April 20, 2021
DigiCert Smart Seal now available with Secure Site Pro and Secure Site TLS/SSL certificates
We are happy to announce the release of our new site seal, the DigiCert Smart Seal. The new Smart Seal works with your Secure Site Pro and Secure Site TLS certificates to provide your customers with the assurance that your website is secured by DigiCert—one of the most recognized names in TLS/SSL security.
To make the Smart Seal more interactive and engaging, we added a hover-over effect, animation, and the ability to display your company logo in the hover-over effect and animation feature.
- Hover-over effect
When visitors hover on the seal, it magnifies and displays additional data. - Animation
When visitors come to your site, the seal slowly evolves between the seal and the additional details. - Logo*
Add your logo to the hover-over effect and the site seal animation. Your logo appears with additional details.
*DigiCert must approve your logo before it appears in the Smart Seal on your website.
Note: You must install the new site seal code on your website to use the Smart Seal image, the hover-over effect, the animation, and add your logo to the site seal.
Improved site seal information page
Secure Site and Secure Site Pro certificates allow you to add information to the site seal information page. This additional information enables site visitors to see the steps you are taking to ensure your website is secure.
- Malware scan
Site visitors can see that you monitor your website for viruses and malware. - CT log monitoring*
Site visitors can see that you monitor the certificate transparency (CT) logs, allowing you to act quickly if a bad actor issues a fraudulent certificate for your domain - Blocklist
Site visitors can see your business is clear from government and country-specific blocklists. - PCI compliance scan*
Site visitors can see that you monitor your website to ensure it is compliant with PCI DDS Standards. - Verified customer
Site visitors can see how long you've been using one of the most trusted names in TLS/SSL certificates to protect your websites.
*Note: CT log monitoring is only available with Secure Site Pro certificates. PCI compliance scan is only available with Secure Site Pro and Secure Site EV certificates.
Learn how to configure and install your Smart Seal and site seal information page
March 17, 2021
CertCentral: New purchase order and invoice system
We are happy to announce that we are using a new purchase order and invoice system in CertCentral. We've made several changes to make it easier for you to manage your purchase orders and invoices.
The next time you sign in to CertCentral, you will see two new menu options under Finances: Pay Invoice and Purchase Orders and Invoices. Additionally, we now send all invoice emails from our new invoice system.
Pay invoices page
When you open the Pay invoice page, all invoices are preselected by default. You can choose to pay them all or select those you want to pay.
Note: If you use divisions with separate funds, when you open the Pay invoice page, all invoices for the top-level division are selected by default. Use the For dropdown to view the unpaid invoices by division in your account.
Purchase orders and invoices page
On the new Purchase orders and invoices page, you can create a purchase order (PO). In the Purchaseorders table, you can view pending and rejected POs. After we approve a PO, it becomes an invoice and moves to the Invoices table.
Note: If you use divisions with separate funds, you see the Purchase order and invoice summary page. When you click a division name, it opens the Purchase order and invoices page, where you can view the POs and invoices for that division.
In the Invoices column of the Invoices table, you can see the invoice number and the PO from which we generated it. You can download a copy of the invoice or pay the invoice. When you click Pay invoice, we take you to the Pay invoice page to pay the invoice and make the funds available in your account.
Existing PO and Invoice migration
- Autogenerated invoices
When we migrated our billing system, we did not migrate your autogenerated invoices. At the end of March, we will autogenerate a new invoice for your total amount owed. However, you can make a payment on your account at any time on the Deposit Funds page (in the left main menu, go to Finances > Deposit Funds). - Invoices generated from approved purchase orders
When we migrated your invoices to the new system, we gave them new invoice numbers. However, the associated purchase order number remains the same. If you have questions or trouble finding an invoice, please contact your account manager or DigiCert Accounts Receivable. Make sure to include your PO number and the original invoice number in the email.
CertCentral Services API: View balance enhancements
To help you track financial data in your API integrations, we updated the View balance endpoint to return the following data:
unpaid_invoice_balance
Unpaid invoice balancenegative_balance_limit
Amount the balance can go into the negativeused_credit_from_other_containers
Amount owed by other divisions in the account (for accounts with separate division funds enabled)total_available_funds
Total funds available for future purchases
Example response:
For more information, see the documentation for the View balance endpoint.
March 12, 2021
CertCentral Services API: Auto-reissue support for Multi-year Plans
We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.
You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.
