Filtro por: OV SSL certificates x borrar
new

Updates to OV and EV TLS certificate profiles

As we work to align our DV, OV, and EV TLS certificate profiles, we are making a minor change to our OV and EV TLS certificate profiles. Starting January 25, 2022, we will set the Basic Constraints extension to noncritical in our OV and EV TLS certificate profiles.

Note: DV TLS certificates are already issued with the Basic Constraints extension set to noncritical.

What do I need to do?

No action is required on your part. You shouldn't notice any difference in your certificate issuance process.

However, if your TLS certificate process requires the Basic Constraints extension to bet set to critical, contact your account manager or DigiCert Support immediately.

compliance

Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)

To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.

To learn more about the industry change, see Domain validation policy changes in 2021.

How does this affect me?

As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:

  • Validate wildcard domains (*.example.com)
  • To include subdomains in the domain validation when validating the higher-level domain. For example, if you want to cover www.example.com, when you validate the higher-level domain, example.com.
  • Prevalidate entire domains and subdomains.

To learn more about the supported DCV method for DV, OV, and EV certificate requests:

compliance

CertCentral: Pending certificate requests and domain prevalidation using file-based DCV

Pending certificate request

If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.

*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.

To learn more about the supported DCV methods for DV, OV, and EV certificate requests:

Domain prevalidation

If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.

To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.

compliance

CertCentral Services API

If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).

enhancement

CertCentral Services API: Improved domains array in OV/EV order response

To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name.*

The dns_name parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name and domains[].id key/value pairs.

Example OV certificate order

JSON payload:

JSON payload

JSON response:

JSON response

The Services API returns the domains[].dns_name parameter in the JSON response for the following endpoints:

*Note: Only order requests for OV/EV TLS certificates return a domains array.

enhancement

API de servicio de CertCentral: se agregaron autentificadores de DCV para nuevos dominios a los datos de respuestas para los pedidos de certificados OV y EV

Hemos actualizado los terminales para solicitar certificados OV y EV SSL públicos para que devuelvan los autentificadores de solicitud de validación de control de dominio (DCV) para los nuevos dominios en el pedido.

Ahora, cuando solicita un certificado OV o EV, ya no tiene que emitir solicitudes separadas para obtener los autentificadores de solicitud DCV para los nuevos dominios en el pedido. En cambio, puede obtener los autentificadores directamente de los datos de respuesta para la solicitud del pedido.

Datos de respuesta de ejemplo:

Example response for an OV order with a new domain

Nota: El objeto dcv_token no se devuelve para dominios que se validarán conforme al alcance de otro dominio en el pedido, para dominios que ya existan en su cuenta, o para subdominios de dominios existentes.

Esta actualización se aplica a los siguientes terminales: