DIGICERT 2022 MAINTENANCE SCHEDULE
To make it easier to plan your certificate-related tasks, we scheduled our 2022 maintenance windows in advance. See DigiCert 2022 scheduled maintenance—this page is updated with all current maintenance schedule information.
With customers worldwide, we understand there is not a "best time" for everyone. However, after reviewing the data on customer usage, we selected times that would impact the fewest amount of our customers.
About our maintenance schedule
If you need more information regarding these maintenance windows, contact your account manager or DigiCert support team.
CertCentral Services API: Improved Order info API response
Update: To give API consumers more time to evaluate the impact of the Order info API response changes on their integrations, we are postponing this update until May 31, 2022. We originally planned to release the changes described below on April 25, 2022.
On May 31, 2022, DigiCert will make the following improvements to the Order info API. These changes remove unused values and update the data structure of the order details object to be more consistent for orders in different states across product types.
For more information and response examples for public TLS, code signing, document signing, and Class 1 S/MIME certificates, see the reference documentation for the Order info endpoint.
If you have questions or need help with these changes, contact your account representative or DigiCert Support.
Need to test your API integration?
To help CertCentral Services API consumers evaluate the impact of these changes, DigiCert is providing a beta server for API consumers to test their integrations prior to the May 31, 2022 release. To learn more, see our knowledge base article: DigiCert CertCentral Services API beta server.
General enhancements
The following changes apply to orders for various certificate types irrespective of order status.
Removed parameters:
public_id
(string)public_id
parameter. DigiCert no longer supports the Express Install workflow that required a public_id
value.certificate.ca_cert_id
(string)ca_cert_id
parameter. The value of this parameter is an internal ID for the issuing ICA certificate and cannot be used externally. The API already excludes the ca_cert_id
parameter from the order details for other product types.ca_cert
object instead.verified_contacts
(array of objects)verified_contacts
array. The API already excludes the verified_contacts
array from the order details for other product types.certificate.dns_names
(array of strings)dns_names
array.dns_names
array with an empty string: [" "]
certificate.organization_units
(array of strings)organization_units
array.organization_units
array with an empty string: [" "]
certificate.cert_validity
cert_validity
object, the API will only return a key/value pair for the unit used to set the certificate validity period when the order was created. For example, if the validity period of the certificate is for 1 year, the cert_validity
object will return a years
parameter with a value of 1.cert_validity
object sometimes returned values for both days
and years
.Added parameters:
order_validity
(object)order_validity
object.order_validity
object returns the days
, years
, or custom_expiration_date
for the order validity period. The API already includes an order_validity
object in the order details for public SSL/TLS products.payment_profile
(object)payment_profile
object. The API already includes a payment_profile
object in the order details for other product types.server_licenses
For DV certificate orders, the API will start returning the server_licenses
parameter. The API already includes the server_licenses
parameter in the order details for other product types.Unapproved order requests
The following changes apply only to certificate order requests that are pending approval or that have been rejected. These changes bring the data structure of the response closer to what the API returns after the request is approved and the order is submitted to DigiCert for validation and issuance.
To manage unapproved and rejected requests, we recommend using the Request endpoints (/request
) instead of retrieving the order details. We designed the /request
endpoints to manage pending and rejected certificate order requests, and these endpoints remain unchanged.
Note: For quicker certificate issuance, we recommend using a workflow that skips or omits the request approval step for new certificate orders. If your API workflow already skips or omits the approval step, you can safely ignore the changes below. Learn more about removing the approval step:
Added parameters:
disable_ct
(boolean)allow_duplicates
(boolean)cs_provisioning_method
(string)Removed parameters:
server_licenses
(integer)server_licenses
parameter. The API will continue including the server_licenses
parameter in order details for approved order requests.Improved organization
object
To provide a consistent data structure in the order details for unapproved and approved order requests, the API will return a modified organization
object on unapproved order requests for some product types.
The API will stop returning the following unexpected properties on unapproved order requests for all product types:
organization.status
(string)organization.is_hidden
(boolean)organization.organization_contact
(object)organization.technical_contact
(object)organization.contacts
(array of objects)The API will start returning the following expected properties, if existing, on unapproved order requests for all product types:
organization.name
(string)organization.display_name
(string)organization.assumed_name
(string)organization.city
(string)organization.country
(string)To get organization details not included in the Order info response, use the Organization info API endpoint.
Upcoming Schedule Maintenance
Update: There is no planned downtime during maintenance on May 7, MDT (May 8, UTC).
DigiCert will perform scheduled maintenance on May 7, 2022, between 22:00 – 24:00 MDT (May 8, 2022, between 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral Services API: Domain locking API endpoints
DigiCert is happy to announce our domain locking feature is now available in the CertCentral Services API.
Note: Before you can use the domain locking endpoints, you must first enable domain locking for your CertCentral account. See Domain locking – Enable domain locking for your account.
