CertCentral: Improved Organizations search on Orders page
To make it easier to find the certificates ordered for a specific organization in your account, we updated the Organizations search on the Orders page.
We now display three new pieces of information about each organization. This information is helpful when you have organizations with similar or identical names:
See for yourself
In the left main menu, go to Certificates > Orders. On the Orders page, expand Show advanced search. In the Organizations dropdown, search for an organization. You will now see the following organization information: name, assumed name (if used), organization ID, and address.
Note: You can also type the organization name.
CertCentral: Improved Order details page
To make it easier to identify the organization a certificate was ordered for in your account, we updated the Organization section on the Order details page.
We now display two new pieces of information about each organization:
This information is helpful when you have organizations with similar or identical names.
See for yourself
In the left main menu, go to Certificates > Orders. On the Orders page, click the certificate's order number. On the Order details page, in the Organization section, you will now see the organization name, organization ID, and assumed name, if used.
CertCentral: Improved organization option on New Domain page
To make it easier to associate a new domain with an organization in your account, we updated the Organization option on the New Domain page.
We now display three new pieces of information about each organization. This information is helpful when you have organizations with similar or identical names:
We also added the ability to type the name of the organization you are searching for.
See for yourself
In the left main menu, go to Certificates > Domains. On the Domains page, click New Domain. On the New Domain page, in the Organization dropdown, search for an organization. You will now see the following organization information: name, assumed name (if used), and organization ID. You can also type the organization name.
For more information about managing domains in CertCentral, see Manage domains.
CertCentral: Improved Specified organizations option on New and Edit Division pages
To make it easier to specify the organizations a division can order certificates for in your account, we updated the Specific organizations option on the New Division and Edit Division pages.
We now display three new pieces of information about each organization. This information is helpful when you have organizations with similar or identical names:
We also added the ability to type the name of the organization you are searching for.
See for yourself
In the left main menu, go to Account > Divisions. On the Divisions page, click New Division. On the New Division page under Certificates can be ordered for, select Specific organizations. When you search for an organization in the dropdown, you will see the following organization information: name, assumed name (if used), organization ID, and address. You can also type the organization name.
For more information about divisions in CertCentral, see Division management.
CertCentral: Improved add organization option on client certificate request forms
To make it easier to order a client certificate for an organization in your account, we updated the Organization option in the client certificate request forms.
We now display three new pieces of information about each organization. This information is helpful when you have organizations with similar or identical names:
We also added the ability to type the name of the organization you are searching for.
See for yourself
The next time you request a client certificate, click Organization. In the Organization dropdown, you will see the following organization information: name, assumed name (if used), ID, and address. You can also type the organization name.
CertCentral: Improved Organizations page
To make it easier to find your organizations on the Organization page, we now display three new pieces of information about each organization. This additional information is helpful when you have organizations with similar or identical names:
On the Organizations page, you will now see an Org # column with the organization's ID. You will also see the organization addresses displayed below the names. And, if you use the organization's assumed name, you will see it in parentheses next to the organization name.
Note: Previously, the only way to view this information was to click the organization name and open the organization's details page.
For more information about organizations in CertCentral, see Manage organizations.
CertCentral: Improved add organization option on OV/EV certificate request forms
To make it easier to order a TLS/SSL certificate for an organization in your account, we updated the Add organization option in the OV and EV certificate request forms.
For accounts that issue certificates for 10 or more organizations, we now display three new pieces of organization information. This information is helpful when you have organizations with similar or identical names:
We also added the ability to type the name of the organization you are searching for.
See for yourself
The next time you request an OV or EV TLS/SSL certificate, click Add organization. In the Organization dropdown, you will see the following organization information: name, assumed name (if used), ID, and address. You can also type the organization name.
Customize the lifetime of your DigiCert Multi-year Plan
We are happy to announce you can now configure a custom lifetime for your Multi-year Plan (MyP) when requesting a TLS certificate in CertCentral. On the TLS certificate request forms, use the new Custom order validity option to customize the length of your TLS certificate order.
Note: Maximum TLS certificate validity is 397 days per industry best practices. See End of 2-Year public SSL/TLS certificates.
Custom Multi-year Plan order lengths can be set in days or by expiration date. Maximum order length is 2190 days (6 years). Minimum order length is 7 days.
Note: Custom orders start on the day we issue the certificate for the order. Order pricing is prorated to match the certificate selected and your custom order length.
To customize your MyP coverage
Updated product settings for public TLS certificates
To provide more control over your certificate order process, we updated the product settings for public TLS certificates. Now, you can determine the allowed Multi-year Plan order lengths users can select from when ordering a public TLS certificate.
On the TLS certificate's product settings page, use the Allowed validity periods option to determine what MyP order lengths appear on a TLS certificate request form: 1 Year, 2 Years, 3 Years, 4 Years, 5 Years, and 6 Years. Note that changes made to product settings apply to requests placed through CertCentral and the Services API.
Note: Previously, the Allowed validity periods option was used to determine the maximum certificate lifetime a user could select when ordering a public TLS certificate. However, with the industry move to 1-year certificate this option is no longer needed for certificate lengths. See End of 2-Year public SSL/TLS certificates.
To configure the allowed MyP order lengths for a TLS certificate
The next time a user orders a Secure Site OV certificate, they will only see the validity period lengths you selected on the request form.
Note: Setting limits on Multi-year Plan order lengths removes the custom validity option from your TLS certificate request forms.
CertCentral Domains page: Improved domains.csv report
On the Domains page, we improved the CSV report to make it easier to track OV and EV domain validation expiration dates and to view the previously used domain control validation (DCV) method.
The next time you download the CSV file, you will see we three new columns in the report:
To download the domains.csv report
When you open the domains.csv, you should see the new columns and information in your report.
CertCentral Orders page: Improved load times
In CertCentral, we updated the Orders page to improve load times for those managing high volumes of certificate orders. The next time you visit the Orders page, it will open much quicker (in the left main menu go to Certificates > Orders).
To improve load times, we changed the way we filter your certificate orders upon initial page view. Previously, we filtered the page to show only Active certificate orders. However, this was problematic for those with high volumes of certificate orders. The more orders you have in your account, the longer the Orders page took to open.
Now, when you visit the page, we return all your certificates, unfiltered, in descending order with the most recently created certificate orders appearing first in the list. To see only your active certificates, in the Status dropdown, select Active and click Go.
CertCentral Services API: Purchase units for subaccounts and view unit orders
In the CertCentral Services API, we've added new endpoints for purchasing units and viewing unit orders. Now, if you manage subaccounts that use units as the payment method for certificate requests, you can use the Services API to buy more units for a subaccount and to get information about your unit order history.
For more information, see the reference documentation for the new endpoints:
CertCentral Services API: Order code signing certificates with a custom expiration date
In the CertCentral Services API, we updated the Order code signing certificate endpoint to support custom expiration dates. Now, when you order a code signing certificate, you can use the custom_expiration_date
request parameter to set the exact date the certificate will expire.
Example request body:
CertCentral Services API: More versatile revoke certificate endpoint
In CertCentral, we added new Certificate Revocations (API Only) settings that allow you to determine how the revoke certificate endpoint works for your API integration:
To revoke an order and all the certificates on the order, use the revoke order certificates endpoint.
