We've updated the CertCentral SAML Federation Settings, enabling you to keep your Federation Name from appearing in the list of IdPs on the SAML Single Sign-On IdP Selection and SAML certificate requests IdP Selection pages.
Now, on the Federation Settings page, under Your IDP's Metadata, we added the Include Federation Name option. If you want to keep your Federation Name from appearing in the list of IdPs on the IdP Selection page, uncheck Add my Federation Name to the list of IdPs.
Secure Site Pro TLS/SSL certificates are available in CertCentral. With Secure Site Pro, you're charged per domain; no base certificate cost. Add one domain, get charged for one. Need nine domains, get charged for nine. Secure up to 250 domains on one certificate.
We offer two types of Secure Site Pro certificates, one for OV certificates and one for EV certificates.
Benefits included with each Secure Site Pro certificate
Each Secure Site Pro certificate includes – at no extra cost – first access to future premium feature additions to CertCentral (e.g., CT log monitoring and validation management).
Other benefits include:
To activate Secure Site Pro certificates for your CertCentral account, contact your account manager or our support team.
To learn more about our Secure Site Pro certificates, see DigiCert Secure Site Pro.
Public SSL certificates can no longer secure domain names with underscores ("_"). All previously issued certificates with underscores in domain names must expire prior to this date.
Note: The preferred underscore solution is to rename the hostnames (FQDNs) that contain underscores and replace the certificates. However, for those situations where renaming is not possible, you can use private certificates and, in some cases, you can use a wildcard certificate that secures the entire domain.
For more details, see Retiring Underscores in Domain Names.
CAs can no longer issue 30-day public SSL certificate containing underscores in domain names (common names and subject alternative names).
Note: The preferred underscore solution is to rename the hostnames (FQDNs) that contain underscores and replace the certificates. However, for those situations where renaming is not possible, you can use private certificates and, in some cases, you can use a wildcard certificate that secures the entire domain.
For more details, see Retiring Underscores in Domain Names.
Final day you can order 30-day public SSL certificates containing underscores in domain names (common names and subject alternative names) from any CA.
Note: The preferred underscore solution is to rename the hostnames (FQDNs) that contain underscores and replace the certificates. However, for those situations where renaming is not possible, you can use private certificates and, in some cases, you can use a wildcard certificate that secures the entire domain.
For more details, see Retiring Underscores in Domain Names.
Certificate Authorities (CAs) revoked all public SSL certificates containing underscores (in the common name and subject alternative names) with a maximum validity of more than 30 days by end of day (UTC time).
If you had an SSL certificate with a total validity of 31 days or more (which includes all 1-year, 2-year, and 3-year certificates) that expired after January 14, 2019, the CA who issued your certificate was required to revoke it.
For more details, see Retiring Underscores in Domain Names.
We fixed a bug where the SSL/TLS certificate Order# details page and Order details panel weren't showing domain control validation as being completed after you finished validating the domains on your certificate order.
Note: This bug didn't stop your certificate orders from being issued after you completed the domain control validation.
Now, when you complete the domain control validation for the domains on your order, the Order# details page and Order details panel for the order show the domain validation as being completed.
(In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the certificate order, click the order number or Quick View link.)
DigiCert began issuing public SSL certificates containing underscores for a limited time.
For more details, see Retiring Underscores in Domain Names.
In the top menu, we added two new contact support options (phone and chat icons) making it easier to contact support from within CertCentral (via email, chat, or phone).
The phone icon provides you with email and phone options. The chat icon provides you with a chat window where you can start a chat with one of our dedicated support team members.
We enhanced the sidebar menu, making it easier to see the menu option for the pages you are visiting. Now, when you visit a page in CertCentral, the menu option for that page will have a horizontal blue bar next to it.
We fixed a bug in the Add Organization feature on the SSL/TLS certificate request forms where the validation status (EV and OV validated) was not included for new organizations added and validated as part of the certificate order.
Now, new organizations added when ordering an SSL certificate will show a Validated status.
Note: The organization's validation status doesn't appear until we've fully validated the organization.
Secure Site TLS/SSL certificates are available in CertCentral:
To activate Secure Site certificates for your CertCentral account, contact your Sales representative.
Benefits included with each Secure Site certificate:
To learn more about our Secure Site certificates, see DigiCert Secure Site Overview.
Additional Resources:
Updates to the full SHA256 EV hierarchy certificate profile
On September 27, 2018, we removed the Symantec policy OID from EV TLS certificates issued from the full SHA256 EV hierarchy [DigiCert Global G2 Root => DigiCert Global G2 Intermediate => EV TLS/SSL certificate].
Problem: Chrome bug on macOS
July 2018, we discovered a bug in Chrome on macOS where it wasn't showing the EV indicator for EV TLS certificate with more than two policy OIDs – https://bugs.chromium.org/p/chromium/issues/detail?id=867944.
Solution
We removed the Symantec policy OID from the full SHA256 EV hierarchy certificate profile. With this change, Chrome on macOS again showed the EV indicator for the EV TLS certificates issued from the full SHA256 EV hierarchy.
Affected EV TLS certificates
EV TLS certificates (from the full SHA256 EV hierarchy) issued after January 31, 2018 and prior to September 27, 2018 contain these three policy OIDs in the Certificate Extension - Certificate Policies:
What do I need to do?
We added support for IPv6 addresses (abbreviated and full).
You can now order public and private OV TLS/SSL certificates (SSL, Multi-Domain SSL, and Wildcard SSL, Private SSL, etc.) and include an IPv6 address as the common name or a SAN.
Note: IPv6 addresses aren't supported for EV TLS/SSL certificates (EV SSL and EV Multi-Domain SSL).
Enhancements made to Wildcard certificates. You can secure multiple wildcard domains on a single wildcard certificate.
When you order a Wildcard certificate in CertCentral, you can secure multiple wildcard domains in one wildcard certificate (*.example.com, *.yourdomain.com, and *.mydomain.com). You can still secure a single wildcard domain (*.example.com) with your Wildcard certificate.
Items to note:
As of March 1, 2018, 825 days is the maximum allowed length for a reissued (or duplicate issued) public 3-year SSL/TLS certificate.
For a 3-year OV certificate issued after March 1, 2017, be aware that during the first year of the 3-year certificate's lifecycle, all reissued and duplicate certificates may have a shorter lifecycle than the "original" certificate, and these reissued certificates will expire first. See
How does this affect my 3-year certificate reissues and duplicate issues?.