New API endpoints
Updated API endpoints
We updated the response for the Domain info and List domains endpoints to include the following parameters with domain lock details:
domain_locking_status
(string)account_token
(string)To learn more, see:
Upcoming Schedule Maintenance
DigiCert will perform scheduled maintenance on April 2, 2022, between 22:00 – 24:00 MDT (April 3, 2022, between 04:00 – 06:00 UTC). During this time, some services may be down for up to two hours.
Note: Maintenance will be one hour earlier for those who don't observe daylight savings.
Infrastructure-related maintenance downtime
We will start this infrastructure-related maintenance at 22:00 MDT (04:00 UTC). Then the services listed below may be down for up to two hours.
CertCentral® TLS certificate issuance:
CIS and CertCentral® SCEP:
Direct Cert Portal new domain and organization validation:
QuoVadis® TrustLink® certificate issuance:
PKI Platform 8 new domain and organization validation:
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral: DNS CNAME DCV method now available for DV certificate orders
In CertCentral and the CertCentral Services API, you can now use the DNS CNAME domain control validation (DCV) method to validate the domains on your DV certificate order.
Note: Before, you could only use the DNS CNAME DCV method to validate the domains on OV and EV certificate orders and when prevalidating domains.
To use the DNS CNAME DCV method on your DV certificate order:
Note: The AuthKey process for generating request tokens for immediate DV certificate issuance does not support the DNS CNAME DCV method. However, you can use the File Auth (http‑token) and DNS TXT (dns‑txt‑token) DCV methods. To learn more, visit DV certificate immediate issuance.
To learn more about using the DNS CNAME DCV method:
CertCentral Services API: Improved List domains endpoint response
To make it easier to find information about the domain control validation (DCV) status for domains in your CertCentral account, we added these response parameters to domain objects in the List domains API response:
dcv_approval_datetime
: Completion date and time of the most recent DCV check for the domain.last_submitted_datetime
: Date and time the domain was last submitted for validation.For more information, see the reference documentation for the List domains endpoint.
Upcoming Schedule Maintenance
DigiCert will perform scheduled maintenance on March 5, 2022, between 22:00 – 24:00 MST (March 6, 2022, between 05:00 – 07:00 UTC). During this time, some services may be down for up to two hours.
Infrastructure-related maintenance downtime
We will start this infrastructure-related maintenance at 22:00 MST (05:00 UTC). Then the services listed below may be down for up to two hours.
CertCentral™ TLS certificate issuance:
CIS and CertCentral™ SCEP:
Direct Cert Portal new domain and organization validation:
QuoVadis™ TrustLink™ certificate issuance:
PKI Platform 8 new domain and organization validation:
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral: Improved verified contact EV TLS certificate request approval process
In CertCentral and the CertCentral Services API, we updated the EV TLS certificate request process to only send the EV TLS request approval emails to the verified contacts you include on the certificate request.
Note: Before, when you requested an EV TLS certificate, we sent the EV order approval email to all the verified contacts for the organization.
Add verified contacts to an EV TLS certificate request:
organization.contacts
array of the JSON request. For verified contacts, the value of the contact_type
field is ev_approver
.To learn more about EV TLS certificate requests:
Upcoming Scheduled Maintenance
DigiCert will perform scheduled maintenance on February 12, 2022, between 22:00 – 24:00 MST (February 13, 2022, between 05:00 – 07:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Expanding Range of IP Addresses Used for DigiCert Services
As part of our scheduled maintenance on February 12, 2022, 22:00 – 24:00 MST (February 13, 2022, 05:00 - 07:00 UTC), DigiCert is expanding the range of IP addresses we use for our services. These additional IP addresses are part of our efforts to increase service uptime and reduce the need for service downtime during scheduled maintenance.
What do I need to do?
If your company uses allowlists*, update them to include the block of IP addresses listed below by February 12, 2022, to keep your DigiCert services and API integrations running as expected.
*Note: Allowlists are lists for firewalls that only allow specified IP addresses to perform certain tasks or connect to your system.
New range of IP addresses
Add this range of IP addresses to your allowlist: 216.168.240.0/20
Note: We are not replacing or removing any IP addresses. We are only expanding the range of IP Addresses we use to deliver our services.
Affected services:
For easy reference, see our knowledgebase article, Expanding Range of IP Addresses for DigiCert Services. If you have questions, please contact your account manager or DigiCert Support.
CertCentral Services API: Domain info enhancement
We updated the Domain info API response to include the expiration_date
parameter for the DCV token associated with the domain. Now, when you call the Domain info API and set the value of the include_dcv
query parameter to true, the dcv_token
object in the response includes the expiration_date
of the DCV token for the domain.
Improved Domains page, Validation status filter—Completed / Validated
On the Domains page, in the Validation status dropdown, we updated the Completed / Validated filter to make it easier to find domains with completed and active domain control validation (DCV).
Note: Before, when you searched for domains with Completed / Validated DCV, we returned all domains with completed DCV even if the domain validation had expired.
Now, when you search for domains with Completed / Validated DCV, we only return domains with completed and active DCV in your search results. To find domains with expired DCV, use the Expired filter in the Validation status dropdown.
