Filtering by: DV Certificates x clear
enhancement

CertCentral Services API: Improved Revoke order certificates and Revoke certificate endpoints

In the DigiCert Services API, we updated the Revoke order certificates and Revoke certificate endpoints, enabling you to skip the approval step when revoking a certificate.

Note: Previously, the approval step was required and could not be skipped.

We added a new optional parameter, "skip_approval": true, that allows you to skip the approval step when submitting a request to revoke one certificate or all certificates on an order.

Note: For skip approvals to work for certificate revoke requests, the API key must have admin privileges. See Authentication.

Now, on your revoke certificate and revoke order certificate requests, you can skip the approval step and immediately submit the request to DigiCert for certificate revocation.

Example request for the revoke certificate and revoke order certificates endpoints

Example revoke certificate request with skip_approval parameter

fix

Bug fix: DV certificate issuance emails did not respect certificate format settings

We fixed a bug in the DV certificate issuance process where the Your certificate for your-domain email notification did not deliver the certificate in the format specified in your account settings.

Note: Previously, we included a certificate download link in all DV certificate issued email notifications.

Now, when we issue your DV certificate order, the email delivers the certificate in the format specified in your account's Certificate Format settings.

Configure certificate format for certificate issuance emails

In the left main menu, go to Settings > Preferences. On the Division Preferences page, expand Advance Settings. In the Certificate Format section, select the certificate format: attachment, plain text, or download link. Click Save Settings.

new

Discovery now available in all CertCentral accounts

We are happy to announce that all existing CertCentral accounts now include Discovery, our newest and most robust certificate discovery tool.

Note: For those who were using Certificate Inspector, Discovery replaces our long time DigiCert tool, Certificate Inspector.

By default, Discovery includes Cloud scan and a Sensor scan trial with a 100-certificate limit.

Cloud scan

Cloud scan uses a cloud-based sensor, so there is nothing to install or manage. You can start scanning immediately to find all your public facing SSL/TLS certificates regardless of issuing Certificate Authority (CA). Cloud-scan runs once every 24 hours.

Sensor scan

Sensor scan is our most robust version of Discovery. It uses sensors to scan your network to quickly find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA). Discovery also identifies problems in certificate configurations and implementations along with certificate-related vulnerabilities or problems in your endpoint configurations.

Scans are centrally configured and managed from inside your CertCentral account. Scan results are displayed in an intuitive and interactive dashboard inside CertCentral. Configure scans to run once or multiple times on a set schedule.

  • To learn how to install a sensor and start scanning your SSL/TLS certificate landscape, see Discovery user guide.
  • To continue to use Sensor scan after the trial period is over, please contact your account manager or our Support team.
new

Discovery audit logs

Discovery has added a new feature—Discovery Audit Logs—allowing you to track Discovery-related activities in your CertCentral account. These audit logs provide insight into user activity enabling you to see areas where training may be required, reconstruct events to troubleshoot problems, detect misuse, and discover problem areas.

To make it easier to sort through the information in the Discover audit logs, we've include several filters:

  • Date range
  • Division
  • User
  • IP Address
  • Actions
    (e.g., void sensor, delete scan, etc.)

To access the Discovery Audit Log, in your CertCentral account, in the left main menu, go to Account > Audit Logs. On the Audit Logs page, click Discovery Audit Logs.

new

Discovery language support

As we work to globalize our product offerings and make our websites, platforms, and documentation more accessible, we are happy to announce that we've added language support to Discovery in CertCentral.

Now, when configuring your language preference in CertCentral, Discovery is included in the configuration.

To configure your language preference

In your account, in the top right corner, in the "your name" drop-down list, select My Profile. On the Profile Settings page, in the Language dropdown, select a language and click Save Changes.

See CertCentral language preferences.

fix

Bug fix: DV certificate orders did not honor Submit base domains for validation account setting

We fixed a bug in the DV certificate domain control validation (DCV) process where DV certificate orders did not adhere to the Submit base domains for validation account setting.

Note: For DV certificate orders, you were required to validate the domain exactly as named in the order.

Now, DV certificate orders honor the Submit base domains for validation account setting, allowing you to validate your subdomains at the base domain level on your DV certificate orders.

