Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

REST API documentation Certificate Order Manager


Hello guys,

I am in the progress of automating my certificate deployment on big ip. Because I am a customer at Sectigo (Comodo) I am using the new Certificate Order Manager feature (new since 15.0). Ofcourse, because I'm automating things, I started to learn how to talk to REST API's and so far I'm enjoying it but I feel the documentation is not what it should be.... Or that I might be missing something...

In this specific instance I generated a crypto key and csr and I found the "certOrderManager" property fairly quickly although it is not documented on It was a shot in the dark, but it worked.

However, after generating the CSR I need to tell the big-ip to request the certificate from Sectigo. it took me a few hours to finally find a solution on how to change its status to "New" so my big-ip does a call to Sectigo and requests the certificate.

All I had to do was send this piece of code to /mgmt/tm/sys/crypto/key/~resource id:

   "certOrderManager": {
       "My-Cert-Order-Manager-Profile": {
           "order-type": "new"

I tried this code because after searching for hours I decided to dig in the tmsh help (just on the box using ?) and just try until I found it.

Now my question: how do you find all the properties you need to configure? Are you supposed to do some guessing based on tmsh commands or am I missing a very important resource? For instance when I did a GET for this CertOrderManager I was only returned statistics, no properties like "order-type".



Did you ever got this to work? I can create and revoke certificates through Sectigo. The renew function doesn't work. Is this working for you?

Hi Mathieu, yes I got it to work.


I however didn't trust the auto renew function (mostly due to the 5 certificates per 1 minute limitation of Sectigo and the fact that I have +/- 1500 certificates expiring on the same date) so I created a script to renew them before they expire. I have 20 less important certificates expiring by the end of november, they will be my test case for the renew function....


What specific issue do you have?


After manually selecting Renew I get an error which says "Wrong method or empty parameter supplied". Is it possible to send me a screenshot of your configuration in the Certificate Order Manager List?

My email address is

You are correct, I'm seeing the same issue. Likely a bug:


Order Status   Auto Renew Order Rejected


code   -14.0

description   Wrong method or empty parameter supplied