Find domains with completed and active DCV
CertCentral Services API: List domains enhancement
For the List domains API, we updated the filters[validation]=completed
filter to make it easier to find domains validated for OV or EV certificate issuance.
Before, this filter returned all domains with completed DCV checks, even if the domain validation had expired. Now, the filter only returns domains with an active OV or EV domain validation status
Upcoming Scheduled Maintenance
DigiCert will perform scheduled maintenance on January 8, 2022, between 22:00 – 24:00 MST (January 9, 2022, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Para que sea más fácil planificar sus tareas relacionadas con sus certificados, hemos programado nuestro cronograma de períodos de mantenimiento para 2021 con anticipación. Consulte Mantenimiento programado para 2021 de DigiCert (esta página se actualiza con toda la información del cronograma de mantenimiento).
Debido a que tenemos clientes en todo el mundo, entendemos que no hay un buen momento para todos. Sin embargo, luego de examinar la información de uso por los clientes, seleccionamos los horarios que afectarán a la menor cantidad de clientes posible.
Acerca de nuestro cronograma de mantenimiento
Si necesita más información sobre estos períodos de mantenimiento, comuníquese con su gestor de cuentas o con el equipo de asistencia de DigiCert. Para obtener actualizaciones en vivo, suscríbase a la página de estado de DigiCert.
CertCentral Report Library now available
We are happy to announce the CertCentral Report Library is now available for CertCentral Enterprise and CertCentral Partner.* The Report Library is a powerful reporting tool that allows you to download more than 1000 records at a time. Use the Report Library to build, schedule, organize, and export reports to share and reuse.
The Report Library includes six customizable reports: Orders, Organizations, Balance history, Audit log, Domains, and Fully qualified domain names (FQDN). When building reports, you control the details and information that appear in the report, configure the columns and column order, schedule how often you want the report to run (once, weekly, or monthly), and choose the report format (CSV, JSON, or Excel). In addition, you receive notices when the report is ready for download in your account.
To build your first report:
To learn more about building reports:
*Note: Don't see the Report Library in your account? Contact your account manager or our support team for help.
CertCentral Report Library API also available
We're pleased to announce the release of the CertCentral Report Library API! This new API service makes it possible to leverage key features of the Report Library in your CertCentral API integrations, including building reports and downloading report results*.
See our Report Library API documentation to learn more about including the Report Library in your API integrations.
*Note: To use the CertCentral Report Library API, Report Library must be enabled for your CertCentral account. For help activating the Report Library, contact your account manager or our support team.
Bugfix: Unique organization name check did not include assumed name
We updated our unique organization name check to include the assumed name (doing business as name) when creating an organization.
Before, in CertCentral and the CertCentral Services API, when you tried to create an organization with the same name as an existing organization, we returned an error and would not let you create the organization, even if the assumed name (DBA) was different.
Now, when you create an organization, we include the assumed name in the unique organization check. Therefore, you can create organizations with the same name, as long as each organization has a unique assumed name.
For example:
Creating organizations
In CertCentral and the CertCentral Services API, you can create an organization to submit for prevalidation or when you order a TLS/SSL certificate. This change applies to both processes.
CertCentral: DigiCert now issues client certificates from the DigiCert Assured ID Client CA G2 intermediate CA certificate
To remain compliant with industry standards, DigiCert had to replace the intermediate CA (ICA) certificate used to issue CertCentral client certificates.
CertCentral client certificate profiles that used the DigiCert SHA2 Assured ID CA intermediate CA certificate now use the DigiCert Assured ID Client CA G2 intermediate CA certificate. This change also changes the root certificate from DigiCert Assured ID Root CA to DigiCert Assured ID Root G2.
Old ICA and root certificates
New ICA and root certificates
For more information, see DigiCert ICA Update. To download a copy of the new intermediate CA certificate, see DigiCert Trusted Root Authority Certificates.
Do you still need your client certificate to chain to the DigiCert Assured ID Root CA certificate? Contact your account representative or DigiCert Support.
Upcoming Scheduled Maintenance
DigiCert will perform scheduled maintenance on December 4, 2021, between 22:00 – 24:00 MST (December 5, 2021, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)
To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.
To learn more about the industry change, see Domain validation policy changes in 2021.
How does this affect me?
As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:
To learn more about the supported DCV method for DV, OV, and EV certificate requests:
CertCentral: Pending certificate requests and domain prevalidation using file-based DCV
Pending certificate request
If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.
*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.
To learn more about the supported DCV methods for DV, OV, and EV certificate requests:
Domain prevalidation
If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.
To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.
CertCentral Services API
If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).
Upcoming Schedule Maintenance
DigiCert will perform scheduled maintenance on November 6, 2021, between 22:00 – 24:00 MDT (November 7, 2021, between 04:00 – 06:00 UTC).
