Filtraggio per: CAA resource record x cancella
new

CertCentral Services API: Domain locking API endpoints

DigiCert is happy to announce our domain locking feature is now available in the CertCentral Services API.

Note: Before you can use the domain locking endpoints, you must first enable domain locking for your CertCentral account. See Domain locking  – Enable domain locking for your account.

New API endpoints

Updated API endpoints

We updated the response for the Domain info and List domains endpoints to include the following parameters with domain lock details:

  • domain_locking_status (string)
    Domain lock status. Only returned if domain locking is enabled for the account.
  • account_token (string)
    Domain lock account token. Only returned if domain locking is enabled for the account, and if domain locking has been activated for the domain at least once.

To learn more, see:

new

CertCentral: Domain locking is now available

DigiCert is happy to announce our domain locking feature is now available.

Does your company have more than one CertCentral account? Do you need to control which of your accounts can order certificates for specific company domains?

Domain locking allows you to control which of your CertCentral accounts can order certificates for your domains.

How does domain locking work?

DNS Certification Authority Authorization (CAA) resource records allow you to control which certificate authorities can issue certificates for your domains.

With domain locking, you can use this same CAA resource record to control which of your company's CertCentral accounts can order certificates for your domains.

How do I lock a domain?

To lock a domain:

  1. Enable domain locking for your account.
  2. Set up domain locking for a domain.
  3. Add the domain's unique verification token to the domain's DNS CAA resource record.
  4. Check the CAA record for the unique verification token.

To learn more, see:

new

End of life for account upgrades from Symantec, GeoTrust, Thawte or RapidSSL to CertCentral™

From April 5, 2022, MDT, you can no longer upgrade your Symantec, GeoTrust, Thawte, or RapidSSL account to CertCentral™.

If you haven't already moved to DigiCert CertCentral, upgrade now to maintain website security and have continued access to your certificates.

Note: During 2020, DigiCert discontinued all Symantec, GeoTrust, Thawte, RapidSSL admin consoles, enrollment services, and API services.

How do I upgrade my account?

To upgrade your account, contact DigiCert Support immediately. For more information about the account upgrade process, see Upgrade from Symantec, GeoTrust, Thawte, or RapidSSL.

What happens if I don't upgrade my account to CertCentral?

After April 5, 2022, you must get a new CertCentral account and manually add all account information, such as domains and organizations. In addition, you won't be able to migrate any of your active certificates to your new account.

For help setting up your new CertCentral account after April 5, 2022, contact DigiCert Support.

compliance

Requisiti standard di settore per l’inclusione dell’estensione CanSignHttpExchanges in un certificato ECC SSL/TLS:

  • Record risorsa CAA per il dominio che include il parametro "cansignhttpexchanges=yes" *
  • Coppia di chiavi Elliptic Curve Cryptography (ECC)
  • Estensione CanSignHttpExchanges
  • Validità massima di 90 giorni*
  • Usato solo per lo Scambio HTTP firmati

*Nota: Questi requisiti entrano in vigore il 1° maggio 2019. L’estensione Scambi HTTP firmati è in fase di sviluppo attivo. Ci potrebbero essere altre modifiche ai requisiti unitamente allo sviluppo industriale.

Il requisito di validità certificato massima di 90 giorni non interessa i certificati emessi prima del 1° maggio 2019. Nota: il certificato riemesso sarà troncato a 90 giorni dal momento della riemissione. Tuttavia, puoi continuare a riemettere il certificato per il periodo di validità acquistato intero.

Estensione CanSignHttpExchanges

Di recente, abbiamo aggiunto un nuovo profilo certificato, Scambi HTTP firmati per risolvere il problema di visualizzazione dell’URL AMP URL dove il tuo marchio non veniva visualizzato nella barra degli indirizzi. Consulta Visualizza URL AMP migliori con Scambi firmati.

Questo nuovo profilo ti consente di includere l’estensione CanSignHttpExchanges nei certificati SSL/TLS OV ed EV. Una volta abilitata per il tuo account, l’opzione Includi l’estensione CanSignHttpExchanges nel certificato compare sui tuoi moduli di ordine certificato SSL/TLS OV ed EV sotto Opzioni certificato aggiuntive. Consulta Richiedi il tuo certificato Scambi HTTP firmati.

Per abilitare questo profilo certificato per il tuo account, contatta il tuo account manager o il nostro team di assistenza.