CertCentral: Domain locking is now available
DigiCert is happy to announce our domain locking feature is now available.
Does your company have more than one CertCentral account? Do you need to control which of your accounts can order certificates for specific company domains?
Domain locking allows you to control which of your CertCentral accounts can order certificates for your domains.
How does domain locking work?
DNS Certification Authority Authorization (CAA) resource records allow you to control which certificate authorities can issue certificates for your domains.
With domain locking, you can use this same CAA resource record to control which of your company's CertCentral accounts can order certificates for your domains.
How do I lock a domain?
To lock a domain:
To learn more, see:
End of life for account upgrades from Symantec, GeoTrust, Thawte or RapidSSL to CertCentral™
From April 5, 2022, MDT, you can no longer upgrade your Symantec, GeoTrust, Thawte, or RapidSSL account to CertCentral™.
If you haven't already moved to DigiCert CertCentral, upgrade now to maintain website security and have continued access to your certificates.
Note: During 2020, DigiCert discontinued all Symantec, GeoTrust, Thawte, RapidSSL admin consoles, enrollment services, and API services.
How do I upgrade my account?
To upgrade your account, contact DigiCert Support immediately. For more information about the account upgrade process, see Upgrade from Symantec, GeoTrust, Thawte, or RapidSSL.
What happens if I don't upgrade my account to CertCentral?
After April 5, 2022, you must get a new CertCentral account and manually add all account information, such as domains and organizations. In addition, you won't be able to migrate any of your active certificates to your new account.
For help setting up your new CertCentral account after April 5, 2022, contact DigiCert Support.
We fixed a bug in CertCentral where "hidden" organizations prevented certificate request forms from opening. To fix this issue, we no longer include hidden organizations in the list of available organizations on the certificate request forms.
What if I want to add a "hidden" organization to a certificate request?
To include a "hidden" organization in the list of available organizations on your certificate request forms, simply unhide it.
The next time you order a certificate, the organization will appear in the list of available organizations on the certificate request form.
Note: This change only affects the CertCentral user interface (UI). The API supports adding "hidden" organizations to your requests; you don’t need to unhide an organization to add it to a certificate request.
Legacy account upgrades to CertCentral
In the DigiCert Service API, we added a new endpoint—DigiCert order ID—to make it easier to find the corresponding DigiCert order IDs for your migrated legacy Symantec orders.
After you migrate your active, public SSL/TLS certificate orders to your new account, we assign a unique DigiCert order ID to each migrated legacy Symantec SSL/TLS certificate order.
For more information:
Legacy account upgrades 2.0
We are happy to announce that validated domains and active, public SSL/TLS certificates are now included in the data migration when upgrading your legacy console to CertCentral. See What you need to know about account data migration.
With this release, we start a phased upgrade of our legacy consoles to CertCentral. Upgrade criteria is dependent on company size, currency preference, and feature usage.
Note: CertCentral upgrades are free. If you are interested in upgrading now, please contact your account manager or our Support team.
If your legacy account meets the phase one criteria, when you sign in to your console, you'll see an option to upgrade to CertCentral. Upon upgrade, we migrate your organizations and and validated domains to your CertCentral account. Then, when ready, you can import your active, public SSL/TLS certificates.
For more information about the upgrade to CertCentral and data migration, see our Upgrade to CertCentral guide.
Other types of certificates
Private SSL, code signing, S/Mime and other types of certificates cannot be imported at this time. Private SSL/TLS and non-SSL/TLS certificate will be part of a separate migration effort.
In the DigiCert Services API, we added two new Order info endpoints. Now, you can use the order ID, the certificate's serial number, or the certificate's thumbprint to view the details for a certificate order.
Currently, these new endpoints only retrieve data for the primary certificate. For more information on the Services API, see our Developers portal.
PQC dockerized toolkit guide available now
Secure Site Pro Secure Site Pro certificates come with access to the DigiCert post-quantum cryptographic (PQC) toolkit. To create your own PQC test environment, use one of these options:
Our toolkits contain what you need to create a hybrid SSL/TLS certificate. The hybrid certificate in the toolkits uses a PQC algorithm paired with an ECC algorithm allowing you to test the feasibility of hosting a post-quantum, backwards compatible hybrid certificate on your website.
Note: To access your PQC toolkit, go to your Secure Site Pro Certificate's Order # details page. (In the sidebar menu, click Certificates > Orders. On the Orders page, click the order number link for your Secure Site Pro certificate. On the certificate's order details page, click PQC toolkit.)
To make the upgrade as seamless as possible, we shimmed these Retail API endpoints:
Now, you can upgrade your DigiCert Account without any interruptions to your API integrations. Once you're upgraded, make plans to build new integrations with CertCentral.
For information about the DigiCert Retail API, see Documentation for the DigiCert Retail API.
We fixed a bug where some account admins were unable to view or edit the details of their CertCentral user accounts. Now, all account admins can once again view and edit user account details (email address, role, etc.).
To learn more about CertCentral, check out our short video How to Manage Your Entire Certificate Lifecycle in 60 Seconds—or Less.