Certificate Revocations (API Only) in CertCentral
To use these new revoke certificate endpoint API settings:
CertCentral Services API: Improved endpoints
In the DigiCert Services API, we updated the endpoints listed below, enabling you to skip the duplicate organization check to create a new organization.
Default behavior
By default, when you create a new organization (without providing an organization ID), we check the organizations that already exist in your account to avoid creating a duplicate organization. If the details you provide in the request match the details of an existing organization, we associate the order with the existing organization instead of creating a new one.
New organization.skip_duplicate_org_check request parameter
We added a new organization.skip_duplicate_org_check request parameter to the endpoints listed below so that you can override the behavior and force the creation of a new organization.
Example request with new organization.skip_duplicate_org_check request parameter
Updated endpoints:
CertCentral: Improved Orders page
We updated the Orders page making it easier to see your active certificates. Now, we no longer show the renewed certificates (certificates with a Renewed status) in the list of active certificates.
To make sure you don't lose sight of your renewed certificates, we added a new filter to the Status dropdown—Renewed—that enables you to see your "renewed" certificates.
To see the improved Orders page, in the left main menu, go to Certificates > Orders.
CertCentral Services API: Improved order endpoints:
In the DigiCert Services API, we added a "domain ID" response parameter to the endpoints listed below. Now, when you add domains--new or existing--in your certificate request, we return the domain IDs in the response.
This reduces the number of API calls needed to get the domain IDs for the domains on the certificate order. It also allows you to perform domain-related task immediately, such as change the DCV method for one of the domains on the order or resend the WHOIS emails.
Note: Previously, after adding new or existing domains in your certificate request, you had to make an additional call to get the domain IDs: List domains or Domain info.
Updated order endpoints
Example response with new domain ID parameter
CertCentral Services API: Improved Revoke order certificates and Revoke certificate endpoints
In the DigiCert Services API, we updated the Revoke order certificates and Revoke certificate endpoints, enabling you to skip the approval step when revoking a certificate.
Note: Previously, the approval step was required and could not be skipped.
We added a new optional parameter, "skip_approval": true, that allows you to skip the approval step when submitting a request to revoke one certificate or all certificates on an order.
Note: For skip approvals to work for certificate revoke requests, the API key must have admin privileges. See Authentication.
Now, on your revoke certificate and revoke order certificate requests, you can skip the approval step and immediately submit the request to DigiCert for certificate revocation.
Example request for the revoke certificate and revoke order certificates endpoints
Bug fix: DV certificate issuance emails did not respect certificate format settings
We fixed a bug in the DV certificate issuance process where the Your certificate for your-domain email notification did not deliver the certificate in the format specified in your account settings.
Note: Previously, we included a certificate download link in all DV certificate issued email notifications.
Now, when we issue your DV certificate order, the email delivers the certificate in the format specified in your account's Certificate Format settings.
Configure certificate format for certificate issuance emails
In the left main menu, go to Settings > Preferences. On the Division Preferences page, expand Advance Settings. In the Certificate Format section, select the certificate format: attachment, plain text, or download link. Click Save Settings.
DV certificate orders: Domain validation scope settings for DCV emails
We improved the DCV email validation process for DV certificate orders, allowing you to set the domain validation scope when resending the DCV emails.
Note: Previously, when using the DCV email method to validate subdomains on your DV order, you had to validate the exact subdomain name.
Now, on your DV certificate order, you can validate a subdomain ( sub.example.com) at a higher level (example.com) by resending the DCV email to a higher-level domain email address (admin@example.com).
To learn more about the Email DCV method:
CertCentral Services API: Improved DV SSL: Resend emails endpoint
In the DigiCert Services API, we updated the DV SSL: Resend emails endpoint, enabling you to set the domain validation scope when resending the DCV emails for your DV certificate orders. We added a new optional parameter, "email_domain": "{{domain}}", that allows you to specify the domain where the email entry can be found by WHOIS.
Note: Previously, when using the DCV email method to validate subdomains on your DV order, you had to validate the exact subdomain name.
Now, on your DV certificate order, you can validate a subdomain (e.g., sub.example.com) at a higher level (e.g., example.com). Add the new parameter, "email_domain": "{{domain}}", to the resend DCV email request and send the DCV email to a higher-level domain email address (e.g., admin@example.com).
Example request for the DV SSL: Resend emails endpoint
CertCentral: Domain validation management for all account types
We are happy to announce all CertCentral accounts now come with domain validation management by default. Now, all account types have access to these domain management features:
To use the new domain validation management features, go to the Domains page (in the left main menu, go to Certificates > Domains).
*For more information about submitting domains for prevalidation, see Domain prevalidation.
Note: Previously, only Enterprise and Partner accounts had the ability to submit domains for prevalidation and manage their domains' validations (domain control validation).
CertCentral: Domain Validation Scope settings apply to TLS orders only
On the Division Preferences page, under Domain Control Validation (DCV), we updated the Domain Validation Scope settings: Submit exact domain for validation and Submit base domains for validation. These updated settings allow you to define the default domain validation behavior when submitting new domains through the TLS certificate order process: EV, OV, and DV. These settings no longer apply to the domain prevalidation process.*
*How do these changes affect the domain prevalidation process?
When submitting domains for prevalidation, you can validate a domain at any level, base or any of the lower level subdomains: example.com, sub1.example.com, sub2.sub1.example.com, etc. See Domain prevalidation.
"Resend create certificate email" option for browser generated Code Signing certificate orders
We added a Resend create certificate email option to our Code Signing certificate process for orders where the certificate is generated in a supported browser: IE 11, Safari, Firefox 68, and portable Firefox.
Now, when a code signing certificate order has the status Emailed to Recipient, you can resend the certificate generation email.
For more information, see Resend "Create Your DigiCert Code Signing Certificate" email.
We fixed a bug preventing the Cancel Order option from appearing for Code Signing (CS) certificate orders with a status of Emailed to Recipient. On the Order details, page the Cancel Order option was missing from the Certificate Actions dropdown.
Note: To cancel the order, you had to contact our support team.
Now, to cancel a Code Signing (CS) certificate order with the status Emailed to Recipient, go to Order details page for the certificate and cancel the order.
For more information, Cancel a certificate order.
CertCentral: Edit organization details
We added a new feature to the organization management process in CertCentral—Edit organization details. Now, to update organization information, go to the Organization details page for that organization and click Edit Organization.
What you need to do before you edit an organization's details
Changing organization details for a validated organization negates all existing validation for the organization. This cannot be undone. This means DigiCert will need to validate the "updated/new" organization before we can issue certificates for it. Before you begin, make sure you understand and accept what happens when you change an organization's details.
For more information, see Edit organization details.
CertCentral Services API: Improved Submit for validation endpoint
In the DigiCert Services API, we updated the Submit for validation endpoint, enabling you to submit a domain for revalidation before it expires. Now, you can submit a domain for revalidation at any time, enabling you to complete the domain’s validation early and maintain seamless certificate issuance for the domain.
Note: If you order a certificate for the domain while the domain's revalidation is in a pending state, we use the domain's current validation to issue the certificate.
New request parameter: dcv_method
We also added a new request parameter, dcv_method*. Now, when you submit a domain for validation, you can change the DCV method used to prove control over the domain.
*Note: This new parameter is optional. If you leave the new parameter out of your request, we return a 204 response with no content. You will need to use the same DCV method used before to prove control over the domain.
