SSL Certificate - Encryption Everywhere

Encryption Everywhere is a service from Symantec which provides free SSL certicates.

/ssl-certificate/ee-authentication-key

POST

Generate an Encryption Everywhere (EE) authentication key.

Authentication keys are required to use EE API and perform instant EE certificate issuing. A generated key is valid for 7 days.

JSON request

csr string The full Certificate Signing Request (CSR) file contents (including header and footer line) of the domain you’re creating the certificate for. Can be supplied with JSON new lines sign \n (see the request examples below). The CSR should be generated using a key of at least 2048 bits in length.
dcv_type string

Domain Control Validation (DCV) method to generate validation hash for. There are 2 possible options:

  • FILE
  • DNS

JSON response

Possible errors

Sample

curl \
--request POST \
--user "{{api_username}}:{{api_key}}" \
--data '
    {
        "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICwTCCAakCAQAwfDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\nITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9AZXhhbXBsZS5jb20wggEiMA0G\nCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxeHuQf/NN9tQqnFv1h0bvwTY0kWhp\nesx3JUwOnah/FwkZpv+VDJpMG1nzxTRX87GNqn5jPHTzCSiRtGuZpSURj4QYXkh0\npQHsyjZxLE3o+XY9CCxKZ6IkdhCBvvBiPTi9OCY3jyk+3kcqqbX1ETrKGgT4G8T5\nvyPh61YJBpFrrV1Faw2+8DnriOeYbIgoP6Kmq6nRp41GoXOoaP01eAtLqp1uYWuy\npc97N68xZqKR2aXfHJxlof+KMDbnHOuWbFX0GxvziqdXByc//c9J4AN4zDJlGy8C\nA5n9ocbPAP0udZ45tFCI78zfQ5GPe7QaAb7zVzG37hAfNFLpocJMi4CFAgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAQEAT/xJ1HCSqj97qK6UE7wC9KzlwL0W43IdxkeZ\nT9In33FwPpvO2G1d57AenO6F/Z+RTdUk0nfpIxGKu1AgiNziK82ko83l8MSRysD6\nxv/jdzIDzBrn8hYpGHNm73FXSmgh4KSJrOb2YTXwHkesgOZb1wMa6okGLjXCdOmc\n7LEtfxsEMwaQukXzgoO9QmqF3QuOMS/2uNK7ZlYICQdiiCRm5KHNDUKT/mtYs1en\nW7TsK+4NUkbiCxC1iFzPrgXaCMXepXXUTzWfbbiLNLmdxra/HhVlhnh2pJXQLhx8\nbt80ifX2OEUlaDgYj2Hg6hhMJ0E8Tyl0MnJI7qwCSczOBzlAlw==\n-----END CERTIFICATE REQUEST-----",
        "dcv_type": "DNS"
    }
' \
"{{api_base_url}}/ssl-certificate/ee-authentication-key" | python -m json.tool

/ssl-certificate/ee

POST

Order a new Encryption Everywhere certificate.

JSON request

csr string The full Certificate Signing Request (CSR) file contents (including header and footer line) of the domain you’re creating the certificate for. Can be supplied with JSON new lines sign \n (see the request examples below). The CSR should be generated using a key of at least 2048 bits in length.
dcv_type string

Domain Control Validation (DCV) method to prove domain ownership. There are 2 possible options:

  • FILE
  • DNS

FILE and DNS

These validation methods rely on a generated validation hash that can be verified by placing them in a hosted file or DNS txt record.

The validation hash can be obtained from API endpoint generating EE authentication key

FILE validation is done by making a file located at the following address containing the validation hash:

httpː//example.com/.well-known/pki-validation/fileauth.txt

For example:

2017010100000022rzqtzgc82dl5eckyz35lz9oxrpxlcozcuv0va8ko3is2nbyr

DNS validation works by creating the following TXT record on your domain:

Type     Domain          Data
TXT      example.com     <validation hash>

For example:

Type     Domain          Data
TXT      example.com     2017010100000022rzqtzgc82dl5eckyz35lz9oxrpx
lcozcuv0va8ko3is2nbyr
approver_first_name string  
approver_last_name string  
approver_email_address string  
approver_phone_number string  

JSON response

Possible errors

Sample

curl \
--request POST \
--user "{{api_username}}:{{api_key}}" \
--data '
    {
        "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICwTCCAakCAQAwfDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\nITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9AZXhhbXBsZS5jb20wggEiMA0G\nCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxeHuQf/NN9tQqnFv1h0bvwTY0kWhp\nesx3JUwOnah/FwkZpv+VDJpMG1nzxTRX87GNqn5jPHTzCSiRtGuZpSURj4QYXkh0\npQHsyjZxLE3o+XY9CCxKZ6IkdhCBvvBiPTi9OCY3jyk+3kcqqbX1ETrKGgT4G8T5\nvyPh61YJBpFrrV1Faw2+8DnriOeYbIgoP6Kmq6nRp41GoXOoaP01eAtLqp1uYWuy\npc97N68xZqKR2aXfHJxlof+KMDbnHOuWbFX0GxvziqdXByc//c9J4AN4zDJlGy8C\nA5n9ocbPAP0udZ45tFCI78zfQ5GPe7QaAb7zVzG37hAfNFLpocJMi4CFAgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAQEAT/xJ1HCSqj97qK6UE7wC9KzlwL0W43IdxkeZ\nT9In33FwPpvO2G1d57AenO6F/Z+RTdUk0nfpIxGKu1AgiNziK82ko83l8MSRysD6\nxv/jdzIDzBrn8hYpGHNm73FXSmgh4KSJrOb2YTXwHkesgOZb1wMa6okGLjXCdOmc\n7LEtfxsEMwaQukXzgoO9QmqF3QuOMS/2uNK7ZlYICQdiiCRm5KHNDUKT/mtYs1en\nW7TsK+4NUkbiCxC1iFzPrgXaCMXepXXUTzWfbbiLNLmdxra/HhVlhnh2pJXQLhx8\nbt80ifX2OEUlaDgYj2Hg6hhMJ0E8Tyl0MnJI7qwCSczOBzlAlw==\n-----END CERTIFICATE REQUEST-----",

        "dcv_type": "FILE",

        "approver_first_name": "John",
        "approver_last_name": "Doe",
        "approver_email_address": "john.doe@example.com",
        "approver_phone_number": "+31.612345678"
    }
' \
"{{api_base_url}}/ssl-certificate/ee" | python -m json.tool