CertCentral infrastructure-related maintenance downtime
We will start this infrastructure-related maintenance between 22:00 and 22:10 MDT (04:00 and 04:10 UTC). Then, for approximately 30 minutes, the following services will be down:
DV certificate issuance for CertCentral, ACME, and ACME agent automation
CIS and SCEP
QuoVadis TrustLink certificate issuance
This maintenance only affects DV certificate issuance, CIS, SCEP, and TrustLink certificate issuance. It does not affect any other DigiCert platforms or services .
PKI Platform 8 maintenance
We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC). Then, for approximately 30 minutes, the PKI Platform 8 will experience service delays and performance degradation that affect:
Additionally:
The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Upcoming Schedule Maintenance
On October 2, 2021, between 22:00 – 24:00 MDT (October 3, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance
DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
PKI Platform 8 maintenance and downtime:
DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 20 minutes.
We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).
Then, for approximately 20 minutes:
The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Upcoming Schedule Maintenance
On September 11, 2021, between 22:00 – 24:00 MDT (September 12, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance
DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
PKI Platform 8 maintenance and downtime:
DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 60 minutes.
We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).
Then, for approximately 60 minutes:
The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete our maintenance.
CertCentral Services API: Get orders by alternative order ID
We created a new endpoint to make it easier to get certificate order details using alternative order IDs: Get orders by alternative order ID. This endpoint returns the order ID, certificate ID, and order status of certificate orders with the alternative_order_id
you provide in the URL path.
Verified Mark Certificates available now.
Verified Mark Certificates (VMCs) are a new type of certificate that allow companies to place a certified brand logo next to the “sender” field in customer inboxes—visible before the message is opened—acting as confirmation of your domain’s DMARC status and your organization’s authenticated identity. Learn more about VMC certificates.
To disable or change availability of VMC in your account, visit the Product Settings page.
Note: If you do not see VMCs in your account, it may be because we are not offering the product to all account types yet. It is also possible that the product is available, but one of your CertCentral account’s administrators turned the product off in Product Settings.
CertCentral Services API: Verified Mark Certificate enhancements
To help you manage your Verified Mark Certificate (VMC) orders in your API integrations, we’ve made the following updates to the CertCentral Services API.
New endpoints:
Updated endpoints:
To learn more about managing VMC certificates from your API integrations, visit Verified Mark Certificate workflow.
Upcoming schedule maintenance
On July 10, 2021, between 22:00 – 24:00 MDT (July 11, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
During maintenance, for approximately 60 minutes, the services specified below under Service downtime will be down. Due to the scope of the maintenance, the services specified below under Service interruptions may experience brief interruptions during a 10-minute window.
Service downtime
From 22:00 – 23:00 MDT (04:00 – 05:00 UTC), while we perform database-related maintenance, the following services will be down for up to 60 minutes:
API Note: Affected APIs will return “cannot connect” errors. Certificate-related API requests that return a “cannot connect” error message during this window will need to be placed again after services are restored.
Service interruptions
During a 10-minute window, while we perform infrastructure maintenance, the following DigiCert service may experience brief service interruptions:
Services not affected
These services are not affected by the maintenance activities:
What can I do?
Plan accordingly:
Services will be restored as soon as the maintenance is completed.
Upcoming scheduled maintenance
On June 5, 2021, between 22:00 – 24:00 MDT (June 6, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral Services API: Improved domains array in OV/EV order response
To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name
.*
The dns_name
parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name
and domains[].id
key/value pairs.
Example OV certificate order
JSON payload:
JSON response:
The Services API returns the domains[].dns_name
parameter in the JSON response for the following endpoints:
*Note: Only order requests for OV/EV TLS certificates return a domains
array.
Upcoming scheduled maintenance
On May 1, 2021, between 22:00 – 24:00 MDT (May 2, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
For up to 10 minutes total during the 2-hour window, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.
Affected services:
Services not affected
API note:
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral Services API: Domain validation status in Domain info response
To make it easier to get a comprehensive validation status for your domains, DigiCert is deprecating the status
parameter in the Domain info response. To ensure you are getting complete and accurate status information for each different validation type on your domains, you should use the validations
array when you call the Domain info endpoint from your API integrations instead.
Note: The Domain info endpoint will continue to return a status
parameter value.
Background
In the Domain info response, the status
parameter is designed to return a single string value. When DigiCert offered fewer products, a single value in the API was enough to represent the validation status for your domains.
Now, DigiCert offers certificate products that use many different types of validation. Different validation types have different requirements, and these requirements change as industry standards evolve. As DigiCert validates your domains for different types of certificate issuance, each type of validation that you request can be in a different state.
For example:
As a result, DigiCert can no longer use a single value to return comprehensive information about the validation status for a domain.
Instead of relying on a single value, use the Domain info endpoint to request a validations
array – a list of objects with status information for each type of validation on the domain. To get this data, include the query parameter include_validation=true
when you submit your request.
