A TLS certificate chain includes a root certificate, intermediate certificate authority (ICA) certificate, and server certificate. The issuing ICA certificate is the link between the root certificate and your server certificate.
By default, CertCentral issues public TLS certificates from mixed SHA-256 certificate chains: SHA-1 root certificate and SHA-256 ICA certificate. We do this to provide you with the best root ubiquity. Mixed public SHA-256 certificate chains can issue SHA-256 and ECC server certificates.
Mixed public SHA-256 certificate chains are secure and industry compliant. A mixed certificate chain may include a SHA-1 root certificate, SHA-256 ICA certificate, and SHA-256 server certificates. It may also have a SHA-1 root certificate, SHA-256 ICA certificate, and ECC 384 EDCSA server certificate.
All browsers support mixed public TLS certificate chains. However, some non-browser applications don't support SHA-1 root certificates. Additionally, some organization policies require full SHA-256 and ECC 256/384 EDCSA chains for their public TLS certificates.
You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues your public DV, OV, and EV TLS certificates.
This option allows you to:
When your account manager enables this feature, DigiCert automatically adds new options or menus to the supported TLS certificate order forms and TLS certificate product settings.
This new menu appears on all supported TLS certificate order forms and allows the certificate requester to see the ICA certificate chain available to issue the flex certificate. By default, it also allows the requester to select the ICA certificate chain that should issue the certificate.
On the order form, this menu is in the Additional certificate options section.
You cannot remove this menu from the order forms. However, you can use the TLS certificate product settings to control which ICA certificate chains appear in the menu.
This new menu appears in the product settings for all supported TLS certificates. It allows you to control how the Intermediate chains [Intermediate CA] > [Root CA] menu works on the flex certificate's order form. You can select which ICA certificate chains the requester can use to issue the certificate.
By default, this setting allows the certificate requester to use any available ICA certificate chains to issue the flex certificate.
Enabling the ICA certificate chain selection feature does not change the default intermediate chain for any supported certificates. You must change the default ICA certificate chain for the TLS certificate.
Topics
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.
Ce site utilise des cookies et d'autres technologies de suivi pour faciliter la navigation et vous permettre d'apporter vos commentaires, pour analyser votre utilisation de nos produits et services, pour faciliter notre marketing et nos promotions et pour fournir du contenu aux tierces parties. Consultez notre politique de cookies et notre politique de confidentialité pour en savoir plus.