A TLS certificate chain includes a root certificate, an intermediate certificate authority (ICA) certificate, and a server certificate. The issuing ICA certificate is the link between the root certificate and your server certificate.
By default, CertCentral issues public TLS certificates from mixed SHA-256 certificate chains: SHA-1 root certificate and SHA-256 ICA certificate. We do this to provide you with the best root ubiquity. Mixed public SHA-256 certificate chains can issue SHA-256 and ECC server certificates.
Mixed public SHA-256 certificate chains are secure and industry compliant. A mixed certificate chain may include a SHA-1 root certificate, a SHA-256 ICA certificate, and SHA-256 server certificates. It may also include a SHA-1 root certificate, a SHA-256 ICA certificate and an ECC 384 EDCSA server certificate.
All browsers support mixed public TLS certificate chains. However, some non-browser applications don't support SHA-1 root certificates. Additionally, some organization policies require full SHA-256 and ECC 256/384 EDCSA chains for their public TLS certificates.
You can add an option to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues your public OV and EV flex certificates.
This option allows you to:
Enabling the ICA certificate chain selection option automatically adds new options/menus to your flex certificate order forms and flex certificate product settings.
Order forms – Intermediate chains [Intermediate CA] > [Root CA] menu
This new menu appears on all flex certificate order forms and allows the certificate requestor to see the ICA certificate chain that will issue the flex certificate. By default, it also allows the requestor to select the ICA certificate chain that should issue the certificate.
On the order form, this menu is in the Additional certificate options section.
You cannot remove this menu from the order forms. However, you can use the flex certificate product settings to control which ICA certificate chains appear in the menu.
Product settings – Allowed intermediate chains [Intermediate CA] > [Root CA] menu
This new menu appears in the product settings for all flex certificate and allows you to control how the Intermediate chains [Intermediate CA] > [Root CA] menu works on the flex certificate's order form. You can select which ICA certificate chains the requestor can use to issue the certificate.
By default, this setting allows the certificate requestor to use any of the available ICA certificate chains to issue the flex certificate.
Product settings – Default intermediate chain
This new menu appears in the product settings for all flex certificate and allows you to configure the default ICA certificate chain that should issue the flex certificate.
Enabling the ICA certificate chain selection option does not change the default intermediate chain for any of the flex products. You must change the default ICA certificate chain for each flex certificate.
Topics
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.
Ce site utilise des cookies et d'autres technologies de suivi pour faciliter la navigation et vous permettre d'apporter vos commentaires, pour analyser votre utilisation de nos produits et services, pour faciliter notre marketing et nos promotions et pour fournir du contenu aux tierces parties. Consultez notre politique de cookies et notre politique de confidentialité pour en savoir plus.