Ascio Web Service v3

SSL

AutoInstallSSL

Domain Monitoring

TMCH

Defensive / DPML

Registrants

Verification

Contacts

Polling / Callbacks

Orders

Account

Automating the SSL workflow

Avoiding manual tasks with SSL-Certificates

Reselling SSL Certificates can be cause many manual tasks. This tutorial shows how which steps need to be done in order to design a order-process without interaction.

The manual process

Generate private key and CSR-file
Manually register the Certificate
Wait until the customer has done the domain-verification
Run after the customer, in case the verification e-mail was filtered as spam
Download the certificate and place it on the webserver, or upload it to a management tool
Edit the vhosts file, if not using a management tool

The automated process

The customer enters all details on the reseller-website
After payment, the website sends the order via API.
A DNS-record or verification-file is created via API.
When the Certificate is active, it's downloaded via API and installed.

This is an example how SSL can be automated with Ascio

        <?php
$subDomain  = $argv[1];
$domainName =  $argv[2];
echo $domainName."\n";
$automation = new SslAutomation("testing",$domainName,$subDomain,"positivemdcssl");

// create CSR and Private Keys

$automation->createKeys();

// register a domain

$automation->registerDomain();

// register the SSL Certificate with the generated CSR

$automation->registerSsl();

// wait for the SSL Token

$automation->pollToken();

// create a DNS record

$automation->createDns();

// wait for complete

$automation->PollV3();

// download certificate

$certificate = $automation->getCertificate();
echo "complete";

DNS Verification

DNS-records is a good way to automate verification. The reseller-system gets a token during the verification process. There are different types, depending on the CA

Digicert (RapidSSL, Geotrust, Symantec, Thawte)

A verification code is received after registration
A TXT-Record with the verification code is created
The source is _dnsauth.[domain name] or just the domain name.
For wildcard-domain the _dnsauth subdomain is not allowed
For SANs a TXT-record must be created for each zone/domain.

Comodo

A validation code, CNAME_NAME and CNAME_VALUE is received after registration
A CNAME-Record with the validation code is created
For SANs a CNAME-record must be created for each zone/domain. The domain of the CNAME_NAME must be replaced with the SAN-Domain.

File verification

A file is place on the Webserver. This is good when there is no access to the DNS. But there can be issues with the .htaccess file.

AutoinstallSSL

AutoinstallSSL works with Cpanel. The full installation is automated. It's based on file-verification and can fail if there is a .htaccess file.

SSL automation in action

Here you can see how the DNS-Verification is used in the WHMCS-Ascio-Plugin. Here is the implementation in WHMCS: WHCMS SSL Plugin source

WSDL for AWS v3
https://aws.demo.ascio.com/v3/aws.wsdl (OTE)
https://aws.ascio.com/v3/aws.wsdl (Live)
Please configure the IP-Whitelisting in the portal/demo-portal.