REQUEST FOR SSL CERTIFICATE
(Prevalidated Domains)
The base URLs, depending on HARICA’s environment, are the following:
- Development: https://cm-dev.harica.gr
- Staging: https://cm-stg.harica.gr
- Production: https://cm.harica.gr
You can find every JSON that is required in each POST request as well as their acceptable key-value pairs in the HARICA - API Documentation Swagger website.
Step 1
First and foremost you have to be logged in with your account in CertManager.For more information you should consult the documentation for "Register and Log In".
The additional features you can include in this JSON are given in more detail on the HARICA - API Documentation Swagger
SSL OV or EV Prevalidated
Step 2
Submit a POST request to the API endpoint /api/ServerCertificate/CheckMachingOrganization with a JSON payload in the request body. This payload should include a table of the domains for which you are requesting certificates.
Example:
[ { "domain": "auth.gr" }, { "domain": "test.auth.gr" } ]
Please note that the domains provided must all belong to the same organization within CertManager.
The HTTP response will return a JSON table containing information about the organization associated with your domains.
The response data will follow a structure similar to this:
[ { "id": "abcde-asd…", "organizationName": "Aristotle University of Thessaloniki", "dn": "O=Aristotle University of Thessaloniki, L=Thessaloniki, C=GR", … … … } ]
Retain the "id" from the response, as it will be required for the next step.
Step 3
To request an SSL/TLS certificate for secure communication between a web server and a client's browser, including one or more domains and your organization's information, submit a POST request to the API endpoint
/api/ServerCertificate/RequestServerCertificate
with the following form data.
{ domains:... domainString:... duration:1 csr:... isManualCSR:... consentSameKey:... transactionType:... organisationDN:... }
General Information
-
In the domains and domainsString fields, you should include a JSON array with the domains you want to add to your certificate, similar to what was provided in Step 1. For example:
Ex.[ { "domain": "auth.gr" }, { "domain": "test.auth.gr" } ]
- For the duration field, you should specify the value as 1.
-
In the csr field, provide a valid CSR (Certificate Signing Request) public key. The accepted key types are:
RSA-2048, RSA-4096, ECDSA-256, ECDSA-384 - The consentSameKey field is used to allow the reuse of previously used public keys. Set this to true or false depending on your preference for key reusability.
- Ensure that the isManualCSR field is set to true.
- The transactionType field must be set to OV for SSL OV Certificates or EV for SSL EV Certificates.
-
For the organizationDN field, include the organization ID from your domain's organization, which you obtained in the previous step.
OrganizationId:abcde-asd…
An easy way to obtain a CSR is by using the Harica website. Navigate to the “Tools” section to generate a private key, which you can download. Afterward, open the pem file and copy its content into the csr field of the JSON payload.
Upon submitting this API call, you will receive an id in the response. Be sure to retain this id for use in Step 4, where you will retrieve your certificate.
Step 4
In this step you need to wait for the validation process to be finished by HARICA Validation Specialists.
Step 5
After the validation process is complete, your certificate will be ready. You can retrieve it by making a POST request to the API endpoint
/api/Certificate/GetCertificate ,using the id obtained in Step 2 as follows:
{ "id": "cfe3eqs-abd…." }
In response to this API call, you will receive the certificate in PEM format, PKCS7, the serial number, and additional information in JSON format.