Free GeoTrust SSL Certificates
InterNetX the Company where I work offer free GEOTrusts SSL Certificates, if you manage the Domains over them, You can easily manage your Certs with the SSL Manager GUI or also via API.
Important:
- Domains must be managed in your AutoDNS Account
- only 9 subdomains are free, www is included
- OCSP Stapling must be activated on your server, its also better for Performance
- Authentication is done via DNS
Generate an privatekey and cert
openssl req -nodes -new -newkey rsa:2048 -sha256 -out csr.pem
Via API you must perform following steps.
Get CNAME Information
Request:
<?xml version="1.0" encoding="UTF-8"?> <request> <task> <code>400110</code> <certificate_request> <plain><![CDATA[-----BEGIN CERTIFICATE REQUEST----- MIICyzCCAbMCAQAwgYUxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJCWTETMBEGA1UE BxMKUmVnZW5zYnVyZzEPMA0GA1UEChMGbm9uYW1lMQ8wDQYDVQQLEwZzZXJ2ZXIx FDASBgNVBAMTC2V4YW1wbGUuY29tMRwwGgYJKoZIhvcNAQkBFg14QGV4YW1wbGUu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Oh/pN0/DyMFIbe3 5uX08wFrMiOsMKXwOYUhtPdToQAGtXovhP3xihHOMbE8mjenkksqcMO08Smgwsz+ s96AQdo241pF3BN4RzqUEBhFD3eXFW/oKm/3QZq0oTRSe749OK4+ZxxGZ8KwbO14 9RUTOEHnmX63Ji5MEiWGAIpFX84B/9mioCRu2oB22rWT9OtMwugAeSNoyDIE1KIH ZBLeBnomIFGAEspFcGARMcXKV1NHraRGsDXx87NCBGVQhXW/dAUIWD6D1A1SA+u4 A2Uma4GTwtqzxWnB3ISKIvJ+eNbuh1pwV+RU8jNXP+gTPVB4GL5pqmlDJllYNR+B AOcfqwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHCWmgQoYlZp1y10aPbk7P11 /4I62ocrzeBiDp7/DkOAzSaChjzjnmBQo3aeWFa8tFsKQ4M4KtYROVrw05Qfu90i GLySnfZEcGYb7bzJDF1ZHgivD5DrmU9kZrgRnxungdk13NBkW5oBZfIfpTw1PYrH y6YDB72to21MCnxepU3rPD6N1CX9RIrbH4RSmL2ARvjhtpGHiHirguppvEk/kmXJ JtUkVvd9xSKP+BYo2wTOxBq3gTpWNSvtHDH2+w6gNolrk9quwg25re/3YGJOqC+o uEJUInV2NmzhCK3RaspCDK9utnw6sECgNZ+mjaV0NtdWc1sg9IQEZ6zzkLEftds= -----END CERTIFICATE REQUEST----- ]]></plain> <product>BASIC_SSL</product> </certificate_request> </task> <auth> <user>user</user> <password>password</password> <context>9</context> </auth> </request>
Response:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<response>
<result>
<data>
<certificate_request>
<plain><![CDATA[-----BEGIN CERTIFICATE REQUEST----- MIICyzCCAbMCAQAwgYUxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJCWTETMBEGA1UE BxMKUmVnZW5zYnVyZzEPMA0GA1UEChMGbm9uYW1lMQ8wDQYDVQQLEwZzZXJ2ZXIx FDASBgNVBAMTC2V4YW1wbGUuY29tMRwwGgYJKoZIhvcNAQkBFg14QGV4YW1wbGUu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Oh/pN0/DyMFIbe3 5uX08wFrMiOsMKXwOYUhtPdToQAGtXovhP3xihHOMbE8mjenkksqcMO08Smgwsz+ s96AQdo241pF3BN4RzqUEBhFD3eXFW/oKm/3QZq0oTRSe749OK4+ZxxGZ8KwbO14 9RUTOEHnmX63Ji5MEiWGAIpFX84B/9mioCRu2oB22rWT9OtMwugAeSNoyDIE1KIH ZBLeBnomIFGAEspFcGARMcXKV1NHraRGsDXx87NCBGVQhXW/dAUIWD6D1A1SA+u4 