1. Introduction
  2. Order Management
  3. Sample Code
  4. Errors and Troubleshooting
  5. Appendix
  6. Print-Friendly Documentation

Order Management - Rekey or Reissue an SSL Certificate

Rekeying is the process by which the private and public key is changed for a certificate. It is a simplified reissue, where only the CSR Is changed.

Reissuing is the process by which domain names are added or removed from a certificate. Once a request is validated and approved, the certificate will be reissued with the new common_name and sans specified. Reissuing to add names may incur additional cost, so removing unused names can free up paid name slots in the certificate. Unlimited reissues are available during the lifetime of the certificate. New names added to a certificate that do not share the base domain of the common_name may take additional time to validate. If this API call is made before a previous pending reissue has been validated and issued, the previous reissue request is automatically rejected and replaced with the current request.

Request Endpoint

MethodURL
REISSUEhttps://api.digicert.com/order/{order_id}

Request Parameters

Parameters are encoded in one of the content types that is accepted by the endpoint.

Parameter NameReq/OptAllowed ValuesDefaultDescription
csrOptional[string][existing CSR]Certificate Signing Request. To create a CSR from your server, more information is available at https://www.digicert.com/csr-creation.htm.
common_nameOptional[string][existing value]The name to be secured in the certificate. A sample common name: example.com
sansOptional[string][existing value]Subject Alternative Names. A comma delimited list of names to be secured in the certificate.
server_typeOptionalsee Server Types[existing value] Server platform. Defaults to server_type of order.
commentsOptional[string][blank]Notes about this order for customer's internal use.

Response

Parameter NameData TypeDescription
pending_name_changes[collection]Details of name changes (if any) are listed in this collection.
added_names[set]Any added names are listed here.
added_name[string]A name to be added in the reissue, example: example.edu
dropped_names[set]Any removed names are listed here.
dropped_name[string]A name to be removed in the reissue, example: example.edu
rejected_reissue[set]Details of the rejected reissue (if any) are listed here.
common_name[string]The Common Name of the rejected reissue request.
sans[collection]The list of SANs in the rejected reissue.
san[string]Subject Alternative Name contained in the rejected reissue.

Sample Request

Endpoint

https://api.digicert.com/order/222307

Headers

Authorization: Basic MDAxMDA3OnNreWZhbGw=
Content-Length: 239
Content-Type: application/vnd.digicert.rest-v1+json
User-Agent: MyAPIConsumer/0.42
X-HTTP-Method-Override: REISSUE

Body

{
  "comments": "",
  "common_name": "www.example.com",
  "sans": "a.example.com,b.example.com,c.example.com,d.example.com,e.example.com",
  "csr": "-----BEGIN CERTIFICATE REQUEST-----\n[CSR GOES HERE]\n-----END CERTIFICATE REQUEST-----"
}

Sample Response

Note that with this sample request, it would return JSON. Including XML for comparison.

Status Code: 201

Headers

Content-Length: 331
Content-Type: application/vnd.digicert.rest-v1+json

Body

JSON (application/vnd.digicert.rest-v1+json)XML (application/vnd.digicert.rest-v1+xml)
{
  "pending_name_changes":{
    "added_names":[
      "c.example.com",
      "d.example.com",
      "f.example.com"
    ],
    "dropped_names":[
      "x.example.com",
      "y.example.com"
    ]
  },
  "rejected_reissue":{
    "common_name":"www.example.com",
    "sans":[
      "a.example.com",
      "q.example.com"
    ]
  }
}
<response>
  <pending_name_changes>
    <added_names>
      <added_name>c.example.com</added_name>
      <added_name>d.example.com</added_name>
      <added_name>f.example.com</added_name>
    </added_names>
    <dropped_names>
      <dropped_name>x.example.com</dropped_name>
      <dropped_name>y.example.com</dropped_name>
    </dropped_names>
  </pending_name_changes>
  <rejected_reissue>
    <common_name>www.example.com</common_name>
    <sans>
      <san>a.example.com</san>
      <san>q.example.com</san>
    </sans>
  </rejected_reissue>
</response>