Filtering by: validation x clear
new

To make it easier to plan your certificate related tasks, we scheduled our 2021 maintenance windows in advance. See DigiCert 2021 scheduled maintenance—this page is kept up to date with all maintenance schedule information.

With customers all over the world, we understand there is not a best time for everyone. However, after reviewing the data on customer usage, we selected times that would impact the fewest amount of our customers.

About our maintenance schedule

  • Maintenance is scheduled for the first weekend of each month, unless otherwise noted.
  • Each maintenance window is scheduled for 2 hours.
  • Although we have redundancies in place to protect your service, some DigiCert services may be unavailable.
  • All normal operations will resume once maintenance is completed.

If you need more information regarding these maintenance windows, contact your account manager or DigiCert support team. To get live updates, subscribe to the DigiCert Status page.

new

Upcoming scheduled maintenance

On February 6, 2021 between 22:00 – 24:00 MST (February 7, 2021 between 05:00 – 07:00 UTC), DigiCert will perform critical maintenance.

During maintenance, the services listed below will be down approximately 60 minutes. However, due to the scope work happening, there may be additional service interruptions during the two-hour maintenance window.

You will be unable to sign in to these platforms and access these services and APIs:

  • CertCentral / Service API
  • Direct Cert Portal / Direct Cert Portal API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • Discovery / API
  • ACME
  • ACME agent automation / API

DigiCert will be unable to issue certificates for these services and APIs:

  • CertCentral / Services API
  • Direct Cert Portal / Direct Cert Portal API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • Complete Website Security (CWS) / API
  • Managed PKI for SSL (MSSL) / API
  • QV Trust Link

These services will not be affected by the maintenance activities:

  • PKI Platform 8
  • PKI Platform 7
  • DigiCert ONE managers

API note:

  • Services to process certificate-related transactions will be unavailable, such as, requesting certificates, adding domains, and validation requests.
  • APIs will return “cannot connect” errors.
  • Certificate requests placed during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues around the maintenance window.
  • Expect interruptions if you use APIs for immediate certificate issuance and automated tasks.
  • Subscribe to the DigiCert Status page to get live updates, .
  • See the DigiCert 2021 scheduled maintenance for scheduled maintenance dates and times.

Services will be restored as soon as the maintenance is completed.

new

Upcoming scheduled maintenance

On January 9, 2021 between 22:00 – 24:00 MST (January 10, 2021 between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.

Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.

What can you do?
Please plan accordingly.

Services will be restored as soon as maintenance is completed.

August 30, 2018

fix

We fixed an Additional Emails bug where additional emails added to a certificate order weren't being saved.

Now, when you go to a certificate's Order details page and add and save additional email addresses to the order, the additional email addresses are saved and will be there when you return to the page.

fix

We fixed a Code Signing (CS) certificate approval email bug where the CS approval email was sent when the CS requestor was also a CS verified contact.

Now, when the code signing certificate requestor is also the verified CS contact for the organization, we don't send a CS approver email.

August 1, 2018

compliance

Industry standards changed and removed two Domain Control Validation (DCV) methods from the Baseline Requirements (BRs).

Starting August 1, 2018, Certificate Authorities can no longer use the following domain control validation (DCV) methods:

  • 3.2.2.4.1 Validating the Applicant as a Domain Contact
    This method allowed a CA to validate the certificate requestor's control over a domain on an SSL/TLS certificate order by verifying that the requestor is the Domain Contact directly with the Domain Name Registrar.
  • 3.2.2.4.5 Domain Authorization Document
    This method allowed a CA to validate the certificate requestor's control over a domain on an SSL/TLS certificate order using the confirmation to the authority of the requestor to order a certificate for said domain as contained in a Domain Authorization Document.
    See Ballot 218: Remove validation methods 1 and 5.

To learn more about some of the available DCV methods, see Domain Control Validation (DCV) Methods.

May 25, 2018

compliance

DigiCert Compliance with GDPR

The General Data Protection Regulation (GDPR) is a European Union law on data protection and privacy for all individuals within the EU. The primary aim is to give citizens and residents of the EU more control over their personal data and to simplify the regulatory environment for international business by unifying the regulations within the EU. The GDPR went into effect on May 25, 2018. More Details »

DigiCert Statement

DigiCert worked to understand and comply with GDPR. We were aligned with GDPR when it went into effect on May 25, 2018. See Meeting the General Data Protection Regulation (GDPR).

compliance

GDPR Impact on WHOIS-based Email Domain Control Validation (DCV)

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25th, 2018. The GDPR requires data protection for natural persons (not corporate entities) residing within the European Union (EU).