Example request with new parameter
POST https://www.digicert.com/services/v2/domain/{{domain_id}}/validation
Example response when new parameter is included in the request
201 Created
CertCentral Services API: Improved order endpoints:
In the DigiCert Services API, we added an "organization ID" response parameter to the endpoints listed below. Now, when you add a new organization in your certificate request, we return the organization's ID in the response, enabling you to use the organization immediately in your certificate requests.
Previously, after adding a new organization in your certificate request, you had to make an additional call to get the new organization's organization ID: Order info.
Updated order endpoints:
Example response with new organization ID parameter
11 SUPPORTED LANGUAGES IN THE DOC AND DEVELOPERS PORTALS
As we work to globalize our product offerings and make our websites, platforms, and documentation more accessible, we are happy to announce that we've added language support to the Document and Developers portals.
We now support these 11 languages:
How does language support work?
When you visit the portals, use the language selector (globe icon) to change the portal display language. We save your language selection for 30 days so you don't need to reselect it every time you visit our documentation site.
TIPS AND TRICKS
Access Doc and Developer portals
You can access the Document and Developers portals from the DigiCert website and CertCentral.
Create links within documentation
You can link to sections within the documentation.
On the documentation page, hover on the subheader you want to link to and click the hashtag icon (#). This creates a URL in the browser's address bar.
Use this feature to bookmark or link to specific sections in the instructions.
CertCentral Services API: Improved order Document Signing - Organization (2000) and (5000) endpoints:
In the DigiCert Services API, we updated the Order document signing certificate endpoints for ordering Document Signing - Organization (2000) and (5000) certificates. We added a new parameter, "use_org_as_common_name": true
, enabling you to use the organization name as the common name on the certificate.
Note: Previously, your only option was to use the person's full name as the common name on your document signing organization certificates.
Now, if you want to use the organization name as the common name on your document signing organization certificate, add the "use_org_as_common_name": true
parameter to your certificate request. When we issue your certificate, the organization name will be the common name on the certificate.
Example request for Order document signing certificate endpoint
Improved client certificate process
We improved the client certificate process, enabling you to cancel client certificate orders in an Emailed to Recipient state—orders that are waiting for the email recipient to generate and install the client certificate in one of the supported browsers.
Note: Previously, when a client certificate was in an Emailed to Recipient state, you had to contact support to cancel the order.
Now, if you need to cancel a client certificate order in the Emailed to Recipient state, go to the client certificate's Order details page and in the Certificate Actions dropdown list, select Cancel Order. See Cancel pending client certificate orders.
CertCentral Services API: Improved client certificate process
In the DigiCert Services API, we updated the Update order status endpoint enabling you to cancel client certificate orders in a waiting_pickup state—orders that are waiting for the email recipient to generate and install the client certificate in one of the supported browsers.
Note: Previously, when a client certificate was in a waiting_pickup state, you received a forbidden error and had to contact support to cancel the order.
Now, you can use the Update order status endpoint to cancel a client certificate order in the waiting_pickup state.
We updated the OV and EV SSL/TLS certificate order forms, adding a new DCV verification method dropdown. Now, when ordering OV and EV certificates, you can select the DCV method you want to use to validate the new domains on the order. See our Order your SSL/TLS certificates instructions.
Note: The selected DCV method applies to all unvalidated domains on the order. After submitting the order, you can change the DCV method per domain on the certificate's Order details page. See our Demonstrate control over domains on a pending certificate order instructions.
We updated the domain pre-validation forms, consolidating the OV and EV certificate validation options. Now, when pre-validating a domain, use the new unified domain validation option—OV/EV Domain Validation*. See our Domain pre-validation: Domain control validation (DCV) methods instructions.
Note*: The domain control validation (DCV) methods for OV and EV certificates are the same (verification email, DNS TXT, etc.). The only difference between them is how long the domain validation is valid for. For OV SSL certificates, domains will need to be revalidated every 825 days (approximately 27 months). For EV SSL certificates, domains will need to be revalidated every 13 months.
We added two new features to the Expiring Certificates page (in the sidebar, click Certificates > Expiring Certificates), making it easier to manage renewal notifications for your expiring certificates.
First, we added a Renewal Notices column with an interactive check box. Use this check box to enable or disable renewal notices for an expiring certificate.
Second, we added two Renewal Notices filters: Disabled and Enabled. These filters allow you to see only the certificate orders with renewal notices enabled or disabled.
In the DigiCert Services API, we updated the List keys and Get key info endpoints response parameters, enabling you to see the organization associated with your ACME certificate orders.
Now, when you call the List keys and Get key info endpoints, we return the name of the organization (organization_name) associated with the ACME certificate order in the response.
We improved our ACME protocol, adding support for the Signed HTTP Exchange certificate profile option. Now, you can use your ACME client to order OV and EV SSL/TLS certificate with the CanSignHttpExchanges extension included.
First create the ACME Directory URL for your Signed HTTP Exchanges certificate. Then use your ACME client to issue and install the certificate with the CanSignHttpExchanges extension.
See ACME Directory URLs for Signed HTTP Exchange certificates and ACME user guide.
Background
The Signed HTTP Exchange certificate profile option is used to address the AMP URL display issue where your brand isn’t displayed in the address bar. See Display better AMP URLs with Signed Exchanges and Get your Signed HTTP Exchanges certificate.
This profile option allows you to include the CanSignHTTPExchanges extension in OV and EV SSL/TLS certificates. Once enabled for your account, the Include the CanSignHttpExchanges extension in the certificate option appears on your Add ACME Directory URL forms.
To enable this certificate profile for your account, please contact your account manager or contact our Support team.
We updated the information icons in the list of ACME Directory URLs on the Account Access page to help you quickly identify certificates that include a certificate profile option (for example, Signed HTTP Exchanges).
In the sidebar menu, click Account > Account Access. On the Account Access page, in the ACME Directory URLs section, click an information icon to see details about the certificate that can be ordered via the ACME Directory URL.
In the DigiCert Services API, we improved the List keys endpoint response parameters, enabling you to see ACME Directory URLs. Now, when you call the List keys endpoint, we return ACME URL (acme_urls) as well as API key (api_keys) information in the response.
In the DigiCert Services API, we improved the Get key info endpoint, enabling you to get details about ACME Directory URLs.
Include the ACME Directory URL ID in the call to the Get key info endpoint (/key/{{key_id}} where key_id is the ACME Directory URL ID) to get information about an ACME Directory URL.
In Discovery, we updated the rating system for Strict-Transport-Security (STS) security headers. Now, we only check STS for HTTP 200 requests and ignore it for HTTP 301 requests. We only penalize the server when the website is missing the Strict-Transport-Security (STS) security header or the setting is wrong. In these cases, we rate the server as "At risk".
Previously, we checked STS for HTTP 301 requests and penalized the server if it was missing the Strict-Transport-Security (STS) security header. In these cases, we rated the server as "Not secure".
To view Security headers results, go to the endpoint's Server details page. In the sidebar menu, click Discovery > View Results. On the Certificates page, click View endpoints. On the Endpoints page, click the endpoint's IP address / FQDN link.
Update note: The updated STS rating system is available in the latest sensor version – 3.7.7. After sensor update is complete, rerun your scans to see your updated STS ratings.
We improved the Transaction Summary on the Reissue Certificate for Order pages, allowing you to see how many days remain until the certificate expires. Now, when you reissue a certificate, the Transaction Summary shows the certificate validity along with days until it expires (e.g., 1 year (expires in 43 days).