Enable auto-reissue for a new order
To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.
By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.
Example request body:
Note: In new order requests, we ignore the auto_reissue parameter if:
- The product does not support Multi-year Plans.
- Multi-year Plans are disabled for the account.
Update auto-reissue setting for existing orders
To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.
Get auto-reissue setting for an existing order
To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.
ICA certificate chain selection for public DV flex certificates
We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:
- GeoTrust DV SSL
- Thawte SSL 123 DV
- RapidSSL Standard DV
- RapidSSL Wildcard DV
- Encryption Everywhere DV
You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.
This feature allows you to:
- Set the default ICA certificate chain for each supported public DV certificate.
- Control which ICA certificate chains certificate requestors can use to issue their DV certificate.
Configure ICA certificate chain selection
To enable ICA selection for your account:
- Contact your account manager or our Support team.
- Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
- On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.
For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.
DigiCert Services API: DV certificate support for ICA certificate chain selection
In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:
- Updated the Product list endpoint
After adding the ICA certificate selection chain feature to your account, the Product list endpoint returns each ICA certificate's name and ID available to issue end-entity certificates for the supported DV products (see allowed_ca_certs). - Updated the Product limits endpoint
After you configure the allowed and default ICA certificates for a DV product, the Product limits endpoint returns the default issuing ICA (default_intermediate) and allowed issuing ICAs (allowed_intermediates) that certificate requestor with a given container and user role assignment can select. - Updated the Product info endpoint
The Product list endpoint now returns the name, ID, and certificate chain information for the issuing ICAs you can select when you request a given product (see allowed_ca_certs). - Added support for ICA chain selection to these DV certificate order requests:
Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.
Example DV certificate request:
For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.
January 25, 2021
CertCentral Services API: Improved Domain emails endpoint
To make it easier to find the DNS TXT email addresses that receive validation emails from DigiCert for email-based domain control validation (DCV), we added a new response parameter to the Domain emails endpoint: dns_txt_emails.
The dns_txt_emails parameter returns a list of email addresses found in the DNS TXT record for the domain. These are the email addresses we find in the DNS TXT record on the _validation-contactemail subdomain of the domain being validated.
Example response with new parameter:
To learn more about the newly supported email to DNS TXT contact DCV method:
For information about validating the domains on DV certificate orders:
For information about validating the domains on OV/EV certificate orders:
January 13, 2021
CertCentral: Email to DNS TXT contact DCV method
We are happy to announce that DigiCert now supports sending an email to a DNS TXT contact for email-based domain control validation (DCV). This means you can add email addresses to the DNS TXT record for your domain. DigiCert automatically searches the DNS TXT records and sends the DCV email to those addresses. An email recipient needs to follow the instructions in the email to demonstrate control over the domain.
Note: Previously, DigiCert only sent DCV emails to WHOIS-based and constructed email addresses.
Industry changes
Contact information is becoming increasingly inaccessible in WHOIS records due to privacy policies and other constraints. With the passing of Ballot SC13, the Certificate Authority/Browser (CA/B) forum added Email to DNS TXT contact to the list of supported DCV methods.
DNS TXT record email contacts
To use email to Email to DNS TXT contact DCV method, you must place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate. DigiCert automatically searches WHOIS and DNS TXT records and sends the DCV email to the addresses found in those records.
_validation-contactemail.example.com | Default | validatedomain@digicerttest.com
The RDATA value of this text record must be a valid email address. See section B.2.1 DNS TXT Record Email Contact in the Appendix of the baseline requirements.
For more information about Ballot SC13, the CA/Browser forum, and the email to DNS TXT contact DCV method:
December 3, 2020
CertCentral Orders page: Improved load times
In CertCentral, we updated the Orders page to improve load times for those managing high volumes of certificate orders. The next time you visit the Orders page, it will open much quicker (in the left main menu go to Certificates > Orders).
To improve load times, we changed the way we filter your certificate orders upon initial page view. Previously, we filtered the page to show only Active certificate orders. However, this was problematic for those with high volumes of certificate orders. The more orders you have in your account, the longer the Orders page took to open.
Now, when you visit the page, we return all your certificates, unfiltered, in descending order with the most recently created certificate orders appearing first in the list. To see only your active certificates, in the Status dropdown, select Active and click Go.
CertCentral Services API: Purchase units for subaccounts and view unit orders
In the CertCentral Services API, we've added new endpoints for purchasing units and viewing unit orders. Now, if you manage subaccounts that use units as the payment method for certificate requests, you can use the Services API to buy more units for a subaccount and to get information about your unit order history.