For example:
CertCentral Services API: Site seal enhancements
To help you manage your site seals in your API integrations, we’ve made the following updates to the CertCentral Services API:
Related topics:
CertCentral Services API: Revoke certificate by serial number
To make it easier to manage certificates from your API integrations, we updated the Revoke certificate endpoint path to accept the certificate ID or the serial number of the certificate to revoke. Previously, the Revoke certificate endpoint path only accepted the certificate ID.
Example Revoke certificate path using the certificate ID:
https://www.digicert.com/services/v2/certificate/{{certificate_id}}/revoke
Example Revoke certificate path using the certificate serial number:
https://www.digicert.com/services/v2/certificate/{{serial_number}}/revoke
Upcoming scheduled maintenance
On April 3, 2021, between 22:00 – 24:00 MDT (April 4, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
During maintenance, for up to 10 minutes, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.
Affected services
For approximately 10 minutes, DigiCert will be unable to issue certificates for these services and APIs:
Services not affected
These services are not affected by the maintenance activities:
API note:
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral: New purchase order and invoice system
We are happy to announce that we are using a new purchase order and invoice system in CertCentral. We've made several changes to make it easier for you to manage your purchase orders and invoices.
The next time you sign in to CertCentral, you will see two new menu options under Finances: Pay Invoice and Purchase Orders and Invoices. Additionally, we now send all invoice emails from our new invoice system.
Pay invoices page
When you open the Pay invoice page, all invoices are preselected by default. You can choose to pay them all or select those you want to pay.
Note: If you use divisions with separate funds, when you open the Pay invoice page, all invoices for the top-level division are selected by default. Use the For dropdown to view the unpaid invoices by division in your account.
Purchase orders and invoices page
On the new Purchase orders and invoices page, you can create a purchase order (PO). In the Purchaseorders table, you can view pending and rejected POs. After we approve a PO, it becomes an invoice and moves to the Invoices table.
Note: If you use divisions with separate funds, you see the Purchase order and invoice summary page. When you click a division name, it opens the Purchase order and invoices page, where you can view the POs and invoices for that division.
In the Invoices column of the Invoices table, you can see the invoice number and the PO from which we generated it. You can download a copy of the invoice or pay the invoice. When you click Pay invoice, we take you to the Pay invoice page to pay the invoice and make the funds available in your account.
Existing PO and Invoice migration
CertCentral Services API: View balance enhancements
To help you track financial data in your API integrations, we updated the View balance endpoint to return the following data:
unpaid_invoice_balance
negative_balance_limit
used_credit_from_other_containers
total_available_funds
Example response:
For more information, see the documentation for the View balance endpoint.
CertCentral Services API: Auto-reissue support for Multi-year Plans
We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.
You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.
Enable auto-reissue for a new order
To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue
.
By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue
parameter to 1
in the body of your request.
Example request body:
Note: In new order requests, we ignore the auto_reissue
parameter if:
Update auto-reissue setting for existing orders
To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.
Get auto-reissue setting for an existing order
To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue
. The auto_reissue
parameter returns the current auto-reissue setting for the order.
ICA certificate chain selection for public DV flex certificates
We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:
You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.
This feature allows you to:
Configure ICA certificate chain selection
To enable ICA selection for your account:
For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.
DigiCert Services API: DV certificate support for ICA certificate chain selection
In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:
Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.
Example DV certificate request:
For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.
Upcoming scheduled maintenance
On March 6, 2021, between 22:00 – 24:00 MST (March 7, 2021, between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.
Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.
What can you do?
Please plan accordingly.
Services will be restored as soon as the maintenance is completed.
API de servicio de CertCentral: Nuevos terminales de subcuentas
Para hacer que sea más fácil administrar sus subcuentas, agregamos dos nuevos terminales a la API de servicio de CertCentral: Lista de dominios de la subcuenta y Lista de organizaciones de la subcuenta.
API de servicio de CertCentral: terminal mejorada de Crear subcuenta
Para darle mayor control sobre sus subcuentas, agregamos dos nuevos parámetros de solicitud al terminal Crear subcuenta: child_name
y max_allowed_multi_year_plan_length
.
child_name
: use este parámetro para configurar el nombre personalizado para mostrar para la subcuenta.max_allowed_multi_year_plan_length
: use este parámetro para personalizar la duración máxima de los pedidos de Planes multianuales para la subcuenta.Ejemplo de solicitud JSON:
Después de crear una subcuenta, use el terminal Información de la subcuenta para ver el nombre "para mostrar" de la subcuenta y la duración del pedido del Plan multianual permitida.
Próximo mantenimiento programado
El 6 de febrero de 2021 de 22:00 a 24:00 MST (7 de febrero de 2021 de 05:00 a 07:00 UTC), DigiCert realizará mantenimiento crítico.
Durante el mantenimiento, los servicios que se enumeran a continuación estarán inactivos unos 60 minutos. Sin embargo, debido al alcance del trabajo que se está realizando, es posible que haya interrupciones adicionales en el servicio durante el período de mantenimiento de dos horas.
