Change log | docs.digicert.com

May 6, 2020

api new parameter domain validation scope enhancement DV Certificates DCV email method DV SSL resend email

DV certificate orders: Domain validation scope settings for DCV emails

We improved the DCV email validation process for DV certificate orders, allowing you to set the domain validation scope when resending the DCV emails.

Note: Previously, when using the DCV email method to validate subdomains on your DV order, you had to validate the exact subdomain name.

Now, on your DV certificate order, you can validate a subdomain ( sub.example.com) at a higher level (example.com) by resending the DCV email to a higher-level domain email address (admin@example.com).

To learn more about the Email DCV method:

CertCentral Services API: Improved DV SSL: Resend emails endpoint

In the DigiCert Services API, we updated the DV SSL: Resend emails endpoint, enabling you to set the domain validation scope when resending the DCV emails for your DV certificate orders. We added a new optional parameter, "email_domain": "{{domain}}", that allows you to specify the domain where the email entry can be found by WHOIS.

Note: Previously, when using the DCV email method to validate subdomains on your DV order, you had to validate the exact subdomain name.

Now, on your DV certificate order, you can validate a subdomain (e.g., sub.example.com) at a higher level (e.g., example.com). Add the new parameter, "email_domain": "{{domain}}", to the resend DCV email request and send the DCV email to a higher-level domain email address (e.g., admin@example.com).

Example request for the DV SSL: Resend emails endpoint

New email_domain parameter in DV SSL: Resend email endpoint

April 23, 2020

bug fix general availability domain validation audit logs localization New domain validation scope DV Certificates submit base domains discovery

Discovery now available in all CertCentral accounts

We are happy to announce that all existing CertCentral accounts now include Discovery, our newest and most robust certificate discovery tool.

Note: For those who were using Certificate Inspector, Discovery replaces our long time DigiCert tool, Certificate Inspector.

By default, Discovery includes Cloud scan and a Sensor scan trial with a 100-certificate limit.

Cloud scan

Cloud scan uses a cloud-based sensor, so there is nothing to install or manage. You can start scanning immediately to find all your public facing SSL/TLS certificates regardless of issuing Certificate Authority (CA). Cloud-scan runs once every 24 hours.

To learn more, see Discovery Cloud-scan service.
To run your first cloud scan, in the left main menu, go to Discovery > Manage Discovery. On the Manage scans page, click Single cloud scan.

Sensor scan

Sensor scan is our most robust version of Discovery. It uses sensors to scan your network to quickly find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA). Discovery also identifies problems in certificate configurations and implementations along with certificate-related vulnerabilities or problems in your endpoint configurations.

Scans are centrally configured and managed from inside your CertCentral account. Scan results are displayed in an intuitive and interactive dashboard inside CertCentral. Configure scans to run once or multiple times on a set schedule.

To learn how to install a sensor and start scanning your SSL/TLS certificate landscape, see Discovery user guide.
To continue to use Sensor scan after the trial period is over, please contact your account manager or our Support team.

Discovery audit logs

Discovery has added a new feature—Discovery Audit Logs—allowing you to track Discovery-related activities in your CertCentral account. These audit logs provide insight into user activity enabling you to see areas where training may be required, reconstruct events to troubleshoot problems, detect misuse, and discover problem areas.

To make it easier to sort through the information in the Discover audit logs, we've include several filters:

Date range
Division
User
IP Address
Actions
(e.g., void sensor, delete scan, etc.)

To access the Discovery Audit Log, in your CertCentral account, in the left main menu, go to Account > Audit Logs. On the Audit Logs page, click Discovery Audit Logs.

Discovery language support

As we work to globalize our product offerings and make our websites, platforms, and documentation more accessible, we are happy to announce that we've added language support to Discovery in CertCentral.

Now, when configuring your language preference in CertCentral, Discovery is included in the configuration.

To configure your language preference

In your account, in the top right corner, in the "your name" drop-down list, select My Profile. On the Profile Settings page, in the Language dropdown, select a language and click Save Changes.

See CertCentral language preferences.

Bug fix: DV certificate orders did not honor Submit base domains for validation account setting

We fixed a bug in the DV certificate domain control validation (DCV) process where DV certificate orders did not adhere to the Submit base domains for validation account setting.

Note: For DV certificate orders, you were required to validate the domain exactly as named in the order.

Now, DV certificate orders honor the Submit base domains for validation account setting, allowing you to validate your subdomains at the base domain level on your DV certificate orders.

To view the Domain Validation Scope settings in your account, go to Settings > Preferences. On the Division preferences page, expand +Advanced Settings. The Domain Validation Scope settings are in the Domain Control Validation (DCV) section.