For more information, see the reference documentation for the new endpoints:
November 2, 2020
DigiCert replacing multiple intermediate CA certificates
On November 2, 2020, DigiCert is replacing another set of intermediate CA certificates (ICAs). For a list of the ICA certificates being replaced, see our DigiCert ICA Update KB article.
How does this affect me?
Rolling out new ICAs does not affect existing certificates. We don't remove an old ICA from certificate stores until all the certificates issued from it have expired. This means active certificates issued from the replaced ICA will continue to be trusted.
However, it will affect existing certificates if you reissue them as they will be issued from the new ICA. We advise you to always include the provided ICA with every certificate you install. This has always been the recommended best practice to ensure ICA replacements go unnoticed.
No action is required unless you do any of the following:
- Pin the old versions of the intermediate CA certificates
- Hard code the acceptance of the old versions of the intermediate CA certificates
- Operate a trust store that includes the old versions of the intermediate CA certificates
If you do any of the above, we recommend updating your environment as soon as possible. Stop pinning and hard coding ICAs or make the necessary changes to ensure certificates issued from the new ICAs are trusted (in other words, can chain up to their updated ICA and trusted root).
Intermediate CA certificate replacements
Make sure to monitor the pages listed below. These are active pages and are updated regularly with ICA certificate replacement information and copies of the new DigiCert intermediate CA certificates.
Why is DigiCert replacing intermediate CA certificates?
We are replacing ICAs to:
- Promote customer agility with ICA replacement
- Reduce the scope of certificate issuance from any given ICA to mitigate the impact of changes in industry standards and CA/Browser Forum guidelines to intermediate and end-entity certificates
- Improve the security of the Internet by ensuring all ICAs operate using the latest improvements
If you have questions or concerns, please contact your account manager or our support team.
October 13, 2020
ICA certificate chain selection for public OV and EV flex certificates
We are happy to announce that public OV and EV certificates with flex capabilities now support Intermediate CA certificate chain selection.
You can add an option to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues your public OV and EV "flex" certificates.
This option allows you to:
- Set the default ICA certificate chain for each public OV and EV flex certificate.
- Control which ICA certificate chains certificate requestors can use to issue their flex certificate.
Configure ICA certificate chain selection
To enable ICA selection for your account, contact your account manager or our Support team. Then, in your CertCentral account, on the Product Settings page (in the left main menu, go to Settings > Product Settings), configure the default and allowed intermediates for each type of OV and EV flex certificate.
For more information and step-by-step instructions, see ICA certificate chain option for public OV and EV flex certificates.
DigiCert Services API support for ICA certificate chain selection
In the DigiCert Services API, we made the following updates to support ICA selection in your API integrations:
- Created new Product limits endpoint
Use this endpoint to get information about the limits and settings for the products enabled for each division in your account. This includes ID values for each product's default and allowed ICA certificate chains. - Added support for ICA selection to public TLS OV and EV flex certificate order requests
After you configure allowed intermediates for a product, you can select the ICA certificate chain that should issue your certificate when you use the API to submit an order request.
Pass in the ID of the issuing ICA certificate as the value for theca_cert_idparameter in the body of your order request
Example flex certificate request:
For more information about using ICA selection in your API integrations, see OV/EV certificate lifecycle – (Optional) ICA selection.
October 6, 2020
CertCentral: Add emergency contacts for your account
We are happy to announce we added a new emergency contact option to CertCentral. These email addresses receive all emergency communications, such as urgent security concerns, required certificate revocations, and changes to industry guidelines.
By default, CertCentral sends emergency notifications to the organization contact for the primary organization on your account. Until you update your emergency contacts, we also send these notifications to the email addresses assigned to receive all account notifications.
We recommend verifying and updating the emergency contacts for your account. It should only take a few minutes.
To verify and update the emergency contacts for your account:
- Sign in to your CertCentral account.
- In the left main menu, go to Settings > Notifications.
- On the Notifications page, in the Send all emergency notifications to box, enter the email addresses you want to receive all emergency communications.
- When you are finished, check Verify emergency contacts.
August 21, 2020
Discovery: Delete all certificates and endpoints from scan results
We added a new Delete all certificates and endpoints option that enables you to delete certificate and endpoint information from your Discovery scan records in your CertCentral account.
