Platform IP addresses and URLs

The following guide provides the necessary DigiCert® ONE IP addresses, URLs, and host environment configurations per region to ensure proper connectivity for your client tools. Add these to your applicable allowlists and firewall rules to make sure you can connect.

Ports and protocols

The table below lists example domains from the US production environment. However, the port and protocol details apply universally to both production and demo environments across all regions.

Domain	Purpose	Port	Protocol
one.digicert.com	Platform domain	443	HTTPS
clientauth.one.digicert.com	Client authentication endpoint	443	HTTPS
directory.one.digicert.com	LDAP domain	389	LDAP
CRL, OCSP, CACERTS, AIA hosts	Certificate validation endpoint	80	HTTP
drz1.us-west.one.digicert.com	MQTT endpoint	1883	MQTT
drz1.us-west.one.digicert.com	MQTTS endpoint	8883	MQTTS

Inbound IP addresses and URLs by environment and region

DigiCert ONE accepts incoming connections at the following IP addresses and URLs. Add these to your outbound allowlists and firewall rules where applicable to ensure proper connectivity. Select the environment that you use.

Production environment

The following production IPs and URLs are organized by region. Select your region for the production environment:

United States (US)

Classification	URL	IP addresses
Platform domain	one.digicert.com	45.60.44.211
		45.60.46.211
		45.60.48.211
		45.60.50.211
		45.60.52.211
		45.60.105.211
Certificate revocation services Certificate validation endpoint Certificate Authority (CA) distribution	crl.one.digicert.com ocsp.one.digicert.com cacerts.one.digicert.com	216.168.244.38
Client authentication endpoint LDAP domain	clientauth.one.digicert.com directory.one.digicert.com	216.168.244.38
		216.168.244.56
		216.168.240.32
Rendezvous Service (RZ) MQTT endpoint	drz1.us-west.one.digicert.com	216.168.244.54

Japan (JP)

Classification	URL	IP addresses
Platform domain	one.digicert.co.jp	Multiple IPs `IP addresses are dynamic and change periodically.`
Certificate revocation services	crl.one.digicert.co.jp
Certificate validation endpoint	ocsp.one.digicert.co.jp
Certificate Authority (CA) distribution	cacerts.one.digicert.co.jp
Client authentication endpoint	clientauth.one.digicert.co.jp	216.168.245.10

Switzerland (CH)

Classification	URL	IP address
Platform domain	one.ch.digicert.com	91.240.105.35
Certificate revocation services	crl.one.ch.digicert.com
Certificate validation endpoint	ocsp.one.ch.digicert.com
Certificate Authority (CA) distribution	cacerts.one.ch.digicert.com
Client authentication endpoint	clientauth.one.ch.digicert.com

Netherlands (NL)

Classification	URL	IP address
Platform domain	one.nl.digicert.com	202.65.16.35
Certificate revocation services	crl.one.nl.digicert.com	IPv4 addresses: 202.65.16.35 23.11.38.161`` 23.11.39.161`` 23.11.40.157`` 23.11.41.157`` 23.11.32.159`` 23.11.33.159`` 23.11.36.157`` 23.11.37.157`` 23.11.34.158`` 23.11.35.158`` 162.159.142.7`` 162.159.142.9`` 172.66.2.3`` 172.66.2.5`` IPv6 addresses: 2600:14e1:18:6d::/64`` 2600:14e1:1c:6d::/64`` 2600:14e1:20:6d::/64`` 2600:14e1:24:6d::/64`` 2600:14e1:0:6d::/64`` 2600:14e1:4:6d::/64`` 2600:14e1:10:6d::/64`` 2600:14e1:14:6d::/64`` 2600:14e1:8:6d::/64`` 2600:14e1:c:6d::/64`` 2606:4700:7::1fb`` 2606:4700:7::1fd2`` 2a06:98c1:58::1fb`` 2a06:98c1:58::1fd``
Certificate validation endpoint	ocsp.one.nl.digicert.com
Certificate Authority (CA) distribution	cacerts.one.nl.digicert.com
Client authentication endpoint	clientauth.one.nl.digicert.com	202.65.16.35
Rendezvous Service (RZ) MQTT endpoint	drz.one.nl.digicert.com	202.65.16.59

Note

On January 13, 2026, DigiCert will add the new IPv4 addresses and assign new IPv6 addresses marked with an asterisk (*) to the crl.one.nl.digicert.com, ocsp.one.nl.digicert.com, and cacerts.one.nl.digicert.com URLs.

