Filtering by: dcv methods x clear
enhancement

Customize the lifetime of your DigiCert Multi-year Plan

We are happy to announce you can now configure a custom lifetime for your Multi-year Plan (MyP) when requesting a TLS certificate in CertCentral. On the TLS certificate request forms, use the new Custom order validity option to customize the length of your TLS certificate order.

Note: Maximum TLS certificate validity is 397 days per industry best practices. See End of 2-Year public SSL/TLS certificates.

Custom Multi-year Plan order lengths can be set in days or by expiration date. Maximum order length is 2190 days (6 years). Minimum order length is 7 days.

Note: Custom orders start on the day we issue the certificate for the order. Order pricing is prorated to match the certificate selected and your custom order length.

To customize your MyP coverage

  1. On the Request certificate form, click Select coverage length.
  2. In the How long do you need to protect your site pop-up window, select Custom order validity.
  3. Under Select your customer order length, configure the lifetime for your Multi-year Plan:
    1. Custom order length
      Specify the length of your plan in days.
    2. Custom order expiration date
      Select the day you want your plan to expire on.
  4. Click Save.
enhancement

Updated product settings for public TLS certificates

To provide more control over your certificate order process, we updated the product settings for public TLS certificates. Now, you can determine the allowed Multi-year Plan order lengths users can select from when ordering a public TLS certificate.

On the TLS certificate's product settings page, use the Allowed validity periods option to determine what MyP order lengths appear on a TLS certificate request form: 1 Year, 2 Years, 3 Years, 4 Years, 5 Years, and 6 Years. Note that changes made to product settings apply to requests placed through CertCentral and the Services API.

Note: Previously, the Allowed validity periods option was used to determine the maximum certificate lifetime a user could select when ordering a public TLS certificate. However, with the industry move to 1-year certificate this option is no longer needed for certificate lengths. See End of 2-Year public SSL/TLS certificates.

To configure the allowed MyP order lengths for a TLS certificate

  1. In the left main menu, go to Settings > Product Settings.
  2. On the Product Settings page, select a public TLS certificate. For example, select Secure Site OV.
  3. Under Secure Site OV, in the Allowed validity periods dropdown, select the validity periods.
  4. Click Save Settings.

The next time a user orders a Secure Site OV certificate, they will only see the validity period lengths you selected on the request form.

Note: Setting limits on Multi-year Plan order lengths removes the custom validity option from your TLS certificate request forms.

enhancement

CertCentral Domains page: Improved domains.csv report

On the Domains page, we improved the CSV report to make it easier to track OV and EV domain validation expiration dates and to view the previously used domain control validation (DCV) method.

The next time you download the CSV file, you will see we three new columns in the report:

  • OV Expiration
  • EV Expiration
  • DCV Method

To download the domains.csv report

  1. In the left main menu, go to Certificates > Domains.
  2. On the Domains page, in the Download CSV dropdown, select Download All Records.

When you open the domains.csv, you should see the new columns and information in your report.

enhancement

CertCentral: Automatic DCV checks – DCV polling

We are happy to announce we've improved the domain control validation (DCV) process and added automatic checks for DNS TXT, DNS CNAME, and HTTP practical demonstration (FileAuth) DCV methods.

This means, once you've placed the fileauth.txt file on your domain or added the random value to your DNS TXT or DNS CNAME records, you don't need to worry about signing in to CertCentral to run the check yourself. We will run the DCV check automatically. Although, you can still run a manual check, when needed.

DCV polling cadence

After submitting your public SSL/TLS certificate order, submitting a domain for prevalidation, or changing the DCV method for a domain, DCV polling begins immediately and runs for one week.

  • Interval 1—Every minute for the first 15 minutes
  • Interval 2—Every five minutes for an hour
  • Interval 3—Every fifteen minutes for four hours
  • Interval 4—Every hour for a day
  • Interval 5—Every four hours for a week*

*After Interval 5, we stop checking. If you have not placed the fileauth.txt file on your domain or added the random value to your DNS TXT or DNS CNAME records by the end of the first week, you will need to run the check yourself.

For more information about the supported DCV methods:

enhancement

We moved the CertCentral DV Certificate Enrollment guide to https://docs.digicert.com/certcentral/documentation/dv-certificate-enrollment/.

A pdf version of the guide is still available (see link at the bottom of the Introduction page).

Additionally, we updated and added instructions to cover the supported DCV methods for DV certificates in CertCentral.

  • Added new Domain Control Validation (DCV) instructions
    • Use the Email DCV method
    • Use the DNS TXT DCV method
    • Use the File DCV method
    • File DCV method common mistakes
  • Updated the order DV certificate instructions
    • Order a RapidSSL Standard DV Certificate
    • Order a RapidSSL Wildcard DV Certificate
    • Order a GeoTrust Standard DV Certificate
    • Order a GeoTrust Wildcard DV Certificate
    • Order a GeoTrust Cloud DV Certificate
  • Updated the reissue DV certificate instructions
    • Reissue a RapidSSL Standard DV Certificate
    • Reissue a RapidSSL Wildcard DV Certificate
    • Reissue a GeoTrust Standard DV Certificate
    • Reissue a GeoTrust Wildcard DV Certificate
    • Reissue a GeoTrust Cloud DV Certificate
new

We added two more Domain Control Validation (DCV) methods to the DV certificate Order and Reissue pages: DNS TXT and File.

Note: Previously (unless you are using the DigiCert Services API), you could only use the Email DCV method to prove control over the domains on your DV certificate orders.

Now, when ordering or reissuing a DV certificate, you can choose DNS TXT, File, or Email as the DCV method to complete domain validation for the order.

new

We added new Prove control over domains features to the DV certificates' Order # details page.

Previously, you were unable to take any actions to complete your domain validation on the DV certificates' Order # details page.

Now, you can take more actions to complete the domain validation for the order:

  • Use the DNS TXT, Email, and File DCV methods
  • Resend/send the DCV Emails and choose which email address to send it to
  • Verify your domain's DNS TXT record
  • Verify your domain's fileauth.txt file
  • Choose a different DCV method than the one selected when ordering the certificate

(In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number.)

enhancement

We enhanced the Certificate Details section of the DV certificates' Order # details page adding additional DV certificate information: Serial Number and Thumbprint.

Note: This enhancement is not retroactive. This new information only appears for orders placed after 17:00 UTC time January 15, 2019.

(In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number.)

enhancement

We enhanced the Get order details endpoint enabling the DV certificate's thumbprint and serial number to be returned in the response.

{
"id": "12345",
"certificate":{
"id":123456,
"thumbprint":"{{thumbprint}}",
"serial_number":"{{serial_number}}
...
}

Note: This enhancement is not retroactive. The thumbprint and serial number are only returned for orders placed after 17:00 UTC time January 15, 2019.

For more information, see the Get order details endpoint in the DigiCert Services CertCentral API documentation.

enhancement

We enhanced the functionality of the Domain management – Get domain control emails API endpoint. You can now use the domain name to retrieve the Domain Control Validation (DCV) email addresses (WHOIS-based and constructed) for any domain.

Previously, you had to have the domain ID to retrieve the DCV email addresses. However, for a domain to have an ID, you had to submit it for pre-validation.

Now, you can use either the domain name or the domain ID with the Domain management – Get domain control emails endpoint to retrieve the DCV email addresses (WHOIS-based and constructed) for a domain. See the Get domain emails endpoint.