Ispmanager (SSL)

Configuring integration

Integration is configured in the process of creating a service processing module in BILLmanager.

To create a service processing module, enter Integration → Processing modules → click Add. The processing module adding wizard consists of the following steps:

Product type: select "SSL Certificates".
Processing module: select "Ispmanager (SSL)".
Configuring integration. Specify the data for integration:
1. URL ispmanager — specify the address of Ispmanager billing in which you have a client:
  - https://api.ispmanager.com/billmgr for Ispmanager.ru;
  - https://api-eu.ispmanager.com/billmgr for Ispmanager.com.
2. User name — specify the user name in Ispmanager billing, under which the integration will be configured.
3. Password — specify the user password in Ispmanager billing.
Parameters of the service processing module. Configure internal (within BILLmanager) parameters of the service processing module:
1. Data center — select the data center in BILLmanager to which the processing module will be connected.
2. Name — specify the name of the processing module to be displayed in the BILLmanager interface.
3. Department — select the department to which tasks from the processing module will be assigned;
4. Sort — specify the processing module’s priority. If more than one processing module is connected to a tariff plan, the processing module with the lowest priority is selected first when creating the service.
5. Processing module minimal balance — specify the minimum amount on the personal account in the Ispmanager billing system to purchase services. For more information, see Processing Module Balance.

Connection check

On the last step of adding a processing module, BILLmanager attempts to connect to the certificate authority with the specified credentials.

If the connection ended with an error: "Failed to establish a connection to the processing module", make sure that:

the connection details are correct;
The URL address of the certificate authority is available from the server where BILLmanager is installed.

SSL certificate validity periods

Starting from 2026 new rules of the CA/Browser Forum organization come into effect, limiting the maximum validity period of SSL certificates. This is done to enhance security. The platform is adapted to work with these changes.

Start date of changes	Maximum certificate validity period	Validation Reuse period
March 15, 2026.	200 days	DV — 200 days; OV/EV (SII) — 398 days.
March 15, 2027.	100 days	DV — 100 days.
March 15, 2029.	47 days	DV — 10 days.

Where:

DV — domain validation (Domain Validation);
OV — organization validation (Organization Validation);
EV — extended validation (Extended Validation);
SII — subject information(Subject Identity Information).

Subscribing to SSL certificates

Due to the reduction of certificate validity periods, certificate authorities offer an SSL subscription model. This allows purchasing a certificate for a long period (for example, for 1–5 years), while the technical certificate will be reissued automatically in accordance with the new rules (every 200, 100, or 47 days).

With a multi-year subscription, you pay for the certificate several years in advance and reissue it annually. In the client area, two different dates are displayed for such a certificate:

Expiration date — the expiration date of the current certificate (according to CA/Browser Forum rules);
Paid until — the expiration date of the paid subscription period.

For example, your client orders and pays for an SSL certificate April 02, 2026. for 5 years. After successful processing, two fields are displayed for this certificate in the client area: Expiration date and Paid until. The field Expiration date will show the date October 19, 2026 — the date until which the current certificate is valid. The field Paid until will show the date April 02, 2031. — the expiration date of the paid period. Each year during this period, platform will automatically perform an action according to the settings:

send a notification about the need for reissue;
reissue the certificate for the next year.

If the certificate is purchased for one year, the field Paid until remains empty.

Setting up a reissue policy

You can configure the SSL certificate reissuance policy:

via the platform interface. In the main menu, go to Products → Product types → SSL certificate → button Edit → block Subscription:
- Expired certificate processing policy — select one of the options:
  - Automatic certificate reissue — default value;
  - Certificate expiration notification — a notification is sent to the client about the expiration of the current certificate. To set the notification template, in the main menu go to the section Settings → Message templates;
- Period to start working with expiring certificate — specify how many days before the certificate expiration the policy should be triggered. Default value — 10, maximum value 200.
using the configuration file /usr/local/mgr5/etc/billmgr.conf. Use the options:

- Option SSLSubscriptionPolicy — specify to configure the certificate processing policy within the subscription. Values:
  - auto — certificate reissuance is triggered automatically. Default value;
  - manual — a notification is sent to the client about the expiration of the current certificate. To set the notification template, in the main menu go to the section Settings → Message templates;
  - none — no actions are performed;
- Option SSLSubscriptionBefore — the value determines how many days before the certificate expiration the Option SSLSubscriptionPolicy policy should be triggered. Default value — 10, maximum value 200.

Logging

The log of interaction between the billing platform and Ispmanager (SSL) is written to the /usr/local/mgr5/var/pmispmgrssl.log file.