Filtering by: RapidSSL x clear
new

CertCentral to issue GeoTrust and RapidSSL DV certificates from new intermediate CA certificates

On May 24, 2022, between 9:00 am and 11:00 am MDT (3:00 pm and 5:00 pm UTC), DigiCert will replace the GeoTrust and RapidSSL intermediate CA (ICA) certificates listed below. We can no longer issue maximum validity (397-day) DV certificates from these intermediates.

Old ICA certificates

  • GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
  • GeoTrust TLS DV RSA Mixed SHA256 2021 CA-1
  • RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
  • RapidSSL TLS DV RSA Mixed SHA256 2021 CA-1

New ICA certificates

  • GeoTrust Global TLS RSA4096 SHA256 2022 CA1
  • RapidSSL Global TLS RSA4096 SHA256 2022 CA1

See the DigiCert ICA Update KB article.

How does this affect me?

Rolling out new ICA certificates does not affect your existing DV certificates. Active certificates issued from the replaced ICA certificates will remain trusted until they expire.

However, all new certificates, including certificate reissues, will be issued from the new ICA certificates. To ensure ICA certificate replacements go unnoticed, always include the provided ICA certificate with every TLS certificate you install.

No action is required unless you do any of the following:

  • Pin the old versions of the intermediate CA certificates
  • Hard code the acceptance of the old versions of the intermediate CA certificates
  • Operate a trust store that includes the old versions of the intermediate CA certificates

Action required

If you practice pinning, hard code acceptance, or operate a trust store, update your environment as soon as possible. You should stop pinning and hard coding ICA certificates or make the necessary changes to ensure your GeoTrust DV and RapidSSL DV certificates issued from the new ICA certificates are trusted. In other words, make sure they can chain up to their new ICA certificate and trusted root.

See the DigiCert Trusted Root Authority Certificates page to download copies of the new Intermediate CA certificates.

What if I need more time?

If you need more time to update your environment, you can continue to use the old 2020 ICA certificates until they expire. Contact DigiCert Support, and they can set that up for your account. However, after May 31, 2022, RapidSSL DV and GeoTrust DV certificates issued from the 2020 ICA certificates will be truncated to less than one year.

new

CertCentral: Domain locking is now available

DigiCert is happy to announce our domain locking feature is now available.

Does your company have more than one CertCentral account? Do you need to control which of your accounts can order certificates for specific company domains?

Domain locking allows you to control which of your CertCentral accounts can order certificates for your domains.

How does domain locking work?

DNS Certification Authority Authorization (CAA) resource records allow you to control which certificate authorities can issue certificates for your domains.

With domain locking, you can use this same CAA resource record to control which of your company's CertCentral accounts can order certificates for your domains.

How do I lock a domain?

To lock a domain:

  1. Enable domain locking for your account.
  2. Set up domain locking for a domain.
  3. Add the domain's unique verification token to the domain's DNS CAA resource record.
  4. Check the CAA record for the unique verification token.

To learn more, see:

new

End of life for account upgrades from Symantec, GeoTrust, Thawte or RapidSSL to CertCentral™

From April 5, 2022, MDT, you can no longer upgrade your Symantec, GeoTrust, Thawte, or RapidSSL account to CertCentral™.

If you haven't already moved to DigiCert CertCentral, upgrade now to maintain website security and have continued access to your certificates.

Note: During 2020, DigiCert discontinued all Symantec, GeoTrust, Thawte, RapidSSL admin consoles, enrollment services, and API services.

How do I upgrade my account?

To upgrade your account, contact DigiCert Support immediately. For more information about the account upgrade process, see Upgrade from Symantec, GeoTrust, Thawte, or RapidSSL.

What happens if I don't upgrade my account to CertCentral?

After April 5, 2022, you must get a new CertCentral account and manually add all account information, such as domains and organizations. In addition, you won't be able to migrate any of your active certificates to your new account.

For help setting up your new CertCentral account after April 5, 2022, contact DigiCert Support.

new

Scheduled Maintenance

On April 5, 2020 from 07:00 to 09:00 UTC, DigiCert will perform scheduled maintenance.

Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.

DigiCert services will be restored as soon as maintenance is completed.

What can you do?

Please plan accordingly. Schedule high-priority orders, renewals, reissues, and duplicate issues outside of the maintenance window.

new

High-priority service provider maintenance April 5 from 06:00 - 08:00 UTC

On Friday April 3, DigiCert was notified by our data center service provider that they are going to perform some high-priority maintenance on Sunday April 5 from 06:00 – 08:00 UTC.

How does this affect me?

This maintenance window only affects legacy Symantec Website Security, Thawte, GeoTrust, and RapidSSL customers.

During this time, Symantec, GeoTrust, Thawte and RapidSSL consoles, associated APIs, and certificate issuance may be affected.

Services will be restored as soon as maintenance is completed.

What can you do?

Please plan accordingly. Schedule high-priority orders, renewals, reissues, and duplicate issues outside of the maintenance window.

  • DigiCert 2020 scheduled maintenance
    This page is kept up to date with all our maintenance schedule information.
  • DigiCert Status
    To get live updates, subscribe to the DigiCert Status page.
enhancement

We enhanced our RapidSSL DV certificate offerings enabling you to include a second, very specific domain, in these single domain certificates.

  • RapidSSL Standard DV
    By default now, when ordering a RapidSSL Standard DV Certificate, you get both versions of the common name in the certificate – [your-domain].com and www.[your-domain].com.
    After entering the common name, make sure the Include both www.[your-domain].com and [your-domain].com in the certificate box is checked.
    Previously, you had to order separate certificates for [your-domain].com and www.[your-domain].com.
  • RapidSSL Wildcard DV
    By default now, when ordering a RapidSSL Wildcard DV Certificate, you get the wildcard domain and the base domain in the certificate – *.[your-domain].com and [your-domain].com.
    After entering the common name, make sure the Include both *.[your-domain].com and [your-domain].com in the certificate box is checked.
    Previously, you had to order separate certificates for *.[your-domain].com and [your-domain].com.

See the CertCentral: DV Certificate Enrollment Guide.

enhancement

We enhanced the RapidSSL certificate endpoints to include the dns_names parameter, enabling you to include a second, very specific domain, in these single domain certificates.

  • RapidSSL Standard DV
    When ordering a RapidSSL Standard DV Certificate, you may include both version of your domain in the certificate — [your-domain].com and www.[your-domain].com.
    "common_name": "[your-domain].com",
    "dns_names": ["www.[your-domain].com"],

    Previously, you had to order separate certificates for [your-domain].com and www.[your-domain].com.
  • RapidSSL Wildcard DV
    When ordering a RapidSSL Wildcard DV Certificate, you may include the base domain in the certificate — *.[your-domain].com and [your-domain].com).
    "common_name": "*.your-domain.com",
    "dns_names": ["[your-domain].com"],

    Previously, you had to order separate certificates for *.[your-domain].com and [your-domain].com.

For DigiCert Services API documentation, see CertCentral API.

new

Individual Document Signing certificates are available in CertCentral:

  • Document Signing – Individual (500)
  • Document Signing – Individual (2000)

To activate Individual Document Signing certificates for your CertCentral account, contact your Sales representative.

Previously, only Organization Document Signing certificates were available.

  • Document Signing – Organization (2000)
  • Document Signing – Organization (5000)

To learn more about these certificates, see Document Signing Certificate.

new

RapidSSL and GeoTrust DV certificates are available in CertCentral:

  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • GeoTrust Standard DV
  • GeoTrust Wildcard DV

Documentation