DigiCert worked with ICANN to keep WHOIS information available. ICANN announced that it continues to require registries and registrars to submit information to WHOIS, with a few changes to address GDPR. See A Note on WHOIS, GDPR and Domain Validation.

Do you rely on WHOIS-based Email domain validation?

Check with your domain registrar to find out if they are using an anonymized email or a web form as a way for CAs to access WHOIS data as part of their GDPR compliance.

For the most efficient validation process, let your registrar know that you want them to either continue using your full published records or use an anonymized email address for your domains. Using these options will ensure minimal-to-no-impact on our validation processes.

Does your registrar use an anonymized email or a web form as a way for CAs to access WHOIS data? If so, we can send the DCV email to the addresses listed in their WHOIS record.

Does your registrar mask or remove email addresses? If so, you will need to use one of the other methods to prove control over your domains:

  • Constructed Email
  • DNS TXT
  • DNS CNAME
  • HTTP Practical Demonstration

For more information about constructed email addresses and other alternative DCV methods, see Domain Control Validation (DCV) Methods.

May 10, 2018

compliance

Industry standards allow a Certificate Authority (CA) to issue an SSL/TLS certificate for a domain that only has CAA records containing no "issue"/"issuewild" property tags.

When a CA queries a domain's CAA RRs and finds records with no "issue" or "issuewild" property tags in them, a CA can interpret this as permission to issue the SSL/TLS certificate for that domain. See Ballot 219: Clarify handling of CAA Record Sets with no "issue"/"issuewild" property tag.

To learn more about the CAA RR check process, see our DNS CAA Resource Record Check page.

March 2, 2018

compliance

DigiCert implements an improved Organization Unit (OU) verification process.

Per Baseline Requirements:

"The CA SHALL implement a process that prevents an OU attribute from including a name, DBA, tradename, trademark, address, location, or other text that refers to a specific natural person or Legal Entity unless the CA has verified this information in accordance with Section 11.2…"

Note: The OU field is an optional field. It is not required to include an organization unit in a certificate request.

compliance

This is for informational purposes only, no action is required.

As of February 1, 2018, DigiCert publishes all newly issued public SSL/TLS certificates to public CT logs. This does not affect any OV certificates issued before February 1, 2018. Note that CT logging has been required for EV certificates since 2015. See DigiCert Certificates Will Be Publicly Logged Starting Feb. 1.

enhancement

New "exclude from CT log when ordering a certificate" feature added to CertCentral. When you activate this feature (Settings > Preferences), you allow account users to keep public SSL/TLS certificates from being logged to public CT logs on a per certificate order basis.

While ordering an SSL certificate, users have an option not to log the SSL/TLS certificate to public CT logs. The feature is available when a user orders a new certificate, reissues a certificate, and renews a certificate. See CertCentral Public SSL/TLS Certificate CT Logging Guide.

enhancement

New optional CT logging opt out field (disable_ct) added to the SSL certificate request API endpoints. Also, a new CT Log issued certificate opt out endpoint (ct-status) added. See CertCentral API Public SSL /TLS Certificate Transparency Opt Out Guide.

October 24, 2017

compliance

Industry standards change for CAA Resource Record checks. Modified the process to check CNAME chains containing 8 CNAME records or less, and the search doesn’t include the parent of a target of a CNAME record. See DNS CAA Resource Record Check.

September 8, 2017

compliance

Industry standards change for certificate issuance. Modified the certificate issuance process to check DNS CAA Resource Records. See DNS CAA Resource Record Check.

July 28, 2017

compliance

Industry standards compliance changes; improved RFC 5280 violations checks and enforcements. See Publicly Trusted Certificates – Data Entries that Violate Industry Standards.

July 21, 2017

compliance

Industry standards change to validation process. Validation information (DCV or organization) older than 825 days must be revalidated before processing a certificate reissue, renewal, or issue. More details »

July 10, 2017

compliance

Industry standards compliance changes; added support for additional domain control validation (DCV) methods. See Domain Pre-Validation: Domain Control Validation (DCV) Methods.