March 16, 2020

cancel order bug fix resend certificate generation email code signing certificates domain validation management Edit organization details division preferences domain validation scope enhancement New feature

CertCentral: Domain validation management for all account types

We are happy to announce all CertCentral accounts now come with domain validation management by default. Now, all account types have access to these domain management features:

Add domains directly to your account
Submit your domains for prevalidation*
Manage each domains' validations: EV and OV certificates
Activate and deactivate domains

To use the new domain validation management features, go to the Domains page (in the left main menu, go to Certificates > Domains).

*For more information about submitting domains for prevalidation, see Domain prevalidation.

Note: Previously, only Enterprise and Partner accounts had the ability to submit domains for prevalidation and manage their domains' validations (domain control validation).

CertCentral: Domain Validation Scope settings apply to TLS orders only

On the Division Preferences page, under Domain Control Validation (DCV), we updated the Domain Validation Scope settings: Submit exact domain for validation and Submit base domains for validation. These updated settings allow you to define the default domain validation behavior when submitting new domains through the TLS certificate order process: EV, OV, and DV. These settings no longer apply to the domain prevalidation process.*

Submit exact domain names for validation
When validating new domains through the order process, domains and subdomains are submitted for validation exactly as named. A domain validation request for sub2.sub1.example.com is submitted for validation as sub2.sub1.example.com.
Submit base domains for validation
When validating new domains through the order process, domains and subdomains are submitted for validation at the base domain level. A domain validation request for sub2.sub1.example.com is submitted for validation as example.com. Remember, validating a base domain also validates all subdomains for that base domain.

*How do these changes affect the domain prevalidation process?

When submitting domains for prevalidation, you can validate a domain at any level, base or any of the lower level subdomains: example.com, sub1.example.com, sub2.sub1.example.com, etc. See Domain prevalidation.

"Resend create certificate email" option for browser generated Code Signing certificate orders

We added a Resend create certificate email option to our Code Signing certificate process for orders where the certificate is generated in a supported browser: IE 11, Safari, Firefox 68, and portable Firefox.

Now, when a code signing certificate order has the status Emailed to Recipient, you can resend the certificate generation email.

For more information, see Resend "Create Your DigiCert Code Signing Certificate" email.

We fixed a bug preventing the Cancel Order option from appearing for Code Signing (CS) certificate orders with a status of Emailed to Recipient. On the Order details, page the Cancel Order option was missing from the Certificate Actions dropdown.

Note: To cancel the order, you had to contact our support team.

Now, to cancel a Code Signing (CS) certificate order with the status Emailed to Recipient, go to Order details page for the certificate and cancel the order.

For more information, Cancel a certificate order.

CertCentral: Edit organization details

We added a new feature to the organization management process in CertCentral—Edit organization details. Now, to update organization information, go to the Organization details page for that organization and click Edit Organization.

What you need to do before you edit an organization's details

Changing organization details for a validated organization negates all existing validation for the organization. This cannot be undone. This means DigiCert will need to validate the "updated/new" organization before we can issue certificates for it. Before you begin, make sure you understand and accept what happens when you change an organization's details.

For more information, see Edit organization details.

August 29, 2019

City/Locality bug fix compliance domain validation scope State/Province New feature Wildard SANs

Industry standards compliance reminder

For public and private certificates, Certificate Authorities (CAs) don't accept abbreviations for these parts of an address in your certificate orders or organization pre-validation requests:

State or Province*
City or Locality*

*This applies to organization and jurisdiction addresses.

We made it easier to define the domain validation scope for your account when submitting your domains for validation (pre-validation or via certificate orders).

On the Division Preferences page, we added two domain validation scope options:

Submit exact domain names for validation
With this option, requests for new domains are submitted for validation exactly as named (i.e., request for sub.example.com is submitted for validation exactly as sub.example.com). Validation for the “higher level” domain (e.g., example.com) also works. This is the default behavior for CertCentral.
Restrict validation to base domain only
This option allows you to restrict domain validation to the base domain (e.g., example.com). For request that include new subdomains (e.g., sub.example.com), we only accept domain validation for the base domain (e.g., example.com). Validation for the subdomain (e.g., sub.example.com) won’t work.

To configure the domain validation scope for your account, in the sidebar menu, click Settings > Preferences. On the Division Preference page, expand Advanced Settings. In the Domain Control Validation (DCV) section, under Domain Validation Scope, you'll see the new settings.

We fixed a bug where we were limiting the maximum allowed number of SANS to 10 on Wildcard SSL certificate reissue and new certificate orders.

Now, when reissuing or ordering a new Wildcard SSL certificate, you can add up to 250 SANs.

May 6, 2020

April 23, 2020

March 16, 2020

August 29, 2019

About