To view the Domain Validation Scope settings in your account, go to Settings > Preferences. On the Division preferences page, expand +Advanced Settings. The Domain Validation Scope settings are in the Domain Control Validation (DCV) section.

fix

Bug fix: DV certificate not attached to email notification

We fixed a bug in the DV certificate issuance process where we weren't attaching a copy of the DV certificate to the Your certificate for your-domain email notification. As a temporary fix to this issue, we now include a certificate download link in the DV certificate email notification.

Note: After DigiCert issues a certificate, it is immediately available in your CertCentral account.

To use the download link in the email, you must have access to the CertCentral account and have permissions to access the certificate order.

If an email recipient doesn't have access to the account or to the certificate order, you can email them a copy of the DV certificate from your CertCentral account. See our instructions for how to email a DV certificate from your CertCentral account.

enhancement

Legacy partner account upgrades to CertCentral

In the DigiCert Service API, we updated the—DigiCert order ID—to make it easier to find the corresponding DigiCert order IDs for your migrated legacy GeoTrust TLS/SSL certificate orders.

Now, you can use the GeoTrust order ID* to access the DigiCert order ID for your GeoTrust certificate orders. Additionally, when using the GeoTrust order ID, we return the most current DigiCert certificate order ID.

*Note: In the legacy partner accounts, you only have access to the GeoTrust order ID for your GeoTrust TLS/SSL certificate orders.

Background

After you migrate your active, public SSL/TLS certificate orders to your new account, we assign a unique DigiCert order ID to each migrated legacy SSL/TLS certificate order.

For more information:

fix

We fixed a DV certificate reissue bug where we weren't honoring the valid until date on the original order for certificates with more than a year remaining until they expired.

Now, when you reissue a DV certificate with more than a year remaining until it expires, the reissued certificate will retain the valid until date of the original certificate.

enhancement

In the DigiCert Services API, we improved the DV certificate request endpoints allowing you to use the new email_domain field along with the existing email field to more precisely set the desired recipients of the domain control validation (DCV) emails.

For example, when ordering a certificate for my.example.com, you can have a domain owner for the base domain (example.com) validate the subdomain. To change the email recipient for the DCV email, in your DV certificate request, add the dcv_emails parameter. Then, add the email_domain field specifying the base domain (example.com) and the email field specifying the email address of the desired DCV email recipient (admin@example.com).

Example request for a GeoTrust Standard DV Certificate

DV certificate endpoints:

enhancement

We enhanced our DV certificate offering. You can now renew your DV certificate orders, allowing you to keep the original order ID.

Previously, when a DV certificate order neared its expiration date, you had to order a new certificate for the domains on the expiring order.

Note: DV certificates don't support domain pre-validation. When you renew a DV certificate, you must demonstrate control over the domains on the renewal order.

In the DV Certificate Enrollment guide, see Renewing DV Certificates.

enhancement

We moved the CertCentral DV Certificate Enrollment guide to https://docs.digicert.com/certcentral/documentation/dv-certificate-enrollment/.

A pdf version of the guide is still available (see link at the bottom of the Introduction page).

Additionally, we updated and added instructions to cover the supported DCV methods for DV certificates in CertCentral.

  • Added new Domain Control Validation (DCV) instructions
    • Use the Email DCV method
    • Use the DNS TXT DCV method
    • Use the File DCV method
    • File DCV method common mistakes
  • Updated the order DV certificate instructions
    • Order a RapidSSL Standard DV Certificate
    • Order a RapidSSL Wildcard DV Certificate
    • Order a GeoTrust Standard DV Certificate
    • Order a GeoTrust Wildcard DV Certificate
    • Order a GeoTrust Cloud DV Certificate
  • Updated the reissue DV certificate instructions
    • Reissue a RapidSSL Standard DV Certificate
    • Reissue a RapidSSL Wildcard DV Certificate
    • Reissue a GeoTrust Standard DV Certificate
    • Reissue a GeoTrust Wildcard DV Certificate
    • Reissue a GeoTrust Cloud DV Certificate
new

We added two more Domain Control Validation (DCV) methods to the DV certificate Order and Reissue pages: DNS TXT and File.

