Filtrage par : CAA resource record x effacer
new

CertCentral Services API: Domain locking API endpoints

DigiCert is happy to announce our domain locking feature is now available in the CertCentral Services API.

Note: Before you can use the domain locking endpoints, you must first enable domain locking for your CertCentral account. See Domain locking  – Enable domain locking for your account.

New API endpoints

Updated API endpoints

We updated the response for the Domain info and List domains endpoints to include the following parameters with domain lock details:

  • domain_locking_status (string)
    Domain lock status. Only returned if domain locking is enabled for the account.
  • account_token (string)
    Domain lock account token. Only returned if domain locking is enabled for the account, and if domain locking has been activated for the domain at least once.

To learn more, see:

new

CertCentral: Domain locking is now available

DigiCert is happy to announce our domain locking feature is now available.

Does your company have more than one CertCentral account? Do you need to control which of your accounts can order certificates for specific company domains?

Domain locking allows you to control which of your CertCentral accounts can order certificates for your domains.

How does domain locking work?

DNS Certification Authority Authorization (CAA) resource records allow you to control which certificate authorities can issue certificates for your domains.

With domain locking, you can use this same CAA resource record to control which of your company's CertCentral accounts can order certificates for your domains.

How do I lock a domain?

To lock a domain:

  1. Enable domain locking for your account.
  2. Set up domain locking for a domain.
  3. Add the domain's unique verification token to the domain's DNS CAA resource record.
  4. Check the CAA record for the unique verification token.

To learn more, see:

new

End of life for account upgrades from Symantec, GeoTrust, Thawte or RapidSSL to CertCentral™

From April 5, 2022, MDT, you can no longer upgrade your Symantec, GeoTrust, Thawte, or RapidSSL account to CertCentral™.

If you haven't already moved to DigiCert CertCentral, upgrade now to maintain website security and have continued access to your certificates.

Note: During 2020, DigiCert discontinued all Symantec, GeoTrust, Thawte, RapidSSL admin consoles, enrollment services, and API services.

How do I upgrade my account?

To upgrade your account, contact DigiCert Support immediately. For more information about the account upgrade process, see Upgrade from Symantec, GeoTrust, Thawte, or RapidSSL.

What happens if I don't upgrade my account to CertCentral?

After April 5, 2022, you must get a new CertCentral account and manually add all account information, such as domains and organizations. In addition, you won't be able to migrate any of your active certificates to your new account.

For help setting up your new CertCentral account after April 5, 2022, contact DigiCert Support.

compliance

Exigences des normes de l’industrie concernant l’ajout de l’extension « CanSignHttpExchanges » à un certificat SSL/TLS ECC :

  • Enregistrement de ressource CAA pour le domaine, comprenant le paramètres "cansignhttpexchanges=yes"*
  • Paire de clés ECC (Elliptic Curve Cryptography)
  • Extension CanSignHttpExchanges
  • Validité maximale de 90 jours*
  • Utilisé seulement pour les échanges HTTP signés

*Remarque : Ces exigences sont entrées en vigueur le 1er mai 2019. L’extension Signed HTTP Exchanges est actuellement en cours de développement. D’autres modifications pourraient être apportées aux exigences à mesure que l’industrie continue d’évoluer.

L’obligation d’une validité maximale de 90 jours ne concerne pas les certificats émis avant le 1er mai 2019. Sachez que la période de validité des certificats réémis sera écourtée à 90 jours à compter de l’heure de réémission. Vous pouvez toutefois continuer de réémettre le certificat pendant toute la période de validité achetée.

Extension CanSignHttpExchanges

Récemment, nous avons intégré un nouveau profil de certificat, HTTP Signed Exchanges, afin de résoudre le problème d’affichage des URL AMP et faire en sorte que votre marque soit correctement spécifiée dans la barre d’adresse. Consultez la page Display better AMP URLs with Signed HTTP Exchanges (Optimiser les URL AMP grâce aux échanges HTTP signés).

Cette nouvelle option de profil vous permet d’inclure l’extension « CanSignHttpExchanges » aux certificats SSL/TLS OV et EV. Une fois activée pour votre compte, l’option Include the CanSignHttpExchanges extension in the certificate (Inclure l’extension CanSignHttpExchanges dans le certificat) apparaît sur les formulaires de vos certificats SSL/TLS OV et EV sous Additional Certificate Options (Options de certificat supplémentaires). Consultez la page Obtenir un certificat Signed HTTP Exchanges.

Pour activer ce profil de certificat pour votre compte, veuillez joindre votre représentant commercial ou contacter votre équipe de support.