No podrá iniciar sesión en estas plataformas y acceder a estos servicios y a estas API:
DigiCert no podrá emitir certificados para estos servicios y API:
Estos servicios no se verán afectados por las actividades de mantenimiento:
Nota sobre la API:
¿Qué puedo hacer?
Planifique en consecuencia:
Los servicios se restablecerán tan pronto como se complete el mantenimiento.
API de servicio de CertCentral: terminal mejorada de Correos electrónicos de dominio
Para hacer que sea más fácil encontrar las direcciones de correo electrónico de DNS TXT que reciben correos electrónicos de validación de DigiCert para la validación de control de dominio (DCV) basada en el correo electrónico, agregamos un nuevo parámetro de respuesta al terminal Correos electrónicos de dominio: dns_txt_emails
.
El parámetro dns_txt_emails
devuelve una lista de direcciones de correo electrónico encontradas en el registro DNS TXT para el dominio. Estas son las direcciones de correo electrónico que encontramos en el registro DNS TXT en el subdominio _validation-contactemail
del dominio que se está validando.
Ejemplo de respuesta con nuevo parámetro:
Para obtener más información sobre el método DCV recientemente admitido de enviar un correo electrónico al contacto de DNS TXT:
Para obtener información sobre cómo validar los dominios en pedidos de certificados DV:
Para obtener información sobre cómo validar los dominios en pedidos de certificados OV/EV:
API de servicio de CertCentral: Nuevos terminales Detalles del pedido de unidades y Cancelar el pedido de unidades
Nos complace anunciar que agregamos dos nuevos terminales a la API de servicios de CertCentral: Detalles del pedido de unidades y Cancelar el pedido de unidades.
Estos terminales le permiten obtener información sobre un pedido de unidades y cancelar un pedido de unidades.
Cancelar pedidos de unidades:
Si administra una subcuenta que usa unidades como método de pago, ahora puede usar la API de servicios para hacer las siguientes tareas:
API de servicio de CertCentral: terminales mejorados de Lista de productos, Límites de productos e Información del producto
Para hacer que sea más fácil encontrar los períodos de validez del pedido disponibles para los productos de certificados digitales en su cuenta, agregamos nuevos parámetros de respuesta a los terminales Lista de productos, Límites de productos e Información del producto.
Estos nuevos parámetros de respuesta le permiten ver los límites de validez del pedido predeterminados y personalizados para cada producto en su cuenta.
Terminal de Lista de productos
El parámetro allowed_order_validity_years
devuelve una lista de los períodos de validez del pedido admitidos para cada producto en su cuenta.
Terminal de Límites de productos
El parámetro allowed_order_lifetimes
devuelve una lista de límites personalizados de validez del pedido para usuarios con distintas asignaciones de rol de división y rol de usuario en su cuenta.
Terminal de Información del producto
allowed_order_validity_years
devuelve una lista de períodos de validez del pedido que están disponibles cuando solicita el producto de certificado.custom_order_expiration_date_allowed
devuelve un valor booleano que describe si puede configurar una fecha personalizada de vencimiento del pedido cuando solicita el producto de certificado.API de servicio de CertCentral: terminal mejorada de Información de pedidos de la subcuenta
Para hacer que sea más fácil encontrar información sobre los períodos de validez para los pedidos de la subcuenta, agregamos nuevos parámetros de respuesta al terminal Información de pedidos de la subcuenta. Estos nuevos parámetros de respuesta le permiten ver la fecha de inicio del pedido, la fecha de finalización del pedido y si el pedido es un Plan multianual.
is_multi_year_plan
devuelve "1"
si el pedido es un Plan multianual.order_valid_from
devuelve la fecha de inicio del período de validez del pedido.order_valid_till
devuelve la fecha de finalización del período de validez del pedido.Ejemplo de respuesta con nuevos parámetros
Próximo mantenimiento programado
El 9 de enero de 2021 de 22:00 a 24:00 MST (10 de enero de 2021 de 05:00 a 07:00 UTC), DigiCert realizará mantenimiento programado.
Aunque tenemos redundancias para proteger su servicio, algunos servicios de DigiCert podrían no estar disponibles en este momento.
¿Qué puede hacer?
Planifique en consecuencia.
Los servicios se restablecerán tras el mantenimiento.
API de servicio de CertCentral: Actualizar la configuración de notificaciones de renovación
Agregamos un nuevo terminal al contrato de la API de servicios de CertCentral: Actualizar la configuración de notificaciones de renovación. Use este terminal para habilitar o deshabilitar las notificaciones de renovación para un pedido de certificado.
Para obtener más información, visite el tema de referencia para este terminal en la documentación de la API de servicios:
Personalizar la duración de su Plan multianual de DigiCert
Nos complace anunciar que ahora puede configurar una duración personalizada para su Plan multianual (MyP) cuando solicita un certificado TLS en CertCentral. En los formularios de solicitud de certificado TLS, use la nueva opción Validez del pedido personalizada para personalizar la duración de su pedido de certificados TLS.
Nota: La validez máxima del certificado TLS es de 397 días según las prácticas recomendadas de la industria. Consulte Fin de los certificados SSL/TLS públicos de 2 años.