In the DigiCert Services API, we updated the List orders, Order info, List reissues, and List duplicates endpoints enabling you to see how many days remain until the certificate expires. For these endpoints, we return a days_remaining parameter in their responses.
We improved the SAML SSO-only users' integration with the CertCentral Services API, adding an account setting that allows you to grant SSO-only users API access. On the SAML Sign-on (SSO) page, under Configure SSO Settings for users, you'll now see the Enable API access for SSO-only users check box (in the sidebar menu, click Settings > Single Sign-On). See Configure SAML Single Sign-On.
Note: This setting allows SSO-only users with API keys to bypass Single Sign-on. Disabling API access for SSO-only users doesn't revoke existing API keys. It only blocks the creation of new API keys.
We improved the Users page, adding a Last Login column that lets you see when a user last signed in to their account (in the sidebar menu, click Account > Users).
We also added the last login information to the User's details page directly under their name (on the Users pages, in the Name column, click the username link).
Note: Previously, this information was only found in the Audit Logs (in the sidebar menu, click Account > Audit Logs).
In the DigiCert Services API, we updated the User info endpoint enabling you to see when a user last logged in to their account. Now, when viewing user details, we return a last_login_date parameter in the response.
We improved the certificate's Order # details page and Order # details panel, adding a new Order requested via entry that lets you see where the order was requested: via the API, via an ACME Directory URL, or from inside CertCentral. If the order was requested via the API or an ACME Directory URL, we also include the API key name or ACME Directory URL name.
Note: We also made it easier to see who requested the certificate, adding a new Order requested by entry to the Order Details section. Previously, we included the requested by information in the Requested on details.
Order # details panel
In the sidebar menu, click Certificates > Orders. On the Orders page, click the certificate order's Quick View link. In the Order # detail panel, expand Show More Certificate Info. In the Order Details section, you'll see the new Order requested via entry.
Order # details page
In the sidebar menu, click Certificates > Orders. On the Orders page, click the certificate's order number link. On the Order # details page, in the Order Details section, you'll see the new Order requested via entry.
We improved the user invitation workflow for SAML Single Sign-On (SSO) integrations with CertCentral, enabling you to designate invitees as SSO only users before sending your account user invitations. Now, in the Invite New Users popup window, use the SAML Single Sign-on (SSO) only option to restrict invitees to SAML SSO only.
Note: This option disables all other authentication methods for these users. Additionally, this option only appears if you have SAML enabled for your CertCentral account.
(In the sidebar menu, click Account > User Invitations. On the User Invitations page, click Invite New Users. See SAML SSO: Invite users to join your account.)
Simplified enrollment form
We also simplified the SSO only user enrollment form, removing the password and security question requirements. Now, SSO only invitees need to add only their personal information.
We made it easier to see your Discovery certificate scan results from the CertCentral Dashboard in your account, adding the Expiring Certificates Discovered, Certificate Issuers, and Certificates Analyzed By Rating widgets.
Each widget contains an interactive chart that allows you drill down to easily find more information about expiring certificates (e.g., which certificates are expiring in 8-15 days), certificates per issuing CA (e.g., DigiCert), and certificates per security rating (e.g., not secure).
More about Discovery
Discovery uses sensors to scan your network. Scans are centrally configured and managed from inside your CertCentral account.
In the DigiCert Services API, we updated the Order info endpoint enabling you to see how the certificate was requested. For certificates requested via the Services API or an ACME Directory URL, we return a new response parameter: api_key. This parameter includes the key name along with key type: API or ACME.
Note: For orders requested via another method (e.g., CertCentral account, Guest Request URL, etc.), the api_key parameter is omitted from the response.
Now, when viewing order details, you'll see the new api_key parameter in the response for orders requested via the API or an ACME Directory URL:
GET https://dev.digicert.com/services-api/order/certificate/{order_id}
Response:
We added a new search filter – Requested via – to the Orders page that allows you to search for certificate orders requested via a specific API key or ACME Directory URL.
Now, on the Orders page, use the Requested via filter to find active, expired, revoked, rejected, pending reissue, pending, and duplicate certificates requested via a specific API key or ACME Directory URL.
(In the sidebar menu, click Certificates > Orders. On the Orders page, click Show Advanced Search. Then, in the Requested via dropdown select the API Key or ACME Directory URL name or type its name in the box.)
We improved our Basic and Secure Site single domain certificate offerings (Standard SSL, EV SSL, Secure Site SSL, and Secure Site EV SSL), adding the Include both [your-domain].com and www. [your-domain].com in the certificate option to these certificates' order, reissue, and duplicate forms. This option allows you to choose whether to include both versions of the common name (FQDN) in these single domain certificates for free.
See Order your SSL/TLS certificates.
Works for subdomains too
The new option allows you to get both versions of base and subdomains. Now, to secure both versions of a subdomain, add the subdomain to the Common Name box (sub.domain.com) and check Include both [your-domain].com and www. [your-domain].com in the certificate. When DigiCert issues your certificate, it will include both versions of the subdomain on the certificate: [sub.domain].com and www.[sub.doman].com.
Removed Use Plus Feature for Subdomains
The Include both [your-domain].com and www. [your-domain].com in the certificate option makes the Plus Feature -- Use Plus Feature for Subdomains obsolete. So, we removed the option from the Division Preferences page (in the sidebar menu, click Settings > Preferences).
In the DigiCert Services API, we updated the Order OV/EV SSL, Order SSL (type_hint), Order Secure Site SSL, Order Private SSL, Reissue certificate, and Duplicate certificate endpoints listed below. These changes provide more control when requesting, reissuing, and duplicating your single domain certificates, allowing you choose whether to include a specific additional SAN on these single domain certificates for free.
*Note: For the Order SSL (type_hint) endpoint, only use the dns_names[]
parameter as described below to add the free SAN.
To secure both versions of your domain ([your-domain].com and www. [your-domain].com), in your request, use the common_name
parameter to add the domain ([your-domain].com) and the dns_names[]
parameter to add the other version of the domain (www. [your-domain].com).
When DigiCert issues your certificate, it will secure both versions of your domain.
To secure only the common name (FQDN), omit the dns_names[]
parameter from your request.
We've improved the Order # details page, allowing you to see the certificate profile option added to your certificate. Now, when you go to a certificate's Order # details page, in the Order Details section, you can see the Profile Option included in that certificate order.
Certificate profile options
When a certificate profile is enabled for your account, the profile option appears on your SSL/TLS certificate request forms under Additional Certificate Options. When ordering an SSL/TLS certificate, you can add a profile to your certificate.
To learn more about the supported certificate profile options, see Certificate profile options. To enable a certificate profile for your account, reach out to your account manager or contact our Support team.
In the DigiCert Services API, we improved the Duplicate certificate endpoint workflow. Now, if the duplicate certificate can be immediately issued, we return the duplicate certificate in the response body.
For more information, see Duplicate certificate.
We improved the duplicate certificate order process in CertCentral. Now, if the duplicate certificate can be immediately issued, we take you directly to the Duplicates page where you can immediately download the certificate.
We improved the Skip approval step account setting, applying the setting to certificate requests placed through the online portal as well as through the API.
To access the skip approval setting in your account, in the sidebar menu, click Settings > Preferences. On the Division Preferences page, expand Advanced Settings and scroll down to the Certificate Request section. See Remove the approval step from the certificate order process.
