BILLmanager 6
Documentation
/
BILLmanager 6
/
Products/Services Sales Settings
/
SSL certificates
/
Integration with certification authorities
/
GlobalSign
en En
es Es
Add to Favorites
Focus mode
Documentation
/
BILLmanager 6
/
Products/Services Sales Settings
/
SSL certificates
/
Integration with certification authorities
/
GlobalSign

GlobalSign

Integration settings

Integration is configured in the process of creating a service processing module in BILLmanager.

To create a service processing module, enter IntegrationProcessing modules → click Add. The processing module adding wizard consists of the following steps:

  1. Product type: select "SSL certificates".
  2. Processing module: select "GlobalSign".
  3. Configuring integration. Specify the data for integration:
    1. Username — user in GlobalSign system.
    2. Password — access password to system API.
    3. Demo — you can use demo access to test ordering.
    4. IP address — IP address to be used to send API requests.
  4. Parameters of the service processing module. Configure internal (within BILLmanager) parameters of the service processing module:
    1. Name — specify the name of the processing module to be displayed in the BILLmanager interface.
    2. Department — select the department to which tasks from the processing module will be assigned;
    3. Sort — specify the processing module’s priority. If more than one processing module is connected to a tariff plan, the processing module with the lowest priority is selected first when creating the service.
    4. Processing module minimal balance — specify the minimum amount on the personal account in the system to purchase services. For more information, see Processing Module Balance.

Check connection

On the last step of the Setup Wizard, BILLmanager tries to connect to the Certification Authority with the specified parameters. If the operation failed with the error  message: "Cannot connect to the processing module", perform the following steps: 

  • make sure the connection parameters are correct; 
  • check that the URL-address of the Certification Authority is accessible from the server with BILLmanager;
  • make sure that  API calls can be executed from the BILLmanager IP address in the Certification Authority Client area.

Account balance 

The module can send the current account balance from the Certification Authority side. A BILLmanager administrator can see the current balance information on the billing platform Dashboard.

Additional UC SANs domains

GlobalSign's Multi-Domain SSL Certificates utilize alternate name (SAN) fields to protect up to 100 different domain names, subdomains, and public IP addresses. Only one such certificate and one IP address are required. GlobalSign includes SAN OWA, Mail and Autodiscover for free in all of its SSL certificates.

The module supports WWW, OWA, Mail and Autodiscover subdomains in the order. To include subdomains in your SSL certificate order, include an addon with the "Additional domains" type to the tariff content.

To configure support for UC SANs subdomains:

  1. Enter ProductsTariff plans → select a tariff plan → press Config.
  2. Click Add.
  3. Fill in the resource creation form. In the Type field, select "Additional UC SANs domains".
  4. Click Ok.

Example:

When ordering an SSL Certificate for a domain example.com with subdomains www.example.com and test.example.com :

  • the subdomain www.example.com will be considered in the "Additional UC SANs Domains" and its cost will be calculated at the price of this addon;
  • the subdomain test.example.com will be considered in "Additional Domains" and its cost will be calculated at the price of this addon.

SSL certificate validity periods

Starting from 2026 new rules of the CA/Browser Forum organization come into effect, limiting the maximum validity period of SSL certificates. This is done to enhance security. The  platform is adapted to work with these changes.

Start date of changes

Maximum certificate validity period

Validation Reuse period

March 15, 2026.

200 days

  • DV — 200 days;
  • OV/EV (SII) — 398 days.

March 15, 2027.

100 days

DV — 100 days.

March 15, 2029.

47 days

DV — 10 days.

Where:

  • DV — domain validation (Domain Validation);
  • OV — organization validation (Organization Validation);
  • EV — extended validation (Extended Validation);
  • SII — subject information(Subject Identity Information).

Subscribing to SSL certificates

Due to the reduction of certificate validity periods, certificate authorities offer an SSL subscription model. This allows purchasing a certificate for a long period (for example, for 1–5 years), while the technical certificate will be reissued automatically in accordance with the new rules (every 200, 100, or 47 days).

With a multi-year subscription, you pay for the certificate several years in advance and reissue it annually. In the client area, two different dates are displayed for such a certificate:

  • Expiration date — the expiration date of the current certificate (according to CA/Browser Forum rules);
  • Paid until — the expiration date of the paid subscription period.

For example, your client orders and pays for an SSL certificate April 02, 2026. for 5 years. After successful processing, two fields are displayed for this certificate in the client area: Expiration date and Paid until. The field Expiration date will show the date October 19, 2026 — the date until which the current certificate is valid. The field Paid until will show the date April 02, 2031. — the expiration date of the paid period. Each year during this period, platform will automatically perform an action according to the settings:

  • send a notification about the need for reissue;
  • reissue the certificate for the next year.

If the certificate is purchased for one year, the field Paid until remains empty.

Setting up a reissue policy

You can configure the SSL certificate reissuance policy:

  • via the platform interface. In the main menu, go to ProductsProduct typesSSL certificate → button Edit → block Subscription:
    • Expired certificate processing policy — select one of the options:
      • Automatic certificate reissue  — default value;
      • Certificate expiration notification — a notification is sent to the client about the expiration of the current certificate. To set the notification template, in the main menu go to the section SettingsMessage templates;
    • Period to start working with expiring certificate — specify how many days before the certificate expiration the policy should be triggered. Default value — 10, maximum value 200.
  • using the configuration file /usr/local/mgr5/etc/billmgr.conf. Use the options:

    • Option SSLSubscriptionPolicy — specify to configure the certificate processing policy within the subscription. Values:

      • auto — certificate reissuance is triggered automatically. Default value;
      • manual — a notification is sent to the client about the expiration of the current certificate. To set the notification template, in the main menu go to the section SettingsMessage templates;
      • none — no actions are performed;
    • Option SSLSubscriptionBefore — the value determines how many days before the certificate expiration the Option SSLSubscriptionPolicy policy should be triggered. Default value — 10, maximum value 200.

Logging

The log of the billing platform's interaction with GlobalSign is written to the /usr/local/mgr5/var/pmglobalsign.log file.

To configure the extended display of information in the log, add the line "pmglobalsign.* 9" to the /usr/local/mgr5/etc/debug.conf file.