Las duraciones de pedidos del Plan multianual personalizadas se pueden configurar en días o por fecha de vencimiento. La duración máxima del pedido es de 2190 días (6 años). La duración mínima del pedido es de 7 días.
Nota: Los pedidos personalizados se inician el día en que emitimos el certificado para el pedido. Los precios del pedido se prorratean para coincidir con el certificado seleccionado y la duración personalizada del pedido.
Para personalizar su cobertura del Plan multianual
Configuración del producto actualizada para certificados TLS públicos
Para darle más control sobre el proceso de solicitud de sus certificados, actualizamos la configuración del producto para los certificados TLS públicos. Ahora, puede determinar las duraciones de pedidos de Planes multianuales permitidas que los usuarios pueden seleccionar al solicitar un certificado TLS público.
En la página de configuración de producto del certificado TLS, use la opción Períodos de validez permitidos para determinar qué duraciones de pedidos de Planes multianuales aparecen en un formulario de solicitud de certificado TLS: 1 año, 2 años, 3 años, 4 años, 5 años y 6 años. Tenga en cuenta que los cambios hechos a las configuraciones de productos se aplican a las solicitudes realizadas a través de CertCentral y de la API de servicios.
Nota: Anteriormente, la opción Períodos de validez permitidos se usaba para determinar la duración máxima del certificado que un usuario podía seleccionar al pedir un certificado TLS público. No obstante, como la industria está pasando a un certificado de 1 año, esta opción ya no se necesita para las duraciones de los certificados. Consulte Fin de los certificados SSL/TLS públicos de 2 años.
Para configurar las duraciones de pedidos de Planes multianuales permitidas para un certificado TLS
La próxima vez que un usuario pida un certificado Secure Site OV, solamente verá las duraciones del período de validez que seleccionó en el formulario de solicitud.
Nota: Establecer límites para las duraciones de un pedido de Plan multianual elimina la opción de validez personalizada de sus formularios de solicitud de certificado TLS.
Página de dominios de CertCentral: informe mejorado de domains.csv
En la página Dominios, mejoramos el informe de CSV para hacer más fácil realizar un seguimiento de las fechas de vencimiento de validación de dominios de OV y EV, y para ver el método de validación de control de dominio (DCV) utilizado anteriormente.
La próxima vez que descargue el archivo de CSV, verá tres columnas nuevas en el informe:
Para descargar el informe de domains.csv
Cuando abra domains.csv, debería ver las nuevas columnas e información en su informe.
Página de pedidos de CertCentral: tiempos de carga mejorados
En CertCentral, actualizamos la página de Pedidos para mejorar los tiempos de carga para aquellos que administran grandes volúmenes de pedidos de certificados. La próxima vez que visite la página de Pedidos, se abrirá mucho más rápido (en el menú principal izquierdo, vaya a Certificados > Pedidos).
Para mejorar los tiempos de carga, cambiamos la forma en que filtramos sus pedidos de certificados en la vista inicial de la página. Anteriormente, filtrábamos la página para que mostrara solamente los pedidos de certificados Activos. Sin embargo, esto era problemático para aquellos con grandes volúmenes de pedidos de certificados. Cuantos más pedidos tenía en su cuenta, más tardaba la página de Pedidos en abrirse.
Ahora, cuando visita la página, devolvemos todos sus certificados, sin filtrar, en orden descendente con los pedidos de certificados creados más recientemente primeros en la lista. Para ver solamente sus certificados activos, en la lista desplegable de Estados, seleccione Activos y haga clic en Ir.
API de servicio de CertCentral: Comprar unidades para subcuentas y ver pedidos de unidades
En la API de servicios de CertCentral, hemos agregado nuevos terminales para comprar unidades y ver los pedidos de unidades. Ahora, si administra subcuentas que usan unidades como método de pago para las solicitudes de certificados, puede usar la API de servicios para comprar más unidades para una subcuenta y para obtener información de su historial de pedidos de unidades.
Para obtener más información, consulte la documentación de referencia para los terminales nuevos:
API de servicio de CertCentral: Actualizaciones de la documentación
Nos complace anunciar las siguientes actualizaciones a la documentación para la API de servicios de CertCentral:
emergency_emails
a la documentación para el terminal Actualizar correos electrónicos de la cuenta. Use este parámetro para actualizar las direcciones de correo electrónico que reciben notificaciones de emergencia de DigiCert.Ejemplo de cuerpo de solicitud Actualizar correos electrónicos de la cuenta:
validation_type
, allowed_ca_certs
, y default_intermediate
a la documentación para el terminal Información del producto.validation_type
para obtener el tipo de validación para un producto determinado.allowed_ca_certs
para obtener información sobre los certificado ICA que puede seleccionar al pedir un producto determinado. *default_intermediate
para obtener la Id. de la ICA predeterminada para un producto determinado. *Ejemplo de datos de respuesta Información del producto:
* Nota: El terminal Información del producto solamente devuelve los parámetros allowed_ca_certs
y default_intermediates
para productos que admiten la selección de ICA. Para certificados SSL públicos que admiten la selección de ICA (certificados flexibles OV y EV), estos parámetros solamente se devuelven si la selección de ICA está habilitada para la cuenta. Además, el parámetro default_intermediates
solamente se devuelve si un administrador ha personalizado la configuración de un producto para un rol de división o de usuario en la cuenta. Para obtener más información, consulte Opción de cadena de certificados ICA para certificados flexibles públicos OV y EV.