We fixed a bug on the Guest URL Request a Certificate page, where clicking Order Now redirected you to the DigiCert account sign in page.
Now, when you order a certificate from a Guest URL and click Order Now, your request is submitted to your account administrator for approval. For more information about guest URLs, see Managing Guest URLs.
We added the Auto-Renewal User feature to the New Division page that optionally allows you to set a default user for the division's auto-renewal orders when creating a new division. If set, this user replaces the original requester on all division auto-renewal certificate orders and helps prevent auto-renewal interruptions.
In your account, in the sidebar menu, click Account > Divisions. On the Divisions page, click New Division. On the New Division page, in the Auto-Renewal User dropdown, set a default user for all division auto-renewal orders.
We are adding a new tool to the CertCentral portfolio—ACME protocol support—that allows you to integrate your ACME client with CertCentral to order OV and EV TLS/SSL certificates.
Note: This is the open beta period for ACME protocol support in CertCentral. To report errors or for help connecting your ACME client to CertCentral, contact our support team.
To access ACME in your CertCentral account, go to the Account Access page (in the sidebar menu, click Account > Account Access) and you'll see a new ACME Directory URLs section.
For information about connecting your ACME client with your CertCentral account, see our ACME user guide.
To turn ACME off for your account, contact your account manager or our support team.
Known issues
For a list of current known issues, see ACME Beta: Known issues.
We've added a new Auto-Renewal User feature to the Edit division page that optionally allows you to set a default user for the division's auto-renewal orders. If set, this user replaces the original requester on all division auto-renewal certificate orders and helps prevent auto-renewal interruptions.
(In your account, in the sidebar menu, click Account > Divisions. On the Divisions page, select the division (or click My Division). Edit the division and in the Auto-Renewal User dropdown, set a default user for all division auto-renewal orders.)
We improved the automatic certificate renewal feature, adding an "Auto-renewal disabled" notification to the process. If something happens that prevents us from automatically renewing a certificate, we now send an "Auto-renew disabled" email notification, letting you know auto-renewal has been disabled for the order, what will happen now, and how to re-enable auto-renewal for the order.
Note: Automatic certificate renewals are tied to a specific user (order specific or division specific). If that user ever loses permissions to place orders, the automatic certificate renewal process is disabled.
We've updated the CertCentral SAML Federation Settings, enabling you to keep your Federation Name from appearing in the list of IdPs on the SAML Single Sign-On IdP Selection and SAML certificate requests IdP Selection pages.
Now, on the Federation Settings page, under Your IDP's Metadata, we added the Include Federation Name option. If you want to keep your Federation Name from appearing in the list of IdPs on the IdP Selection page, uncheck Add my Federation Name to the list of IdPs.
Secure Site Pro TLS/SSL certificates are available in CertCentral. With Secure Site Pro, you're charged per domain; no base certificate cost. Add one domain, get charged for one. Need nine domains, get charged for nine. Secure up to 250 domains on one certificate.
We offer two types of Secure Site Pro certificates, one for OV certificates and one for EV certificates.
Benefits included with each Secure Site Pro certificate
Each Secure Site Pro certificate includes – at no extra cost – first access to future premium feature additions to CertCentral (e.g., CT log monitoring and validation management).
Other benefits include:
To activate Secure Site Pro certificates for your CertCentral account, contact your account manager or our support team.
To learn more about our Secure Site Pro certificates, see DigiCert Secure Site Pro.
Public SSL certificates can no longer secure domain names with underscores ("_"). All previously issued certificates with underscores in domain names must expire prior to this date.
Note: The preferred underscore solution is to rename the hostnames (FQDNs) that contain underscores and replace the certificates. However, for those situations where renaming is not possible, you can use private certificates and, in some cases, you can use a wildcard certificate that secures the entire domain.
For more details, see Retiring Underscores in Domain Names.
DigiCert will continue to support the SHA1 signature for Code Signing certificates. We are removing the max expiration restriction of December 30, 2019.
We added DV certificates to the available products for Guest URLs. Now, you can add GeoTrust and RapidSSL DV certificates to your Guest URLs.
We fixed a bug where adding Secure Site certificates to a Guest URL prevented you from editing the Guest URL. Now, when you add Secure Site certificates to a Guest URL, you can edit the Guest URL as needed.
We fixed a bug where adding Private SSL certificates to a Guest URL prevented you from editing the Guest URL. Now, when you add Private SSL certificates to a Guest URL, you can edit the Guest URL as needed.
We fixed a bug where new organizations added during the SSL/TLS certificate request process weren't listed on the Organizations page (in the sidebar menu, click Certificates > Organizations).
With this fix, new organizations added during the SSL/TLS certificate request process will now be automatically listed on the Organizations page in your account.
Retroactive fix: All Organizations will be listed
The fix for this bug is retroactive too. If you've enabled users to add new organizations during the request process, the next time you go to the Organizations page in your account, these organizations will be added to the list.
Note: This bug didn't affect your ability to request additional SSL/TLS certificates for these organizations, as they appeared in the list of existing organizations on the certificate request forms where you could add them to the certificate. This bug also didn't affect organizations added from the New Organizations page (on the Organizations page, click New Organization).
We improved the CertCentral audit logs, making it easier to track API key creations. Now, the audit logs will contain information about who created the API key, when it was created, name of API, etc.
(To access the audit logs in your account, in the sidebar menu, click Account > Audit Logs.)
We improved the Transaction Summary on the certificate request pages, making it easier to track the cost of the certificate. For example, you request a Multi-Domain certificate and add 5 domains. In the Transaction Summary, we show the base price (which includes 4 SANs) plus the price of the additional SAN added to the order.
Previously, the Transaction Summary only tracked the total cost of the certificate without the itemized cost.
We fixed a DV certificate reissue bug where we weren't honoring the valid until date on the original order for certificates with more than a year remaining until they expired.
Now, when you reissue a DV certificate with more than a year remaining until it expires, the reissued certificate will retain the valid until date of the original certificate.
In the DigiCert Services API, we improved the DV certificate request endpoints allowing you to use the new email_domain
field along with the existing email
field to more precisely set the desired recipients of the domain control validation (DCV) emails.
For example, when ordering a certificate for my.example.com, you can have a domain owner for the base domain (example.com) validate the subdomain. To change the email recipient for the DCV email, in your DV certificate request, add the dcv_emails parameter. Then, add the email_domain
field specifying the base domain (example.com) and the email
field specifying the email address of the desired DCV email recipient (admin@example.com).
Example request for a GeoTrust Standard DV Certificate
DV certificate endpoints:
We enhanced the DigiCert Services API request endpoints enabling you to get faster responses to your certificate requests.
We made it easier to Add Contacts for OV certificate orders (Standard SSL, Secure Site SSL, etc.). Now when you order an OV certificate, we populate the Organization Contact card for you. If needed, you can add a technical contact.
To use a different organization contact, delete the one populated automatically and manually add one.
We made it easier to Add Contacts for EV certificate orders (EV SSL, Secure Site EV SSL, etc.). Now when you order an EV certificate, we will populate the Verified Contact cards for you if EV verified contact information is available in your account. If needed, you can add organization and technical contacts.
Assigning Verified Contacts to an organization is not a prerequisite for adding an organization. There may be instances were verified contact information won't be available for an organization. In this case, manually add the Verified Contacts.