Note: Previously (unless you are using the DigiCert Services API), you could only use the Email DCV method to prove control over the domains on your DV certificate orders.

Now, when ordering or reissuing a DV certificate, you can choose DNS TXT, File, or Email as the DCV method to complete domain validation for the order.

new

We added new Prove control over domains features to the DV certificates' Order # details page.

Previously, you were unable to take any actions to complete your domain validation on the DV certificates' Order # details page.

Now, you can take more actions to complete the domain validation for the order:

  • Use the DNS TXT, Email, and File DCV methods
  • Resend/send the DCV Emails and choose which email address to send it to
  • Verify your domain's DNS TXT record
  • Verify your domain's fileauth.txt file
  • Choose a different DCV method than the one selected when ordering the certificate

(In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number.)

enhancement

We enhanced the Certificate Details section of the DV certificates' Order # details page adding additional DV certificate information: Serial Number and Thumbprint.

Note: This enhancement is not retroactive. This new information only appears for orders placed after 17:00 UTC time January 15, 2019.

(In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number.)

enhancement

We enhanced the Get order details endpoint enabling the DV certificate's thumbprint and serial number to be returned in the response.

{
"id": "12345",
"certificate":{
"id":123456,
"thumbprint":"{{thumbprint}}",
"serial_number":"{{serial_number}}
...
}

Note: This enhancement is not retroactive. The thumbprint and serial number are only returned for orders placed after 17:00 UTC time January 15, 2019.

For more information, see the Get order details endpoint in the DigiCert Services CertCentral API documentation.

enhancement

We enhanced our RapidSSL DV certificate offerings enabling you to include a second, very specific domain, in these single domain certificates.

  • RapidSSL Standard DV
    By default now, when ordering a RapidSSL Standard DV Certificate, you get both versions of the common name in the certificate – [your-domain].com and www.[your-domain].com.
    After entering the common name, make sure the Include both www.[your-domain].com and [your-domain].com in the certificate box is checked.
    Previously, you had to order separate certificates for [your-domain].com and www.[your-domain].com.
  • RapidSSL Wildcard DV
    By default now, when ordering a RapidSSL Wildcard DV Certificate, you get the wildcard domain and the base domain in the certificate – *.[your-domain].com and [your-domain].com.
    After entering the common name, make sure the Include both *.[your-domain].com and [your-domain].com in the certificate box is checked.
    Previously, you had to order separate certificates for *.[your-domain].com and [your-domain].com.

See the CertCentral: DV Certificate Enrollment Guide.

enhancement

We enhanced the RapidSSL certificate endpoints to include the dns_names parameter, enabling you to include a second, very specific domain, in these single domain certificates.

  • RapidSSL Standard DV
    When ordering a RapidSSL Standard DV Certificate, you may include both version of your domain in the certificate — [your-domain].com and www.[your-domain].com.
    "common_name": "[your-domain].com",
    "dns_names": ["www.[your-domain].com"],

    Previously, you had to order separate certificates for [your-domain].com and www.[your-domain].com.
  • RapidSSL Wildcard DV
    When ordering a RapidSSL Wildcard DV Certificate, you may include the base domain in the certificate — *.[your-domain].com and [your-domain].com).
    "common_name": "*.your-domain.com",
    "dns_names": ["[your-domain].com"],

    Previously, you had to order separate certificates for *.[your-domain].com and [your-domain].com.

For DigiCert Services API documentation, see CertCentral API.

new

Individual Document Signing certificates are available in CertCentral:

  • Document Signing – Individual (500)
  • Document Signing – Individual (2000)

To activate Individual Document Signing certificates for your CertCentral account, contact your Sales representative.

Previously, only Organization Document Signing certificates were available.

  • Document Signing – Organization (2000)
  • Document Signing – Organization (5000)

To learn more about these certificates, see Document Signing Certificate.

enhancement

We enhanced the Orders Report feature on the Orders page (in the sidebar menu, click Certificates > Orders). Now when you run a report (click Orders Report), it will include your DV SSL certificate orders.

new

RapidSSL and GeoTrust DV certificates are available in CertCentral:

  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • GeoTrust Standard DV
  • GeoTrust Wildcard DV

Documentation