Skip to main content

Order an EV single or multi-domain TLS/SSL certificate

Important

On October 31, 2023, DigiCert will no longer sell 4 – 6-year Multi-year Plans for TLS and VMC certificates. We will continue to offer 1, 2, and 3-year Multi-year Plans.

Learn more about changes to Multi-year Plan coverage.

These instructions can be used for ordering these certificates:

  • Secure Site EV TLS/SSL

  • Secure Site EV Multi-Domain TLS/SSL

  • EV TLS/SSL

  • EV Multi-Domain TLS/SSL

Before you begin

  • When ordering EV Multi-Domain TLS/SSL certificates, you can add Other Hostnames (SANs) to the certificate order. This option is not available for single-domain certificates.

  • For EV certificates, the organization validation is more thorough and includes some additional checks. See

    SSL Certificate Validation Process from DigiCert.

  • After submitting your order, you need to complete domain validation for the domain on the order (demonstrate control over the domain) before we can issue your certificate. See Demonstrate control over domains on your SSL certificate order.

Order your EV single or multiple-domain certificate

  1. Create your Certificate Signing Request (CSR)

    To remain secure, certificates must use at least a 2048-bit key size. For more information and instructions about creating a CSR, see Create a CSR (Certificate Signing Request).

  2. Select the EV single or multi-domain TLS/SSL certificate you want to order

    1. In your CertCentral account, in the left main menu, click Request a Certificate. Then, under All Products, click Product Summary.

    2. On the Request a Certificate page, look over the certificate options and select the certificate you want to order.

  3. Add your CSR

    We use the information in your CSR to auto-populate corresponding values in the order form: Common Name, Other Hostnames (SANs), and Organization. If you leave any of this information out of the CSR, the corresponding field in the form is left blank.

    If the organization in the CSR already exists in your account, we auto-populate the Organization Contact card with the contact assigned to that organization.

    On the Request page, under Certificate Settings, upload your CSR or paste it into the Add Your CSR box.

    Notice

    When copying the text from the CSR file, make sure to include the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.

  4. Common Name

    After adding your CSR to the form, we auto-populate the Common Name field with the common name from the CSR.

    To add the common name yourself, type the common name in the box or under Common Name. Expand Show Recently Created Domains and select the domain from the list.

    Notice

    Extended Validation and Secure Site EV orders

    To get both versions of the domain (your-domain and www.your-domain) in the certificate for free, check Include both [your-domain].com and www. [your-domain].com in the certificate.

    Notice

    EV Multi-Domain and Secure Site EV Multi-Domain orders

    To get both versions of the common name in the certificate for free, add one version of the domain as the Common Name (your-domain) and the other version as an Other Hostnames (SANs) (www.your-doman) entry. This domain isn't added to the SAN count for the order.

  5. Other Hostnames (SANs)

    After adding your CSR, we auto-populate the Other Hostnames (SANs) box with the SANs included in the CSR. You can still remove or add additional SANs as needed.

    In the Other Hostnames (SANs) field, enter the additional hostnames you want the certificate to secure.

    Note

    For EV Multi-Domain certificates, you get 3 SANs included in the certificate's base price. Additional SANs (over those included in the base price) increase the cost of the certificate.

  6. How long do you need to protect your site?

    1. Click Select a coverage length.

    2. In the How long do you need to protect your site window, select your coverage.

      1. With a 1-year plan, you get a 1-year certificate by default.

      2. With longer plans, your first certificate has a 397-day validity by default.

      3. For more information about these plans, see Multi-year Plans.

    3. Click Save.

    4. To modify your TLS/SSL certificate coverage, under Plan details, click the pencil.

  7. Certificate validity

    Select the validity period for the first TLS/SSL certificate in your order: 1 year, Custom expiration date, or Custom length.

    • For a certificate with a shorter validity than the order, you need to reissue your certificate to use the remaining validity on the order.

    • Certificate validity determines the length of the first certificate issued for the plan. If needed, you can change the validity period each time you reissue your certificate.

  8. Select a DCV Method to prove control over your domains

    Before DigiCert can issue your certificate, you must demonstrate control over the domains on your certificate order. To learn more about the available DCV Methods, see Demonstrate control over domains on a pending certificate order.