We enhanced our DV certificate offering. You can now renew your DV certificate orders, allowing you to keep the original order ID.
Previously, when a DV certificate order neared its expiration date, you had to order a new certificate for the domains on the expiring order.
Note: DV certificates don't support domain pre-validation. When you renew a DV certificate, you must demonstrate control over the domains on the renewal order.
In the DV Certificate Enrollment guide, see Renewing DV Certificates.
We enhanced the Order # details page for pending OV SSL and EV SSL certificate orders. In the DigiCert Needs To section, under Verify Organization Details, we now list the steps that need to be completed to validate the organization (e.g., complete Place of Business Verification) along with the status for each step: complete or pending.
Previously, we provided only a high-level overview of the organization validation process – Verify Organization Details – without offering any details as to what steps needed to be completed before the organization was fully validated.
We fixed a bug on the forms in CertCentral where the state/province/territory field appeared as being required when the country selected didn't require that information (for example when adding a new organization or a credit card).
Note: This bug didn't prevent you from completing these transactions. For example, you were still able to add an organization or a credit card with or without filling in the state/province/territory field.
Now, in the forms, the state/province/territory field is labeled as optional for countries that don't require this information as part of their transactions.
Note: US and Canada are the only countries that require you to add a state or province/territory.
We added a new Add contact feature to the OV SSL/TLS certificate request forms allowing you to add a single technical contact and a single organization contact during the request process.
Previously, you were unable to add contacts when ordering OV SSL/TLS certificates (such as Secure Site SSL and Multi-Domain SSL certificates).
Note: A technical contact is someone we can contact should problems arise while processing your order. An organization contact is someone we can contact when completing the organization validation for your certificate.
We enhanced the Add contact feature on the EV SSL/TLS certificate request forms allowing you to add a single technical contact and a single organization contact during the request process.
Previously, you could only add Verified Contacts (for EV) when ordering EV SSL/TLS certificates (such as Secure Site EV and EV Multi-Domain SSL).
Note: A technical contact is someone we can contact should problems arise while processing your order. An organization contact is someone we can contact when completing the organization validation for your certificate.
We moved the CertCentral DV Certificate Enrollment guide to https://docs.digicert.com/certcentral/documentation/dv-certificate-enrollment/.
A pdf version of the guide is still available (see link at the bottom of the Introduction page).
Additionally, we updated and added instructions to cover the supported DCV methods for DV certificates in CertCentral.
We added two more Domain Control Validation (DCV) methods to the DV certificate Order and Reissue pages: DNS TXT and File.
Note: Previously (unless you are using the DigiCert Services API), you could only use the Email DCV method to prove control over the domains on your DV certificate orders.
Now, when ordering or reissuing a DV certificate, you can choose DNS TXT, File, or Email as the DCV method to complete domain validation for the order.
We added new Prove control over domains features to the DV certificates' Order # details page.
Previously, you were unable to take any actions to complete your domain validation on the DV certificates' Order # details page.
Now, you can take more actions to complete the domain validation for the order:
(In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number.)
We enhanced the Certificate Details section of the DV certificates' Order # details page adding additional DV certificate information: Serial Number and Thumbprint.
Note: This enhancement is not retroactive. This new information only appears for orders placed after 17:00 UTC time January 15, 2019.
(In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number.)
We enhanced the Get order details endpoint enabling the DV certificate's thumbprint and serial number to be returned in the response.
{
"id": "12345",
"certificate":{
"id":123456,
"thumbprint":"{{thumbprint}}",
"serial_number":"{{serial_number}}
...
}
Note: This enhancement is not retroactive. The thumbprint and serial number are only returned for orders placed after 17:00 UTC time January 15, 2019.
For more information, see the Get order details endpoint in the DigiCert Services CertCentral API documentation.
We improved the look and feel of our DigiCert account sign in page (www.digicert.com/account/), bringing it up to date with the design of our certificate management platform, CertCentral.
We enhanced the order Notes feature, enabling the order notes from the previous order to carry over to the renewed certificate order.
Previously, if you wanted any of the notes to carry over, you had to manually add the notes to the renewed order yourself.
Now, notes from the previous order are automatically carried over to the renewal order. These notes are timestamped with author's name (for example, 18 Dec 2018 8:22 PM John Smith).
These notes are on the renewed Order # details page (in the sidebar menu, click Certificates > Orders and then click the order number link). They are also in the Order # details panel (click the Quick View link).
We enhanced the DV certificates Order # details page, enabling you to see which domains on the order are pending validation (i.e., domains that you still need to demonstrate control over).
Previously, domains pending validation weren't listed on the Order # details page.
Now, when you visit a DV certificate's Order # details page, domains pending validation will be shown. (In the sidebar menu, click Certificate > Orders and then on the Orders page, click the order number link).
We fixed a bug on the Orders page (in the sidebar menu, click Certificates > Orders) where the Organization Contact information was missing in the Order # details panel.
Now, when you visit the Orders page and use the Quick View link to view order details, you will see the Organization Contact information in the Order # details panel. (Expand Show More Certificate Info and in the Order Details section, expand Show Org Contact).
DigiCert began issuing public SSL certificates containing underscores for a limited time.
For more details, see Retiring Underscores in Domain Names.
In the top menu, we added two new contact support options (phone and chat icons) making it easier to contact support from within CertCentral (via email, chat, or phone).
The phone icon provides you with email and phone options. The chat icon provides you with a chat window where you can start a chat with one of our dedicated support team members.
We enhanced the sidebar menu, making it easier to see the menu option for the pages you are visiting. Now, when you visit a page in CertCentral, the menu option for that page will have a horizontal blue bar next to it.
We fixed a bug in the Add Organization feature on the SSL/TLS certificate request forms where the validation status (EV and OV validated) was not included for new organizations added and validated as part of the certificate order.
Now, new organizations added when ordering an SSL certificate will show a Validated status.
Note: The organization's validation status doesn't appear until we've fully validated the organization.
We enhanced our RapidSSL DV certificate offerings enabling you to include a second, very specific domain, in these single domain certificates.
We enhanced the RapidSSL certificate endpoints to include the dns_names parameter, enabling you to include a second, very specific domain, in these single domain certificates.
"common_name": "[your-domain].com",
"dns_names": ["www.[your-domain].com"],
"common_name": "*.your-domain.com",
"dns_names": ["[your-domain].com"],
For DigiCert Services API documentation, see CertCentral API.
Individual Document Signing certificates are available in CertCentral:
To activate Individual Document Signing certificates for your CertCentral account, contact your Sales representative.
Previously, only Organization Document Signing certificates were available.
To learn more about these certificates, see Document Signing Certificate.
We enhanced the Orders Report feature on the Orders page (in the sidebar menu, click Certificates > Orders). Now when you run a report (click Orders Report), it will include your DV SSL certificate orders.
We enhanced the Add Verified Contacts process on the organization details pages making it easier to add existing and new verified contacts when submitting an organization for pre-validation (in the sidebar menu, click Certificates > Organizations. Then in the Name column, click the organization name link).
To make adding a verified contact easier, we removed the separate links (Add New Contact and Add from Existing Contacts) each with their own window. Now, we provide a single Add Contact link and a single Add Contact window where you can add a new or existing contact.
Add New Contact Note
By default, the Allow non-CertCentral account users to be used as verified contacts feature is disabled for a CertCentral account.
