Generating Certificates
The generate operation is used for generating a certificate signing request and a private key for an SSL/TLS certificate. The generated values can be used in the install operation, which installs a certificate to a repository. To install self-signed certificates, it is enough to specify a certificate signing request and private key parts (in addition to fields such as country, and so on). To install purchased certificates, you should also specify a certificate body and certificate authority. For installation details, refer to the Installing Certificate section.
Request Packet Structure
A request XML packet that generates a certificate signing request and a private key part of an SSL/TLS certificate should include the generate operation node:
<packet>
<certificate>
<generate>
...
</generate>
</certificate>
</packet>
The generate node does not have a separate data type, it is nested
in the CertificateActionRequest type (certificate_input.xsd). The
node has the following graphical representation:
Note: The interactive schema navigator for all request packets is available here: http://plesk.github.io/api-schemas/1.6.9.1/agent_input.svg.
- The info node is required. It contains the set of parameters required for generating certificate components. Data type: none.
- The bits node is required. It defines the size of certificate in bits. Data type: integer. Allowed values: 1024 | 2048.
- The country node is required. It specifies the country where your business operates. Data type: string. Value restrictions: two-letters upper-case country nomination in accordance with ISO 3166.
- The state node is required. It specifies the state or province where your business operates. Data type: string. Value restrictions: full name of state/ province in lower case (e.g., “california”), or two-letters upper-case indication (e.g., “CA”).
- The location node is required. It specifies the name of the city where your business operates. Data type: string.
- The company node is required. It specifies the name of the company with which the certificate will be associated. Data type: string.
- The dept node is optional. It specifies the company department. Data type: string.
- The email node is required. It specifies your email address that will be used for generating CSR component of the certificate. Data type: string.
- The name node is required. It specifies the name of the site with which the certificate should be associated. Data type: string.
- The PVT node is optional. It defines the private key part of the certificate. Data type: string.
Notes
With one packet, you can generate multiple certificates. To do this, use the required number of generate nodes in the packet:
<packet>
<certificate>
<generate>
...
</generate>
<generate>
...
</generate>
</certificate>
</packet>
Note: When creating request packets, put nodes and elements in the order they follow in the packet structure.
Response Packet Structure
The generate node of the output XML packet is structured as follows:
Note: The interactive schema navigator for all response packets is available here: http://plesk.github.io/api-schemas/1.6.9.1/agent_output.svg.
- The result node is required. It wraps the response retrieved
from the server. Data Type: resultType (extension)
(
common.xsd) . - The status node is required. Specifies the execution status of the generate operation. Data type: string. Allowed values: ok | error.
- The errcode node is optional. Is used to return the error code when the generate operation fails. Data type: unsignedInt.
- The errtext node is optional. Can be used to return the error message if the generate operation fails. Data type: string.