If your company uses allowlists to control outbound traffic, update your outbound allowlist on your firewalls, security groups, or proxies to include the new IPv4 addresses and IPv6 addresses (if you support or plan to support IPv6 addresses) below before January 13, 2026. You must do this to keep your DigiCert services running as they were before the addition of the new IPv4 and IPv6 addresses.

Demo environment

The following demo IPs and URLs are organized by region. Select your region for the demo environment:

United States (US)

Classification	URL	IP address
Platform domain	demo.one.digicert.com	216.168.245.10
Certificate revocation services	crl.demo.one.digicert.com
Certificate validation endpoint	ocsp.demo.one.digicert.com
Certificate Authority (CA) distribution	cacerts.demo.one.digicert.com
Client authentication endpoint	clientauth.demo.one.digicert.com
Rendezvous Service (RZ) MQTT endpoint	drz.demo.one.digicert.com	216.168.244.71

Japan (JP)

Classification	URL	IP address
Platform domain	demo.one.digicert.co.jp	20.27.124.71
Certificate revocation services	crl.demo.one.digicert.co.jp
Certificate validation endpoint	ocsp.demo.one.digicert.co.jp
Certificate Authority (CA) distribution	cacerts.demo.one.digicert.co.jp
Client authentication endpoint	clientauth.demo.one.digicert.co.jp

Switzerland (CH)

Classification	URL	IP address
Platform domain	demo.one.ch.digicert.com	91.240.105.29
Certificate revocation services	crl.demo.one.ch.digicert.com
Certificate validation endpoint	ocsp.demo.one.ch.digicert.com
Certificate Authority (CA) distribution	cacerts.demo.one.ch.digicert.com
Client authentication endpoint	clientauth.demo.one.ch.digicert.com

Netherlands (NL)

Classification	URL	IP address
Platform domain	demo.one.nl.digicert.com	202.65.16.34
Certificate revocation services	crl.demo.one.nl.digicert.com
Certificate validation endpoint	ocsp.demo.one.nl.digicert.com
Certificate Authority (CA) distribution	cacerts.demo.one.nl.digicert.com
Client authentication endpoint	clientauth.demo.one.nl.digicert.com

Outbound IP addresses

DigiCert ONE initiates outgoing connections from the following IP address blocks. For applicable integrations, add these to your inbound allowlists and firewall rules to ensure proper connectivity.

IP version	IP address block
IPv4	64.19.218.0/24
	91.240.104.0/23
	202.65.16.0/20
	216.168.240.0/20
IPv6	2602:815:C000::/48

Discovery and automation

To use discovery and automation services for DigiCert® Trust Lifecycle Manager, any DigiCert agents and sensors on your network require outbound access to the following hosts. Add these to your outbound allowlists and firewall rules where applicable to ensure proper connectivity.

Agents

Region	Service URLs¹
All regions	`automation-service.digicert.com`
All regions	`discovery-service.digicert.com`
_{1. These services are delivered through a content distribution network (CDN) and the IP addresses may vary by region. If your organization uses IP-based allowlists, look up these hosts in your local region to determine which IP addresses to allow.}

Sensors

Region	Service URL¹
All regions	`discovery-service.digicert.com`
_{1. This service is delivered through a content distribution network (CDN) and the IP addresses may vary by region. If your organization uses IP-based allowlists, look up the discovery-service.digicert.com host in your local region to determine which IP addresses to allow.}

Troubleshooting

What if I can't find an IP address?

Use the nslookup command to find the correct address.

Sample command

nslookup one.digicert.com

What if I need both demo and production environments?

Configure both environments in your allowlist.

In this section: