CA Gateway 3.6 - Docker Deployment Guide [PDF][Releases]

The following endpoint supports domain-related actions.

https://{host}:{port}/{server.servlet.context-path}/v1/certificate-authorities/{caId}/domains/{domain}/actions

See the table below for a description of each field.

Field	Value
{host}	The hostname or IP address of the CA Gateway host server
{port}	The port of the CA Gateway service
{server.servlet.context-path}	The value of the servlet.context-path parameter
{caId}	The certificate authority identifier
{domain}	The domain identifier

For example:

{
 "action": {
 "properties": {
 "tagLocation": "store.example.com,example.com"
    },
 "type": "ReverifyDomainAction",
 "verificationMethod": "dns"
  }
}

See below for a description of each parameter.

action.properties.tagLocation

The location of the domain validation control number.

When providing multiple values, separate them with commas.

See below for sample values when verificationMethod is dns.

Value	Validated FQDN
`a.b.c.example.com,b.c.example.com,c.example.com,example.com`	`a.b.c.example.com`
`store.example.com,example.com`	`store.example.com`
`example.com`	`example.com`

See below for sample values when verificationMethod is webServer.

Value	Requested domains
`https://example.com/.well-known/pki-validation/gsdv.txt`	`*.example.com` `example.com`
`https://example.com/.well-known/pki-validation/gsdv.txt,https://sub.example.com/.well-known/pki-validation/gsdv.txt`	`*.sub.example.com` `sub.example.com`
`https://example.com/.well-known/pki-validation/gsdv.txt,https://www.example.com/.well-known/pki-validation/gsdv.txt`	`*.www.example.com` `sub.example.com`

Mandatory: Yes.

action.type

The type of action requested to the endpoint.

Endpoint	Value	Action
CA actions	RenewAction	Renew a certificate
CA actions	RevokeAction	Permanently invalidate a certificate
CA domain actions	ReverifyDomainAction	Reverify a previously validated domain because the prior validation expired, failed, or must be refreshed to meet CA/Browser Forum or GlobalSign requirements.

Mandatory: Yes.

action.verificationMethod

The identifier of the domain verification method.

Identifier	Verification method
dns	DNS‑based domain verification, GlobalSign requires a unique Domain Validation Code (DVC) in a DNS TXT record to confirm domain control.
webServer	HTTP‑based verification, also called file‑based domain verification. GlobalSign requires a Domain Validation Code (DVC) on the web server to confirm domain control.

Mandatory: Yes.