- The csr node is required. It contains the CSR component of the generated certificate. Data Type: string.
- The pvt node is optional. It contains the Private Key component of the generated certificate. Data Type: string.
Samples
This packet generates 2048-bit certificate that associates site johndoe.org with company Doe, Ltd. operating its business in United States, Georgia, Atlanta.
<packet>
<certificate>
<generate>
<info>
<bits>2048</bits>
<country>US</country>
<state>georgia</state>
<location>Atlanta</location>
<company>Doe, Ltd.</company>
<email>jdoe@johndoe.org</email>
<name>johndoe.org</name>
</info>
</generate>
</certificate>
</packet>
Response:
<packet>
<certificate>
<generate>
<result>
<status>ok</status>
<csr>-----BEGIN CERTIFICATE REQUEST-----
MIICwTCCAakCAQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB2dlb3JnaWExEDAO
BgNVBAcTB0F0bGFudGExEjAQBgNVBAoTCURvZSwgTHRkLjEUMBIGA1UEAxMLam9o
bmRvZS5vcmcxHzAdBgkqhkiG9w0BCQEWEGpkb2VAam9obmRvZS5vcmcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVqi2DL5D1aBw3X3AkA5u4E+JaaVua
+uBHbpQ24vI4/pfDDt8bnx8Q9r8Lc1JW8xogxNlZYTO00VkS2WqrOfHHV8uUUJ/m
0Ok0687Hu433USWGT6aTWYYZB8rH7djo0ezObaxINhb1p1FM00LsN8LT4VS2McM1
2BvObvuayrIJ1ltapIX7w5lNsk3PbSBZGgYF21ryqcLwTeDIaLBQV2SO1FDwcUVv
81dTz/3TMQ8kLvhJnlJoNb8DuoNtH6X9N3uPvm29uH6fe7wQszJ4rQ/yGRhqYKz6
brZA0SbAKzjXRQf9P8xIKjurMroLRFkRU/8kGAbzYtJleSB3LChkbeExAgMBAAGg
ADANBgkqhkiG9w0BAQsFAAOCAQEAN0pG0RwLWeFvmIyxKqq+k+ZGgFNNqyg0dWb4
tPKH4NXizy4QdhOSrJMp10BJgdMn2SVvmLkYPzBR0yE2C0PiGVutrYsAAYJwY3/E
v6S2jHfCB5WS/qrQ/ijj/GBn6xVqQzAaSFJ2DSYt4w0PO5z8gV45yZP0UTwwwEl4
CB495QlKcUtMfUH1AtiANvML+UoUuABePu3rbv2SDUzDk9jtliVwvBKwCIIdmuo8
DfynRBh3rriw95IyagHFaIVzqJFyxM+7OadDD6OQNqZrRmkCKq/owVgkhI0ln16q
HmWo2hSkC+Db4N/ZtOxz7lSkwpFQ+wee8fq9rZnuuXclUGTahg==
-----END CERTIFICATE REQUEST-----</csr>
<pvt>-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVqi2DL5D1aBw3
X3AkA5u4E+JaaVua+uBHbpQ24vI4/pfDDt8bnx8Q9r8Lc1JW8xogxNlZYTO00VkS
2WqrOfHHV8uUUJ/m0Ok0687Hu433USWGT6aTWYYZB8rH7djo0ezObaxINhb1p1FM
00LsN8LT4VS2McM12BvObvuayrIJ1ltapIX7w5lNsk3PbSBZGgYF21ryqcLwTeDI
aLBQV2SO1FDwcUVv81dTz/3TMQ8kLvhJnlJoNb8DuoNtH6X9N3uPvm29uH6fe7wQ
szJ4rQ/yGRhqYKz6brZA0SbAKzjXRQf9P8xIKjurMroLRFkRU/8kGAbzYtJleSB3
LChkbeExAgMBAAECggEATxoIwANN7EbAUwvgK0i07s+jnQF+ZyUdkOOC9pdwSmtV
LsUXanPpaX/gbV7gMBCAyL0B21miiHj1SR8cX69aeG+Qq60JNmdIOq4/NhWM7SA4
YwqKEesJEwWpSY4OTM9XB6uzmN7tt5xdPeuSvWKjWHUJ3tniQP0dhTfnR2LGQqf3
5a497D5DEi40fGBgVIBCc7K1Uceqa+ZQT2MAzlW5dL+xIhTG2qLadT8KiNuQInPY
cq07BlVdsXjKhabINqolE+IA8yeXnvFX0dUXhk7/oCn3WSO1yJWM52syGp3z5LDC
istt//N4f4c2P+/hTIWgBG+ZEbQ/s0Nl2LeqM2tyIQKBgQDGrgf8mxkT5TtVZbvl
SWgQl9OnduoWl5+iqGDzaqDUAjj0Rr5UnQrXADxp+/WC3u+NVYVGqpOjlQfvkcsT
hFaRLEfId+kmpWa8lIhaq9G93ERrTZzyTg+dDNErdeBgtzJD8ZMhZNfNiDkoU30e
hblngL5FipZa4rChojEjc3TBtQKBgQDA2AYI6Iz2meY17dE9+0cRJTVDyobOt2yg
Ug5FFXBD/hrtQboWiSLZscSBd9jf2D/axXb4LF98qJuT4g+h6HnU5WYz1M09LJVH
1OD/5FcwkS9dMhYdO9/v+HHYv1EUB561Hp/gLgB2t56L8dL0vox42Q3x8SmjhNRm
rZ8DQ1K/DQKBgEdx559X6sGzyg1ggxvltM1au5rZ8T3kklw8rnh6HJGApxh4pBLr
Ui2UgSUfnN7N6ljpqv6JcoP9oJfu1pcTHMohoUKelDH4gqRHyWzJoqfioJvxkgG0
PnscU8+MGP7Ogf3azizRBaV8Wgl9VF34en6U1ldNidnu8NN+7qqv5wmNAoGBAKR6
W8NTXY+jOee7XCEqZbXo72JPpeVAKwUel48ytts3Kw47ZhV8h933Mixe5Poe/m+A
xnTrm9G+GVvrjvvARdFgi2gf06GemgB3QCThQ8BnxGcPpi7u95Q8ahW9L9EOor3G
TgQuGDUpba/c5NncgAE+2BcIY0RVsbeV1C87R6MtAoGAY7BRWmtsynx+SZq7oCxL
cZh5iRxgftafTWlzRwLJ4A6g6AkAWCc8Bh4gisAYz449id7+2GoO5fRjE2fIuSHs
7UAHIfDf1WAFv3Nptj444N10WfjpIkCZ0TQSAa1/m0n3fWWLO6mytZIiF2m73gaG
7zVkTJZPMBhoQUQiWmPnF2E=
-----END PRIVATE KEY-----
</pvt>
</result>
</generate>
</certificate>
</packet>
This packet generated a self-signed wildcard certificate.