To Delete all certificates and endpoints from scan results:
- In your CertCentral account, go to Discovery > Manage Discovery.
- On the Manage scans page, in the More actions dropdown, click Delete all certificates and endpoints.
- In the Delete all certificates and endpoints window, click Delete.
Permanently delete certificates and endpoint records
To permanently delete certificate and endpoint information from your scan results, you also need to remove the associated FQDNs and IP addresses from you scans. See Edit a scan.
April 28, 2020
Account setting for certificate lifecycle email language preference
We've added an account language setting for the certificate lifecycle emails sent from CertCentral. Now, on the Notifications page, you can set the language preference for the certificate lifecycle emails for the entire account.
Currently, we support these 11 languages for certificate lifecycle specific emails:
- English
- Chinese (Simplified)
- Chinese (Traditional)
- French
- German
- Italian
- Japanese
- Korean
- Portuguese
- Russian
- Spanish
How does certificate lifecycle email language support work?
When you go to the Notifications page in CertCentral, use the Email Language dropdown to set the certificate lifecycle email language for the entire account.
For example, if you set the email language to Italian, all certificate lifecycle emails will be in Italian regardless of the individual account language setting.
Note: The Email Language option only changes the language used in the certificate lifecycle emails. It does not change the language used in an individual account. On the Profile Settings page, use the Language dropdown to set the language for your account. See CertCentral language preferences.
Where are these certificate life cycle settings?
To access the Certificate Lifecycle email defaults settings, in the left main menu, go to Settings > Notifications. To learn more, see Configure certificate lifecycle email settings.
New certificate lifecycle email setting
We added another notification setting to the Certificate lifecycle email settings—Send organization approval emails to the user placing order. This setting allows you to control if the organization approval email is sent to the certificate requestor.
What is the organization approval email?
When the requestor is an admin or organization contact, we send them an email letting them know DigiCert has validated the organization, and they can now issue certificates for it.
Note: This new setting only applies to orders where a new, yet to be validated organization is included in the request.
Where are these certificate life cycle settings?
To access the Certificate Lifecycle email defaults settings, in the left main menu, go to Settings > Notifications. To learn more, see Configure certificate lifecycle email recipients.
April 23, 2020
Discovery now available in all CertCentral accounts
We are happy to announce that all existing CertCentral accounts now include Discovery, our newest and most robust certificate discovery tool.
Note: For those who were using Certificate Inspector, Discovery replaces our long time DigiCert tool, Certificate Inspector.
By default, Discovery includes Cloud scan and a Sensor scan trial with a 100-certificate limit.
Cloud scan
Cloud scan uses a cloud-based sensor, so there is nothing to install or manage. You can start scanning immediately to find all your public facing SSL/TLS certificates regardless of issuing Certificate Authority (CA). Cloud-scan runs once every 24 hours.
- To learn more, see Discovery Cloud-scan service.
- To run your first cloud scan, in the left main menu, go to Discovery > Manage Discovery. On the Manage scans page, click Single cloud scan.
Sensor scan
Sensor scan is our most robust version of Discovery. It uses sensors to scan your network to quickly find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA). Discovery also identifies problems in certificate configurations and implementations along with certificate-related vulnerabilities or problems in your endpoint configurations.
Scans are centrally configured and managed from inside your CertCentral account. Scan results are displayed in an intuitive and interactive dashboard inside CertCentral. Configure scans to run once or multiple times on a set schedule.
- To learn how to install a sensor and start scanning your SSL/TLS certificate landscape, see Discovery user guide.
- To continue to use Sensor scan after the trial period is over, please contact your account manager or our Support team.
Discovery audit logs
Discovery has added a new feature—Discovery Audit Logs—allowing you to track Discovery-related activities in your CertCentral account. These audit logs provide insight into user activity enabling you to see areas where training may be required, reconstruct events to troubleshoot problems, detect misuse, and discover problem areas.
To make it easier to sort through the information in the Discover audit logs, we've include several filters:
- Date range
- Division
- User
- IP Address
- Actions
(e.g., void sensor, delete scan, etc.)
To access the Discovery Audit Log, in your CertCentral account, in the left main menu, go to Account > Audit Logs. On the Audit Logs page, click Discovery Audit Logs.
Discovery language support
As we work to globalize our product offerings and make our websites, platforms, and documentation more accessible, we are happy to announce that we've added language support to Discovery in CertCentral.
