust Service products are now called Symantec Trust Service products. Incremented version to November 15, 2011 Free 30 day trials are available for the following Trust Service products: GeoTrust True BusinessID with EV TRUSTe Hosted Privacy Policy (HPP) and Privacy Policy with Seal (TPS) VeriSign SecureSite, Secure Site Pro, Secure Site with EV, and Secure Site Pro with EV Incremented version to October 20, 2011 Added the following Trust Service product: GeoTrust Web Site Anti- Malware Scan. You can now specify the address to which the Domain Admin credentials are sent for SiteLock and TRUSTe products. Incremented version to October 6, 2011 Added the following Trust Service products: Comodo SSL Comodo SSL Wildcard At any time during the current term, you can now upgrade SiteLock SSL certificates to a higher level SiteLock certificate. Incremented version to September 13, 2011 Added the following Trust Service products: SiteLock Basic SiteLock Premium SiteLock SMB Enterprise Secure TRUSTe HPP (Hosted Privacy Policy) 177

178 TRUSTe TPS (TRUSTe Privacy Policy with seal) Incremented version to 3.9. April 1, 2011 Added information about the process_pending command. March 15, 2011 Added the following Trust Service products: Comodo EV (Extended Validation) SSL Comodo Instant SSL Comodo Premium SSL Comodo Premium SSL Wildcard Trustwave DV (Domain Vetted) SSL Certificate Trustwave Premium EV (Extended Validation) SSL Trustwave Premium SSL Trustwave Premium SSL Wildcard Incremented version to 3.7. November 30, 2010 The query_approver_list and parse_csr commands now require the product_type parameter. 178