A2Uma4GTwtqzxWnB3ISKIvJ+eNbuh1pwV+RU8jNXP+gTPVB4GL5pqmlDJllYNR+B AOcfqwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHCWmgQoYlZp1y10aPbk7P11 /4I62ocrzeBiDp7/DkOAzSaChjzjnmBQo3aeWFa8tFsKQ4M4KtYROVrw05Qfu90i GLySnfZEcGYb7bzJDF1ZHgivD5DrmU9kZrgRnxungdk13NBkW5oBZfIfpTw1PYrH y6YDB72to21MCnxepU3rPD6N1CX9RIrbH4RSmL2ARvjhtpGHiHirguppvEk/kmXJ JtUkVvd9xSKP+BYo2wTOxBq3gTpWNSvtHDH2+w6gNolrk9quwg25re/3YGJOqC+o uEJUInV2NmzhCK3RaspCDK9utnw6sECgNZ+mjaV0NtdWc1sg9IQEZ6zzkLEftds= -----END CERTIFICATE REQUEST-----]]></plain> <name><![CDATA[example.com]]></name> <key_size>2048</key_size> <country_code>DE</country_code> <product>BASIC_SSL</product> <authentication> <method>DNS</method> <dns>sckyodyje7ev4eltur3wmhyk92yx0hsr.example.com. 300 IN CNAME s20160408170238.example.com.</dns> </authentication> </certificate_request> </data> <status> <code>S400110</code> <text>CSR-Schlüssel wurde erfolgreich geprüft.</text> <type>success</type> </status> </result> <stid>20160408-app3-dev-3424</stid> </response>
Order Certificate
Request:<?xml version="1.0" encoding="UTF-8"?>
<request>
<task>
<certificate>
<product>BASIC_SSL</product>
<lifetime>12</lifetime>
<software>APACHE2</software>
<csr><![CDATA[-----BEGIN CERTIFICATE REQUEST-----
MIICyzCCAbMCAQAwgYUxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJCWTETMBEGA1UE
BxMKUmVnZW5zYnVyZzEPMA0GA1UEChMGbm9uYW1lMQ8wDQYDVQQLEwZzZXJ2ZXIx
FDASBgNVBAMTC2V4YW1wbGUuY29tMRwwGgYJKoZIhvcNAQkBFg14QGV4YW1wbGUu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Oh/pN0/DyMFIbe3
5uX08wFrMiOsMKXwOYUhtPdToQAGtXovhP3xihHOMbE8mjenkksqcMO08Smgwsz+
s96AQdo241pF3BN4RzqUEBhFD3eXFW/oKm/3QZq0oTRSe749OK4+ZxxGZ8KwbO14
9RUTOEHnmX63Ji5MEiWGAIpFX84B/9mioCRu2oB22rWT9OtMwugAeSNoyDIE1KIH
ZBLeBnomIFGAEspFcGARMcXKV1NHraRGsDXx87NCBGVQhXW/dAUIWD6D1A1SA+u4
A2Uma4GTwtqzxWnB3ISKIvJ+eNbuh1pwV+RU8jNXP+gTPVB4GL5pqmlDJllYNR+B
AOcfqwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHCWmgQoYlZp1y10aPbk7P11
/4I62ocrzeBiDp7/DkOAzSaChjzjnmBQo3aeWFa8tFsKQ4M4KtYROVrw05Qfu90i
GLySnfZEcGYb7bzJDF1ZHgivD5DrmU9kZrgRnxungdk13NBkW5oBZfIfpTw1PYrH
y6YDB72to21MCnxepU3rPD6N1CX9RIrbH4RSmL2ARvjhtpGHiHirguppvEk/kmXJ
JtUkVvd9xSKP+BYo2wTOxBq3gTpWNSvtHDH2+w6gNolrk9quwg25re/3YGJOqC+o
uEJUInV2NmzhCK3RaspCDK9utnw6sECgNZ+mjaV0NtdWc1sg9IQEZ6zzkLEftds=
-----END CERTIFICATE REQUEST-----]]></csr>
<id />
<name><![CDATA[example.com]]></name>
<comment />
<admin>
<id>1234</id>
</admin>
<technical>
<id>1234</id>
</technical>
<auth_method>DNS</auth_method>
</certificate>
<ctid />
<reply_to>someone@example.com</reply_to>
<code>400101</code>
</task>
<auth>
<user>user</user>
<password>password</password>
<context>9</context>
</auth>
</request>