<packet>
<certificate>
<generate>
<info>
<bits>2048</bits>
<country>US</country>
<state>georgia</state>
<location>Atlanta</location>
<company>Doe, Ltd.</company>
<email>jdoe@johndoe.org</email>
<name>*.example.com</name>
</info>
</generate>
</certificate>
</packet>
This packet, using existing private key, generates 1024-bit certificate that associates site johndoe.org with company Doe BV operating its business in Germany, Munich.
<packet>
<certificate>
<generate>
<info>
<bits>1024</bits>
<country>DE</country>
<state>bavaria</state>
<location>munich</location>
<company>Doe BV</company>
<email>jdoe@johndoe.org</email>
<name>johndoe.org</name>
</info>
<PVT>-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuwEJV9KV6grOtWVGdvMyfTwBtMsb1dqSZyUzKq7ncov971fC
GawVFFjLYX+7UJjEksmVgKjPu5+EPWOH+Vrkft0XjOZMQoW0Jzq46XVJr9fmYQfU
NtVBQOXhKbcgzPy0diQI6SiQ9O/K4e+qVWZtxLCTJd/lBNw4NA3ig3pQymuEmM1t
SSZ6Hp+FF19+5SB3QZyI/jQkGx0Uohg+sOpjMogjDs1wqUgYhl4EUXGjlZedDngH
VSpMKSWmntSuyt6vY/y5AJTmtQvJLsHWgrSgvoxQhO9iNEPE5yJ+2oT8tMndhIM2
eNmLPA9z84qhmsfCP3ugWxDn84tJ9Rw/Rgs2jwIDAQABAoIBAH1fioYIt1179W4E
AiQJlJYFvxcY/QZ5TaI9fHpnXOCdHphye71+c3t6tJAfdNPqOBA5ejQR+YPOxHfr
3OO+nma3j+x1EjefMFMEuag7bDWqR9hRyWMhwmfiNv0iu6jy24JBUoAPJHAyvBCR
/97Vl05BG8ZOv1ps0nmDvZNsU/IA0TKN8LwiLYw2+cFjKFAaQPAabkpJWgDVbL6f
gcxZp0WO6G+kFDziqHvTxBe4heeE8U2V4P/vmcF/lFPU2/R+2fkooXPyvwSSF9uH
vkapMf6foLkeCGppoqRH2HxfZjqSPzH1kwxdEXqAD4EhfCWesOtwtaVvV280K/RU
MH7YtxECgYEA7d6B7acjhKxapwJI5xdFjTZ9adsGJ9mosv7JrnMVqldlxNmQdpGC
wCCBGkKgd6bBXoJrDbH2GbhlaE1Ayn/uoHYcsScggJ8zj4cHsq2AJ5zBIkJ4n/zQ
JcuFptq/FT6sb5CEUS7f499xvWde/cuAHhaQKyb+NCqOOW70zRu/9QMCgYEAyUIC
HQzE3+Xofv5ZLcGmwBRmnu3nuqNFez0iQdGyQV95TzgjAOpvs3Yp6pXSmG6I6WKt
KZz0Wm0ndAGn75CR76E4NyIP4FC7OAyehiUfcp6BA7j92iMeA5ceIH1kB2bezw33
GxEh21XxE7pYPUI9x6RNNOoGiB5zzLas6YHJpIUCgYEAqBWBLlPaz1eTP0xoA5P4
O87zVCfG88XkZYeRMEp2VsYnTbCHWqF8CRNu5wWJqsMVBRmXWDgWtRoN3mQokm9Q
SebsY2pIl1rn7lX2ZJYhZtxnxTO/VR4qX2qvaLZOLE77PmKafVtoLfeowbQX9bMl
Nx2uhi+plWc01PTI217uh80CgYEAomuM/RjDAdavjV2DZvPzuOw97WEeNHdzqYOq
0+eBrlR4uEAbr6+DOhfQuCr1bGM4RvGFwiGS6i9ROcPkXegUfoljrsrkeSluDkvQ
2322JXBZukFfTN4uaMNaYuoPAhI5Gmyw0b0/z51KE5u9fqKo7Sdhz6RWZR/+YGXE
oiZGL2kCgYBRi0j2Fe3ZxX6PWYogmS17pZdta6Dyuh90w4dfYyEM8RtHo67L6i4j
pYpvyiF7C4Rklh3+MJfk1VkqQGNmPAT2H1eK4fQ6LH14t8oiFJbCok/SnKC2BUMt
UJLKqgqP591cN0xpbdH/9k1nGdNxi9z1myA7gSrKNIzSnQFSqn4lAg==
-----END RSA PRIVATE KEY-----
</PVT>
</generate>
</certificate>
</packet>
This request packet is incorrect because country node contains a full country name, not a country nomination in accordance with ISO 3166.
<packet>
<certificate>
<generate>
<info>
<bits>1024</bits>
<country>Germany</country>
<state>bavaria</state>
<location>munich</location>
<company>Doe BV</company>
<email>jdoe@johndoe.org</email>
<name>johndoe.org</name>
</info>
</generate>
</certificate>
</packet>