    In the DCV verification method dropdown, choose the DCV method you want to use to demonstrate control over the domain on the certificate order.

    You must use the selected DCV method to prove control over every domain on the order. Choose between the following options:

    • Verification EmailThe email recipient demonstrates control over the domain by following the instructions in a confirmation email sent for the domain.

    • DNS CNAMEDemonstrate control over your domain by creating a DNS CNAME record containing a randomly generated value.

    • DNS TXTDemonstrate control over the domain on your order by creating a DNS TXT record containing a randomly generated value.

    • HTTP Practical DemonstrationDemonstrate control over your domain by hosting a .txt file containing a randomly generated value at a predetermined location on your website.

      Notice

      After submitting the certificate order, you can change the DCV method per domain from the certificate's Order details page if needed. (In the sidebar menu, click Certificates > Orders. On the Orders page, click the certificate's order number link.)

  9. Additional Certificate Options

    The information in this section is optional.

    Expand Additional Certificate Options and provide information as needed.

    1. Signature Hash

      Unless you have a specific reason for choosing a different signature hash, DigiCert recommends using the default signature hash: SHA-256.

    2. Server Platform

      Select the server or system you generated the CSR on.

    3. Auto-Renew

      To set up automatic renewal for this certificate, check Auto-renew order 30 days before expiration.

      With auto-renew enabled, a new certificate order will be automatically submitted when this certificate nears its expiration date. If your certificate still has time remaining before it expires, DigiCert adds the remaining time from your current certificate to your new certificate (up to 397 days – approximately 13 months).

      Notice

      Auto-Renew can't be used with credit card payments.

      To automatically renew a certificate, the order must be charged to the account balance. You can configure the finance settings for your account on the Finance Settings page (in the sidebar menu, click Finances > Settings).

  10. Organization

    If your CSR includes an organization currently used in your account, we auto-populate the Organization field in the order form with that organization's information.

    To add an organization, click Add Organization.

    1. Add an existing organization

      In the Add Organization window, select Existing Organization. In the Organization dropdown, select an organization, and click Add.

    2. Add a new organization

      If you add a new organization, we will need to validate the organization before we can issue your certificate.

      In the Add Organization window, select New Organization, fill out the form (add the organization's legal name, address, etc.) and click Add.

      Notice

      Unless you update the Organization Contact, we will use you as the primary contact to validate this certificate order.

  11. Verified Contact (required)

    The Verified Contact is someone who works for the organization included in the certificate order. We will contact the organization directly to verify this contact and confirm the individual's name, email, phone number, and job title.

    Once verified, this contact can approve EV certificate orders via email (or from their CertCentral account if you added them as a user).

    If EV verified contact information is available in your account, we will auto-populate the Verified Contact cards for you.

    • When adding a CSR that includes an existing organization in your account, we auto-populate the Verified Contact card with the EV verified contacts assigned to that organization.

    • When manually adding an existing organization, we auto-populate the Verified Contact card with the EV verified contacts assigned to that organization.

    Assigning Verified Contacts to an organization is not a prerequisite for adding an organization. There may be instances where verified contact information won't be available for an organization.

    In this case, manually add the Verified Contacts. You'll need to add at least one verified contact. For a user to be an EV verified contact, they must have a phone number and job title.

    To add a verified contact:

    1. Click Add Verified Contact.

      If you've already added a verified contact, click Add another Verified Contact.

    2. In the Add Verified Contact window, add the verified contact:

    3. Add the contact:

      1. Add an existing contact

        Select Existing Contact. In the Contacts dropdown, select a contact, and click Add.

        When adding a Verified Contact, if the contact you selected is missing a job title or a phone number, you'll need to add the missing information. Note that the user profile will be updated with the new information.

      2. Add a new contact

        Select New Contact, fill out the form (add the person's first and last name, job title, etc.), and click Add.

    Organization Contact (required)

    The Organization Contact is someone who works for the organization included in the certificate order. We contact them to validate the organization and verify the request for OV TLS/SSL certificates.

    We auto-populate the Organization Contact card for you.

    • When adding a CSR that includes an existing organization in your account, we auto-populate the Organization Contact card with the contact assigned to that organization.