API de servicio de CertCentral: se agregaron autentificadores de DCV para nuevos dominios a los datos de respuestas para los pedidos de certificados OV y EV
Hemos actualizado los terminales para solicitar certificados OV y EV SSL públicos para que devuelvan los autentificadores de solicitud de validación de control de dominio (DCV) para los nuevos dominios en el pedido.
Ahora, cuando solicita un certificado OV o EV, ya no tiene que emitir solicitudes separadas para obtener los autentificadores de solicitud DCV para los nuevos dominios en el pedido. En cambio, puede obtener los autentificadores directamente de los datos de respuesta para la solicitud del pedido.
Datos de respuesta de ejemplo:
Nota: El objeto dcv_token
no se devuelve para dominios que se validarán conforme al alcance de otro dominio en el pedido, para dominios que ya existan en su cuenta, o para subdominios de dominios existentes.
Esta actualización se aplica a los siguientes terminales:
Selección de cadena de certificados ICA para certificados flexibles públicos OV y EV
Nos complace anunciar que los certificados OV y EV públicos con capacidades flexibles ahora admiten la selección de cadena de certificados de CA intermedia.
Puede agregar una opción a su cuenta de CertCentral que le permita controlar qué cadena de certificados de ICA de DigiCert emite sus certificados "flexibles" OV y EV públicos.
Esta opción le permite:
Configurar la selección de cadena de certificados ICA
Para habilitar la selección de ICA para su cuenta, póngase en contacto con el gestor de su cuenta o con nuestro Equipo de asistencia. Después, en su cuenta de CertCentral, en la página Configuración del producto (en el menú principal izquierdo, vaya a Configuración > Configuración del producto), configure los intermediarios predeterminados y permitidos para cada tipo de certificado flexible OV y EV.
Para obtener más información e instrucciones paso a paso, consulte Opción de cadena de certificados ICA para certificados flexibles públicos OV y EV.
Soporte de la API de servicios de DigiCert para la selección de cadena de certificados ICA
En la API de servicios de DigiCert, hicimos las siguientes actualizaciones para admitir la selección de ICA en sus integraciones de la API:
ca_cert_id
en el cuerpo de su solicitud de pedidoEjemplo de solicitud de certificado flexible:
Para obtener más información sobre cómo usar la selección de ICA en sus integraciones de la API, consulte Ciclo de vida de certificado OV/EV: selección de ICA (opcional).
Planes multianuales de DigiCert® disponibles para todos los certificados SSL/TLS públicos de DigiCert
Nos complace anunciar que los Planes multianuales ahora se encuentran disponibles para todos los certificados SSL/TLS públicos en CertCentral. Estos planes le permiten pagar un único precio con descuento por hasta seis años de cobertura de certificado SSL/TLS.
Nota: Los contratos de acuerdo de licencia comercial (ELA) admiten solamente Planes multianuales de 1 y 2 años. Los contratos de tarifa plana no admiten Planes multianuales. Si tiene un contrato de tarifa plana, comuníquese con su gestor de cuenta para encontrar una solución que sirva para su contrato.
Con los Planes multianuales, usted elige el certificado SSL/TLS, la duración de cobertura que desee (hasta seis años) y la validez del certificado. Hasta que el plan caduque, puede volver a emitir el certificado sin costo cada vez que llegue al final de su período de validez. Para obtener más información, consulte Planes multianuales.
Cambios en la API de servicios de DigiCert para admitir Planes multianuales
En nuestra API de servicios, actualizamos nuestros terminales de certificados SSL/TLS públicos para que admitan el pedido de un certificado con un Plan multianual.
En cada terminal para solicitar un certificado SSL/TLS público, agregamos nuevos parámetros de solicitud opcionales*. Además, hemos actualizado estos terminales para que el período de validez de su pedido ya no tenga que coincidir con el período de validez de su certificado.
* Nota: Las solicitudes deben incluir un valor para el objeto order_validity o para uno de los parámetros de validez del pedido de nivel superior: validity_years, validity_days, o custom_expiration_date. Los valores que proporcionó en el objeto order_validity anulan los parámetros de validez de nivel superior.
Estos cambios no deben afectar a sus integraciones actuales. Sin embargo, para maximizar la cobertura de sus SSL/TLS, es recomendable comprar sus certificados SSL/TLS públicos con un Plan multianual. Para las integraciones de API, consulte Pedir Plan multianual.
Solicitud de certificado de ejemplo con los nuevos parámetros