Now, when configuring your language preference in CertCentral, Discovery is included in the configuration.
To configure your language preference
In your account, in the top right corner, in the "your name" drop-down list, select My Profile. On the Profile Settings page, in the Language dropdown, select a language and click Save Changes.
Bug fix: DV certificate orders did not honor Submit base domains for validation account setting
We fixed a bug in the DV certificate domain control validation (DCV) process where DV certificate orders did not adhere to the Submit base domains for validation account setting.
Note: For DV certificate orders, you were required to validate the domain exactly as named in the order.
Now, DV certificate orders honor the Submit base domains for validation account setting, allowing you to validate your subdomains at the base domain level on your DV certificate orders.
To view the Domain Validation Scope settings in your account, go to Settings > Preferences. On the Division preferences page, expand +Advanced Settings. The Domain Validation Scope settings are in the Domain Control Validation (DCV) section.
September 25, 2019
We added two new statuses to the Organizations and Organization details pages: validation expires soon, and validation expired. These new statuses make it easier to proactively track your organization validations and make sure they stay up to date.
Now, when you visit the Organizations page (in the sidebar menu click Certificates > Organizations), you can quickly identify organizations with validation that is expiring soon or has already expired. For more details about the expiring or expired organization validation, click the organization name.
We fixed a bug where some accounts were unable to submit organizations for EV CS – Code Signing Organization Extended Validation. The affected accounts only contained EV Code Signing and Code Signing products.
As part of the fix, we split up the EV and EV CS verified contact options. Now, when submitting an organization for EV CS – Code Signing Organization Extended Validation, you can submit the organization's verified contact for EV CS order approvals only. Similarly, when submitting an organization for EV – Extended Organization Validation (EV), you can submit the organization's verified contact for EV SSL certificate order approvals only.
Note: For EV code signing certificate orders, organizations and the organization's verified contacts need to be pre-validated. For more information about organization pre-validation, see our Submit an organization for pre-validation instructions.
August 13, 2019
We fixed a bug where some account admins were unable to view or edit the details of their CertCentral user accounts. Now, all account admins can once again view and edit user account details (email address, role, etc.).
DigiCert is happy to announce that DigiCert Accounts are now eligible to upgrade to our new Certificate Management Platform, DigiCert CertCentral—For free!
- Upgrade happens in seconds.
- Seamless certificate and account migration.
- Additional benefits include improved certificate management, better pricing options, advanced features, and more.
To learn more about CertCentral, check out our short video How to Manage Your Entire Certificate Lifecycle in 60 Seconds—or Less.
May 24, 2019
We've added a new tool to our CertCentral portfolio—Discovery—that provides real-time analysis of your entire SSL/TLS certificate landscape.
Designed to quickly find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA), Discovery identifies problems in certificate configurations and implementations along with certificate-related vulnerabilities or problems in your endpoint configurations.
Note: Discovery uses sensors to scan your network. Sensors are small software applications that you install in strategic locations. Each scan is linked to a sensor.
Scans are centrally configured and managed from inside your CertCentral account. Scan results are displayed in an intuitive and interactive dashboard inside CertCentral. Configure scans to run once or multiple times on a set schedule.
- To activate Discovery for your CertCentral account, contact your account manager or our support team.
- For information about getting Discovery up and running, see Discovery: Install a sensor and run a scan.
May 1, 2019
We've updated the CertCentral SAML Federation Settings, enabling you to keep your Federation Name from appearing in the list of IdPs on the SAML Single Sign-On IdP Selection and SAML certificate requests IdP Selection pages.
Now, on the Federation Settings page, under Your IDP's Metadata, we added the Include Federation Name option. If you want to keep your Federation Name from appearing in the list of IdPs on the IdP Selection page, uncheck Add my Federation Name to the list of IdPs.
Secure Site Pro TLS/SSL certificates are available in CertCentral. With Secure Site Pro, you're charged per domain; no base certificate cost. Add one domain, get charged for one. Need nine domains, get charged for nine. Secure up to 250 domains on one certificate.
We offer two types of Secure Site Pro certificates, one for OV certificates and one for EV certificates.
- Secure Site Pro SSL
Get the OV certificate that fits your needs. Provide encryption and authentication for one domain, one wildcard domain and all its subdomains, or use Subject Alternative Names (SANs) to secure multiple domains and wildcard domains with one certificate. - Secure Site Pro EV SSL
Get the extended validation certificate that fits your needs. Provide encryption and authentication to secure one domain or use Subject Alternative Names (SANs) to secure multiple sites (fully qualified domain names) with one certificate.