    • When you manually add an existing organization, we auto-populate the Organization Contact card with the contact assigned to that organization.

    • When you add a new organization, we auto-populate the Organization Contact card with your contact information.

    To use a different organization contact

    1. Delete the organization contact populated automatically for you by clicking the trashcan icon.

    2. Click Add Technical or Organization Contact.

      If you've already added a technical contact, click Add Organization Contact.

    3. In the Add Contact window, in the Contact Type dropdown, select Organization Contact.

    4. Add the contact:

      1. Add an existing contact

        Select Existing Contact. In the Contacts dropdown, select a contact, and click Add.

      2. Add New contact

        Select New Contact, fill out the form (add the person's first and last name, Job Title, etc.), and click Add.

    Technical Contact (optional)

    In addition to yourself, this person will receive order emails, including the one with the certificate attached, and renewal notifications.

    To add a technical contact:

    1. Click Add Technical Contact.

      If you've not added an organization contact, click Add Technical or Organization Contact.

    2. In the Add Contact window, in the Contact Type dropdown, select Technical Contact.

    3. Add the contact:

      1. Add an existing contact

        Select Existing Contact. In the Contacts dropdown, select a contact, and click Add.

      2. Add New contact

        Select New Contact, fill out the form (add the person's first and last name, job title, etc.), and click Add.

  12. Additional Order Options

    The information in this section is optional.

    Expand Additional Order Options and add information as needed:

    1. Comments to Administrator

      Enter any information that your administrator might need for approving your request, about the purpose of the certificate, etc.

    2. Order Specific Renewal Message

      To create a renewal message for this certificate, type a renewal message with information that might be relevant to the certificate’s renewal.

      Note

      Comments and renewal messages are not included in the certificate.

  13. Additional Emails

    Enter the email addresses (comma separated) for the people you want to receive the certificate notification emails. These notifications notify contacts about issues such as certificate issuance, duplicate certificate, certificate renewals, etc.

    Note

    These recipients can't manage the order. However, they will receive all the certificate-related emails.

  14. Select Payment Method

    Under Payment Information, select a payment method to pay for the certificate:

    1. Pay with Credit Card

      Don’t have a contract or don’t want to use the contract to pay for this certificate? Use a credit card to pay for the certificate.

      Note: We authorize the card when the request is made. However, we only complete the transaction once we issue your certificate.

    2. Pay with Contract Terms

      Have a contract and want to use it to pay for the certificate? If you do, you may use it.

      Note: When you have a contract, it is the default payment method.

    3. Pay with Account Balance

      Don’t have a contract or don’t want to use the contract to pay for this certificate? Bill the cost to your account balance.

      To deposit funds, click the Deposit link.

      Note: The Deposit link takes you to another page in your CertCentral account. Any information entered in the request form will not be saved.

  15. Certificate Services Agreement

    Read through the agreement and check I agree to the Certificate Services Agreement.

  16. Click Submit Certificate Request.

    When an approval is required, the EV verified contact is sent an email informing them that they need to approve the certificate request.

What's next

Before we can issue your certificate, these tasks must be completed:

  1. Demonstrate control over the domains on your order

    Complete domain validation for the domains on the order (demonstrate control over the domain). See Demonstrate control over domains on your certificate order.

  2. Complete organization validation

    DigiCert must validate/authenticate your authority to order a certificate for the organization on your order. To do this, we will call a verified phone number to speak with someone who represents you, the certificate requestor, such as the organization or technical contact.

    To get organization consent for your certificate order:

    • Answer the organization/validation phone call (preferred method)*

      • After you submit your certificate order, make sure the organization contact, technical contact, and company receptionist are aware that you’ve ordered an SSL/TLS certificate.

      • Let them know that DigiCert will call a verified phone number to speak with one of them to complete organization validation/authentication.

      • This phone call usually takes place within 24 hours of the certificate order being placed.

    • Respond to the organization consent message

      • If the DigiCert validation agent can’t reach someone who represents you at the verified phone number, they will leave a message that includes a call-back phone number and a verification code.

      • Make sure that organization or technical contact responds to the message and provides us with the verification code.