spaces.internet2.edu has been upgraded to Confluence 6.5.0. If you have any questions and/or concerns, please contact us at websupport@internet2.edu
Page tree
Skip to end of metadata
Go to start of metadata

SSL Certificate API

The SSL Certificate API supports enrolling new certificate requests, renewing existing certificates and collecting certificates. See the SSL Certificate API documentation for details.

SMIME Enroll API

See http://www.incommon.org/cert/repository/InCommon_CM_SMIME_Enroll_API.pdf

Reporting API

Allows the Administrator to get Activity Log Report, Client Certificates Report, SSL Certificates Report, Discovery Scan Log Report, Discovery Scan Detail Report and the Latest Discovery Scan Log Report.

See https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=113

Note: The Reporting API is only available for use by MRAOs.

Technology

The Comodo APIs may be accessed with a SOAP client. For example, see the demo python client contributed by Jason Phelps from the University of Texas or the C# sample client contributed by Gabriel Sroka from the California State University system.

Support

Email support for the API is available at cmapi@comodo.com, Monday through Friday, 4 AM - 8 PM Eastern Time. See the Certificate Service support page for a detailed listing of all support options. You may need to also copy your request to csmsupport@comodo.com; see 'Known Issues' below.

Documentation

PDF documentation for the SSL Certificate API and the Client Certificate API are linked on the repository page. Comodo also provides online API documentation.

Frequently Asked Questions

Finding OrgId

Q: In section 2.3 of http://www.incommon.org/cert/repository/InCommon_CM_SSL_Web_Service_API.pdf
it says that I need the "orgId" in order to use the enrollment SOAP call. How do I find the orgId for our institution? The instructions in the above document say "Can be obtained from Admin UI - Organization properties "SSL Cert" tab", but this was not much help: I could not see the organization id anywhere in our certificate manager.

A: Go to Settings - Orgs, click Departments. Select the department to provision through, click edit, go to SSL tab, enable the web API check box and assign a secret key. The orgId will appear next to the secret key text box.

Status Codes

The SSL and Client APIs share a common set of status codes. If you stumble onto an undocumented status code or error condition, please file a bug with Comodo. It would benefit other API users if you also documented your experiences here on this wiki page.

TODO: Add a link to the Bug tracking system.

Basic information about the possible error codes is provided in the Comodo API documentation but some of the error codes can have multiple causes. Additional anecdotal details may be provided here as a community reference.

  • -14 = An unknown error occurred! Check that the customerLoginUri parameter of your authData object is set to 'InCommon'.
  • -32 = The two phrase should be the same! Check your revocation phrase ('phrase' parameter). It appears that it cannot be left as empty string.

Known Issues

  • As of 4/18 cmapi@comodo.com does not yet issue a support ticket when emailed. csmsupport@comodo.com have been helpful in answering questions in the meantime.

Community

InCommon maintains an email list, cert-users@incommon.org, as a place for community members to share experiences, discuss possible system enhancements, and see how other campuses handle various issues and tasks. We encourage you to join this list. To do so, send an email to sympa@incommon.org with the following in the subject line: sub cert-users FirstName LastName.

  File Modified
ZIP Archive comodo-py.tar.gz Python tools demonstrating basic Comodo SSL API access Jul 25, 2013 by fox@washington.edu
Text File SSL WS.cs.txt sample SSL WS code in C# Jun 29, 2011 by 01000113936@co.calstate.edu
File pki_demo.py demo app by Jason Phelps @ UT Apr 13, 2011 by trscavo@internet2.edu
  • No labels

4 Comments

  1. I am trying to use the API to enroll a certificate. How do I determine the orgId? The pdf documentation says about the orgId: "Organization identifier. Can be obtained from Admin UI – Organization properties “SSL Cert” tab."

    I looked all over and all I could find was that if I viewed the source of the web page, there was a select option associated with our institution that had an integer value' I don't know if that is the orgId but I will try it. That can't be what they expect everyone to do, though.

    1. Good question. I had some trouble finding this too. I've updated the page above with the answer that William Schneider posted to the discussion group.

  2. There is a "test" certificate manager at https://cert-manager.com/customer/InCommon_test

    If I want to test my scripts that request via the API against this test certificate manager, what do I need to change? In particular, what is the URI and what is the WSDL_URL? Are there any other changes that need to made in order to request certificates via the API against this test manager?

    1. If you have an account on the test CM, then you have a test credential. Use that test credential in your API calls. That is the only distinction between test and production usage of the API.