Benefits included with each Secure Site Pro certificate
Each Secure Site Pro certificate includes – at no extra cost – first access to future premium feature additions to CertCentral (e.g., CT log monitoring and validation management).
Other benefits include:
- Priority validation
- Priority support
- Two premium site seals
- Malware check
- Industry-leading warranties
To activate Secure Site Pro certificates for your CertCentral account, contact your account manager or our support team.
To learn more about our Secure Site Pro certificates, see DigiCert Secure Site Pro.
Public SSL certificates can no longer secure domain names with underscores ("_"). All previously issued certificates with underscores in domain names must expire prior to this date.
Note: The preferred underscore solution is to rename the hostnames (FQDNs) that contain underscores and replace the certificates. However, for those situations where renaming is not possible, you can use private certificates and, in some cases, you can use a wildcard certificate that secures the entire domain.
For more details, see Retiring Underscores in Domain Names.
December 17, 2018
We enhanced our RapidSSL DV certificate offerings enabling you to include a second, very specific domain, in these single domain certificates.
- RapidSSL Standard DV
By default now, when ordering a RapidSSL Standard DV Certificate, you get both versions of the common name in the certificate – [your-domain].com and www.[your-domain].com.
After entering the common name, make sure the Include both www.[your-domain].com and [your-domain].com in the certificate box is checked.
Previously, you had to order separate certificates for [your-domain].com and www.[your-domain].com. - RapidSSL Wildcard DV
By default now, when ordering a RapidSSL Wildcard DV Certificate, you get the wildcard domain and the base domain in the certificate – *.[your-domain].com and [your-domain].com.
After entering the common name, make sure the Include both *.[your-domain].com and [your-domain].com in the certificate box is checked.
Previously, you had to order separate certificates for *.[your-domain].com and [your-domain].com.
We enhanced the RapidSSL certificate endpoints to include the dns_names parameter, enabling you to include a second, very specific domain, in these single domain certificates.
- RapidSSL Standard DV
When ordering a RapidSSL Standard DV Certificate, you may include both version of your domain in the certificate — [your-domain].com and www.[your-domain].com."common_name": "[your-domain].com",
"dns_names": ["www.[your-domain].com"],
Previously, you had to order separate certificates for [your-domain].com and www.[your-domain].com. - RapidSSL Wildcard DV
When ordering a RapidSSL Wildcard DV Certificate, you may include the base domain in the certificate — *.[your-domain].com and [your-domain].com)."common_name": "*.your-domain.com",
"dns_names": ["[your-domain].com"],
Previously, you had to order separate certificates for *.[your-domain].com and [your-domain].com.
For DigiCert Services API documentation, see CertCentral API.
Individual Document Signing certificates are available in CertCentral:
- Document Signing – Individual (500)
- Document Signing – Individual (2000)
To activate Individual Document Signing certificates for your CertCentral account, contact your Sales representative.
Previously, only Organization Document Signing certificates were available.
- Document Signing – Organization (2000)
- Document Signing – Organization (5000)
To learn more about these certificates, see Document Signing Certificate.
December 7, 2018
RapidSSL and GeoTrust DV certificates are available in CertCentral:
- RapidSSL Standard DV
- RapidSSL Wildcard DV
- GeoTrust Standard DV
- GeoTrust Wildcard DV
Documentation
- CertCentral: DV Certificate Enrollment Guide – https://docs.digicert.com/certcentral/documentation/dv-certificate-enrollment/
- CertCentral API: DV Certificate Enrollment Guide – https://www.digicert.com/certcentral-support/api-dv-certificate-workflow-endpoints-guide.pdf
January 12, 2018
DigiCert makes another CT Log (Nessie) publicly available. Nessie is a new, highly scalable, high-performance Certificate Transparency (CT) log.
This CT log is composed of five logs that are sharded in one-year increments based on certificate expiration. Below are the CT log endpoint URLs with their certificate expiration range with their certificate expiration range.
- https://nessie2018.ct.digicert.com/log December 12, 2017
- https://nessie2019.ct.digicert.com/log January 1, 2019
- https://nessie2020.ct.digicert.com/log January 1, 2020
- https://nessie2021.ct.digicert.com/log January 1, 2021
- https://nessie2022.ct.digicert.com/log January 1, 2022