This API is used for checking the status of requested certificates and also downloading the signed certificate once it is issued. The certificate can be downloaded in a number of formats, and can include or exclude all of the certificates in the issuing chain.
Aggressive polling of CollectSSL is discouraged. Any single certificate should not be polled for status more frequently than every 30-60 minutes.
Should you require more rapid updates when certificates are issued, then you can implement an endpoint for the push notification system (detailed below, under ‘High Volume Certificate Issuance’), which will allow Sectigo to push the complete signed certificate and chain to your system as soon as it is signed.
CollectSSL can provide the signed certificate, and the issuing CA(s) in several formats. Additional formatting can always be done with existing x.509 tools and libraries, such as OpenSSL.
CollectSSL (and the push notification system) will always provide the correct certificate issuing chain with any given certificate. It is best not to assume that issuing CA(s) (intermediates) will remain the same for long periods of time – even for the same product. Issuing CAs are cycled as a matter of course and best practice, and using the incorrect CA on a server installation can cause errors for browsers and users.