You can enable this feature on the Division Preferences page (in the sidebar menu, click Settings > Preferences). In the Advance Settings section, under Verified Contacts, you can allow non-CertCentral account users to be used as verified contacts (check Allow non-DigiCert users to be used as verified contacts).
We added a new feature Allow users to add new contacts when requesting TLS certificates that provides you with the flexibility to choose whether standard users, finance managers, and limited users can add a new non-CertCentral account user as a Verified Contact (for EV) when ordering an EV TLS/SSL certificate from inside their account or when using a guest URL.
Previously, the only way to prevent these user roles from adding a new non-CertCentral account user as a verified contact during the order process was to edit the request and select an existing contact for the order or reject the certificate request.
Now, you can control whether the User, Finance Manager, and Limited User roles can add a new non-CertCentral account user as a verified contact from the EV SSL/TLS certificate request pages. This feature doesn't remove the option from the EV SSL/TLS certificate order pages for the Administrator and Manager roles.
On the Division Preferences page (Settings > Preferences). In the Certificate Request section (expand Advanced Settings), under Add New Contacts, uncheck Allow users to add new contacts when requesting TLS certificates and then click Save Settings.
Note: This change does not remove the ability to add an existing contact (CertCentral account users or non-CertCentral account users) as the verified contact to an order as this is required for all EV SSL/TLS certificate orders.
We enhanced the Allow users to add new organizations when requesting TLS certificate feature providing you with the flexibility to choose whether standard users, finance managers, and limited users can add a new organization when ordering a TLS certificate (OV and EV) from inside their account or when using a guest URL.
Previously, the feature removed the ability to add a new organization for all user roles: Administrator, Manager, Standard User, Finance Manager, and Limited User.
Now, the Allow users to add new organizations when requesting TLS certificate feature only affects the User, Finance Manager, and Limited User roles ability to add new organizations from the certificate request pages. Administrator and Manager roles retain the ability to add new organizations whether this feature is enabled or disabled.
On the Division Preferences page (Settings > Preferences). In the Certificate Request section (expand Advanced Settings), under Add New Organization, uncheck Allow users to add new organizations when requesting TLS certificates and then click Save Settings.
Note: This change does not remove the ability to add an existing, pre-validated organization to an order as this is required for all OV and EV TLS certificate orders.
We enhanced the add existing organization feature for the EV SSL/TLS certificates order process making it easier to include the EV verified contacts for an organization in your certificate order.
Previously, information about who the EV verified contacts are for an organization didn't appear on the EV certificate request pages.
Now, when you add an existing organization that already has EV verified contacts assigned to it, the Verified Contact (for EV) cards are populated with the verified contacts' information.
Note: If your CSR includes an organization currently used in your account, the Organization card is populated with the organization's information contained in your account. If this same organization already has assigned EV verified contacts, the Verified Contact (for EV) cards are populated with their information (name, title, email, and phone number).
We fixed a bug on the User Invitations page preventing the Invited By filter from showing the administrators who sent the user invite requests.
Now, when you go to the User Invitations page (in the sidebar menu, click Account > User Invitations), the Invited By filter shows the admins who sent user invitations.
We enhanced our SSL/TLS and client certificate product offerings, enabling you to set a custom validity period (in days) when ordering one of these certificates. Previously, you could only choose a custom expiration date.
Custom validity periods start on the day we issue the certificate. Certificate pricing is prorated to match the custom certificate length.
Note: Custom certificate lengths can't exceed the industry allowed maximum lifecycle period for the certificate. For example, you can't set a 900-day validity period for an SSL/TLS certificate.
We enhanced the SSL/TLS and Client certificate endpoints to include a new validity_days parameter that allows you to set the number of days that the certificate is valid for.
Parameter Priority Note: If you include more than one certificate validity parameter in your request, we prioritize the certificate validity parameters in this order: custom_expiration_date > validity_days > validity_years.
For DigiCert Services API documentation, see CertCentral API.
We added a new Order Management - List Order Reissues API endpoint that allows you to view all the reissue certificates for a certificate order. See the List order reissues endpoint.
We enhanced the add existing organization feature of the SSL/TLS certificate order process, enabling you to filter the existing organization list to see only organizations that are fully validated.
Note: If your CSR includes an organization currently used in your account, the Organization card auto populates with the organization's information contained in your account.
To manually add an existing organization when ordering your SSL/TLS certificate, click Add Organization. In the Add Organization window, check Hide non-validated organizations to filter the organizations so only the fully validated ones are shown.
Note: If you have more than nine active organizations in your account, the filter also works for the Organization drop-down list.
We enhanced the Organization Unit(s) feature of the SSL/TLS certificate order process, enabling you to add multiple organization units. Previously, you could only add one organization unit.
Note: The Organization Unit(s) field on the request form will be auto populated with the values from your CSR.
To manually add organization units when ordering your SSL/TLS certificate, expand Additional Certificate Options and in the Organization Unit(s) field, you can now add one or more organization units.
Note: Adding organization units is optional. You can leave this field blank. However, if you do include organization units in your order, DigiCert will need to validate them before we can issue your certificate.
We fixed a Custom Order Fields* bug preventing the feature from working properly when deactivating, activating, changing a field from required to optional, and changing a field from optional to required.
*Custom Order Fields is disabled by default. To enable this feature for your CertCentral account, please contact your DigiCert account representative. See Managing Custom Order Form Fields in the Advanced CertCentral Getting Started Guide.
We enhanced the order details page for issued certificates, making it easier to find the certificate details on page. (In the sidebar menu, click Certificates > Orders and then on the Orders page click the order number.)
To make finding the certificate details easier, we moved that information so it's the first thing you see on the order details page. Additionally, we moved all certificate actions, such as Reissue Certificate and Revoke Certificate, to the Certificate Actions drop-down list.
We enhanced the functionality of the Domain management – Get domain control emails API endpoint. You can now use the domain name to retrieve the Domain Control Validation (DCV) email addresses (WHOIS-based and constructed) for any domain.
Previously, you had to have the domain ID to retrieve the DCV email addresses. However, for a domain to have an ID, you had to submit it for pre-validation.
Now, you can use either the domain name or the domain ID with the Domain management – Get domain control emails endpoint to retrieve the DCV email addresses (WHOIS-based and constructed) for a domain. See the Get domain emails endpoint.
We fixed a bug on the TLS/SSL certificate order forms where adding a CSR only auto populated the Common Name field. While fixing this bug, we enhanced the CSR upload feature to also auto populate the Organization field.
We now use information from your CSR to auto populate these order form fields: Common Name, Other Hostnames (SANs), Organization Unit (OU), and Organization.
You can still change the information in these fields as needed (for example, you can add or remove SANs).
Organization field note
When you include an organization currently used in your account, the Organization card auto populates with the organization's information contained in your account.
We enhanced the add existing organization feature of the TLS/SSL certificate order process, enabling you to see the organization's address and phone number, along with its validation status (EV Validated, Pending OV Validated, etc.). Note that organizations not yet submitted for validation won't have any validation status listed.
Previously, you were unable to see any information about the organization from the Request Certificate pages. To view organization details and validation status, you had to visit the Organizations page (in the sidebar menu, click Certificates > Organizations).
Note: If you have more than nine active organizations in your account, you will still use the Organization drop-down list, and you will still need to visit the Organizations page to view details about an organization. However, you will now see the top two most used organizations at the top of the list under Recently Used.
