CertCentral: Domain locking is now available
DigiCert is happy to announce our domain locking feature is now available.
Does your company have more than one CertCentral account? Do you need to control which of your accounts can order certificates for specific company domains?
Domain locking allows you to control which of your CertCentral accounts can order certificates for your domains.
How does domain locking work?
DNS Certification Authority Authorization (CAA) resource records allow you to control which certificate authorities can issue certificates for your domains.
With domain locking, you can use this same CAA resource record to control which of your company's CertCentral accounts can order certificates for your domains.
How do I lock a domain?
To lock a domain:
To learn more, see:
End of life for account upgrades from Symantec, GeoTrust, Thawte or RapidSSL to CertCentral™
From April 5, 2022, MDT, you can no longer upgrade your Symantec, GeoTrust, Thawte, or RapidSSL account to CertCentral™.
If you haven't already moved to DigiCert CertCentral, upgrade now to maintain website security and have continued access to your certificates.
Note: During 2020, DigiCert discontinued all Symantec, GeoTrust, Thawte, RapidSSL admin consoles, enrollment services, and API services.
How do I upgrade my account?
To upgrade your account, contact DigiCert Support immediately. For more information about the account upgrade process, see Upgrade from Symantec, GeoTrust, Thawte, or RapidSSL.
What happens if I don't upgrade my account to CertCentral?
After April 5, 2022, you must get a new CertCentral account and manually add all account information, such as domains and organizations. In addition, you won't be able to migrate any of your active certificates to your new account.
For help setting up your new CertCentral account after April 5, 2022, contact DigiCert Support.
Legacy account upgrades to CertCentral: Mark migrated certificate orders as renewed
When you migrate a certificate order from your legacy console and then renew it in CertCentral, the original order may not get updated automatically to reflect the renewal. To make it easier to manage these migrated certificates, we added a new option—Mark renewed.
The Mark renewed option allows you to change the certificate order's status to Renewed. In addition, the original migrated certificate no longer appears in expiring or expired certificate lists, in the expiring or expired certificate banners, or on the Expired Certificates page in CertCentral.
Mark a migrated order as renewed
In CertCentral, in the left main menu, go to Certificates > Orders. On the Orders page, in the certificate order's Expires column, click Mark renewed.
To make it easier to see the migrated certificate orders that have been marked renewed, we added a new filter—Renewed. On the Orders page, in the Status filter dropdown, select Renewed and click Go.
To learn more, see Mark a migrated certificate order as renewed.
Legacy API upgrades to CertCentral Services API: Update order status endpoint improvements
When you migrate an order from your legacy console and then renew it in CertCentral, the original order may not get updated automatically to reflect the renewal.
To prevent these "renewed" orders from appearing alongside orders that still need to be renewed, we added a new value—renewed—to the status parameter on the Update order status endpoint.
Now, when you know a migrated certificate order has been renewed, you can manually change the status of the original order to renewed.
Example request with new status parameter
To learn more, see Update order status.