When using the enrollments endpoint to request a certificate from a GlobalSign CA, the profileId parameter must identify a GlobalSign MSSL (Managed SSL) profile. For example:
{ "csr": "...", "includeCa": false, "optionalCertificateRequestDetails": { "subjectDn": "cn=grapefruitdesk.com,o=Test Company,c=CA", "useSANFromCSR": false, "validityPeriod": "P1Y0M0D" }, "profileId": "profileA", "renewal": false, "requiredFormat": { "format": "pem" }}See below for a parameter reference.
Parameter names are case sensitive.
csr
The base64 encoding of a certificate request.
Mandatory: When requesting or enewing a certificate for a client‑generated key pair and CSR.
includeCa
true to return the certificate and the issuing CA chain; false to return only the end‑entity certificate.
Mandatory: No. This optional value defaults to false.
optionalCertificateRequestDetails.subjectDn
A Distinguished Name string used to override or supplement the DN from the CSR.
Some GlobalSign issuance modes allow subject override; others require the subject to match the CSR.
Mandatory: No.
optionalCertificateRequestDetails.useSANFromCSR
A boolean controlling whether the CA should pull Subject Alternative Names (SANs) directly from the CSR.
Value | Action |
|---|---|
true | Copy SANs from CSR. |
false | SANs will not be taken from the CSR (they must come from other profile rules or request attributes). |
Mandatory: No. This optional value defaults to false.
optionalCertificateRequestDetails.validityPeriod
The duration for which the certificate will be valid, as an ISO‑8601 duration. See the table below for examples.
validityPeriod | Start date | Duration | End date |
|---|---|---|---|
"2018-07-06T13:00Z/2019-07-06T13:00:00Z" | July 6, 2018 at 13:00 UTC | Automatically calculated | July 6, 2019 at 13:00 UTC |
"2018-07-06T13:00Z/P1Y3M0DT0H0M" | July 6, 2018 at 13:00 UTC | 1 year and 3 months | Automatically calculated |
"P0Y3M0DT0H0M/2018-12-31T00:00Z" | Automatically calculated | 3 months | 31, 2018 at 00:00 UTC |
"P1Y3M10DT0H0M" | Current date | 1 year, 3 months, 10 days | Automatically calculated |
The selected value must comply with the GlobalSign profile maximum validity rules.
Mandatory: No. This optional value defaults to the profile validity period.
profileId
The identifier of the certificate profile to issue or renew the certificate. To request a PKCS #12 containing a certificate and key pair generated by a GlobalSign CA, this value must identify a profile with one of the following product codes.
Product code | Certificate type |
|---|---|
PV_INTRA_SKIP | IntranetSSL using AutoCSR signed with SHA1 |
PV_INTRA_SKIP_SHA2 | IntranetSSL using AutoCSR signed with SHA-256 |
To request a certificate for a client‑generated key pair and CSR, this value must identify a profile with any other product codes.
Mandatory: Yes.
properties.specialInstructions
Free‑text field for internal notes about the order – for example: “contact ops before issuing”.
Mandatory: No.
renewal
true to request the renewal of an existing certificate; false to request a completely new certificate.
Mandatory: No. This optional value defaults to false.
requiredFormat.format
The certificate output format.
Value | Format |
|---|---|
pem | Base64‑encoded certificate |
der | Binary DER |
pkcs12 | PKCS #12 containing a certificate and key pair generated by the CA (if supported by the selected profile). |
Mandatory: Yes.