We enhanced the Add Contact feature of the EV TLS/SSL certificate order process, enabling you to see if the existing contact listed is a CertCentral account user or a contact (non-CertCentral account user).
Previously, when adding an existing contact as a Verified Contact for your EV TLS certificate order, you were presented with a list of contacts to select from without a way to distinguish account users from non-account users.
With this improvement, the contacts listed are now categorized as Users (CertCentral account users) and Contacts (non-CertCentral account users).
Note: By default, the Allow non-CertCentral account users to be used as verified contacts feature is disabled for a CertCentral account.
How to enable the Allow non-CertCentral account users to be used as verified contacts feature
On the Division Preferences page (Settings > Preferences), in the Advance Settings section, under Verified Contacts, you can allow non-CertCentral account users to be used as verified contacts (check Allow non-DigiCert users to be used as verified contacts).
With the non-CertCentral user feature enabled, when adding verified contacts as part of the EV certificate request process, you will see two options: Existing Contact and New Contact. The Existing Contact option lets you assign a CertCenrtal user as the verified EV contact. The New Contact option lets you enter information for a non-CertCentral account user.
We enhanced the add new organization feature of the TLS/SSL certificate order process, enabling you to edit the details of a newly added organization.
Previously, after adding a new organization on the Certificate Request page, you were unable to go back and edit the organization's details. To edit the organization's details, you had to delete the organization and re-add it with the correct information.
With this improvement, you may now edit the newly added organization details. Click the edit icon (pencil), and you can modify the organization's details before submitting your order.
We enhanced the Add Organization step of the TLS/SSL certificate ordering process.
Previously, you were required to add a new organization before requesting your certificate (Certificates > Organizations). Additionally, the new organization was not available on the Certificate Request page until we completed its organization validation.
With this improvement, you can add a new organization as part of the request process. Note that because the organization is not pre-validated, DigiCert will need to validate the new organization before we can issue your certificate.
Note: When adding a new organization from a Certificate Request page, the requestor (person ordering the certificate) becomes the contact for the new organization.
When ordering a TLS/SSL certificate, you can still choose to use an existing, pre-validated organization.
Editing a Request
Before a TLS/SSL certificate request is approved, you can Edit the request and add a new organization. The person who adds the new organization becomes the contact for the new organization.
We added a new Add Contacts feature to the EV TLS/SSL certificate request process that lets you assign an existing CertCentral user (admin, manager, finance manager, or user) as the verified EV contact for the organization as part of the request process.
Previously, you were required to assign a verified EV contact to an organization before requesting your certificate (Certificates > Organizations).
Allow non-CertCentral account users to be used as verified contacts enabled
On the Division Preferences page (Settings > Preferences), in the Advance Settings section, under Verified Contacts, you can allow non-CertCentral account users to be used as verified contacts (check Allow non-DigiCert users to be used as verified contacts).
With the non-CertCentral user feature enabled, when adding verified contacts as part of the EV certificate request process, you will see two options: Existing Contact and New Contact. The Existing Contact option lets you assign a CertCenrtal user as the verified EV contact. The New Contact option lets you enter information for a non-CertCentral account user.
We added a Skip Approval Step feature that lets you remove the approval step from your SSL, Code Signing, and Document Signing certificate order processes.
Note: Admin approvals are still required for certificate revocations, Guest URL certificate requests, and Finance Manager, Standard User, and Limited User certificate requests.
You can activate this feature on the Division Preferences page (Settings > Preferences). In the Certificate Request section (expand Advanced Settings), under Approval Steps, select Skip approval step: remove the approval step from your certificate order processes and then click Save Settings.
Note: These orders don't require an approval, so they won't be listed on the Requests page (Certificates > Requests). Instead, these orders will only appear on the Orders page (Certificate > Orders).
Enhancements made to Wildcard certificates. You can secure multiple wildcard domains on a single wildcard certificate.
When you order a Wildcard certificate in CertCentral, you can secure multiple wildcard domains in one wildcard certificate (*.example.com, *.yourdomain.com, and *.mydomain.com). You can still secure a single wildcard domain (*.example.com) with your Wildcard certificate.
Items to note:
Enhancements to Order # pages (click Certificates > Orders and then click an Order # link) and Order # detail panes (click Certificates > Orders and then click Quick View link).
When viewing an order's validation status, you can now see the validation status of each SAN on an order: pending or complete.
Enhancements to the SSL certificate request (Request a Certificate > SSL Certificates) and SSL certificate renewal pages. We've simplified the look and feel of the request and renewal pages, placing specific information in expandable sections. This enables the end user to focus on the most important parts of the order and renewal processes.
We've grouped the following certificate and order options under the section headings below.
Enhancements to Order # pages (click Certificates > Orders and then click an Order # link) and Order # detail panes (click Certificates > Orders and then click Quick View link).
You can now see an order's validation statuses: pending or completed. You can also see if the order is waiting on domain or organization validation to be completed before it can be issued.
This is for informational purposes only, no action is required.
As of February 1, 2018, DigiCert publishes all newly issued public SSL/TLS certificates to public CT logs. This does not affect any OV certificates issued before February 1, 2018. Note that CT logging has been required for EV certificates since 2015. See DigiCert Certificates Will Be Publicly Logged Starting Feb. 1.
New "exclude from CT log when ordering a certificate" feature added to CertCentral. When you activate this feature (Settings > Preferences), you allow account users to keep public SSL/TLS certificates from being logged to public CT logs on a per certificate order basis.
While ordering an SSL certificate, users have an option not to log the SSL/TLS certificate to public CT logs. The feature is available when a user orders a new certificate, reissues a certificate, and renews a certificate. See CertCentral Public SSL/TLS Certificate CT Logging Guide.
New optional CT logging opt out field (disable_ct) added to the SSL certificate request API endpoints. Also, a new CT Log issued certificate opt out endpoint (ct-status) added. See CertCentral API Public SSL /TLS Certificate Transparency Opt Out Guide.
Enhancements to the Overview page (click Dashboard). Added the ability to request a certificate from the Dashboard; note the new Request a Certificate button at the top of the page.
Enhancements to the Request a Certificate drop-down list on the Orders page (click Certificates > Orders) and the Requests page (click Certificates > Requests). Added certificate type headers (e.g., CODE SIGNING CERTIFICATES) to the list to make finding certificates by type easier.
Enhancements to the Expiring Certificates page (click Certificates > Expiring Certificates). Added a Quick View link allowing you to see details about each expiring certificate without leaving the page.
Enhancements to the Orders page (click Certificates > Orders) and Requests page (click Certificates > Requests). Added the ability to request a certificate from these pages; note the new Request a Certificatebutton at the top of the pages.
Enhancements to the Orders page (click Certificates > Orders); improved page performance.
Enhancements to the Order details page (viewed when clicking an order # on the Certificates > Orders page); improved page performance.
Enhancements to the order details pane on the Requests page (viewed when clicking an order #); improved page performance.
Enhancements to user list queries; improved user search along with page performances (e.g., Orders page).
Enhancements to Request a Certificate pages; improved organization and domain searches along with page performance.
Enhancements to client certificates; added support for multiple organizational units (OUs).
Enhancements to client certificates; added support for multiple organizational units (OUs).
Enhancements made to Account Balance and the Purchase Order process. See CertCentral Account Balance and PO Process Changes.