Marzo 12, 2021
CertCentral Services API: Auto-reissue support for Multi-year Plans
We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.
You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.
Enable auto-reissue for a new order
To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.
By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.
Example request body:
Note: In new order requests, we ignore the auto_reissue parameter if:
- The product does not support Multi-year Plans.
- Multi-year Plans are disabled for the account.
Update auto-reissue setting for existing orders
To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.
Get auto-reissue setting for an existing order
To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.
ICA certificate chain selection for public DV flex certificates
We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:
- GeoTrust DV SSL
- Thawte SSL 123 DV
- RapidSSL Standard DV
- RapidSSL Wildcard DV
- Encryption Everywhere DV
You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.
This feature allows you to:
- Set the default ICA certificate chain for each supported public DV certificate.
- Control which ICA certificate chains certificate requestors can use to issue their DV certificate.
Configure ICA certificate chain selection
To enable ICA selection for your account:
- Contact your account manager or our Support team.
- Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
- On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.
For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.
DigiCert Services API: DV certificate support for ICA certificate chain selection
In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:
- Updated the Product list endpoint
After adding the ICA certificate selection chain feature to your account, the Product list endpoint returns each ICA certificate's name and ID available to issue end-entity certificates for the supported DV products (see allowed_ca_certs). - Updated the Product limits endpoint
After you configure the allowed and default ICA certificates for a DV product, the Product limits endpoint returns the default issuing ICA (default_intermediate) and allowed issuing ICAs (allowed_intermediates) that certificate requestor with a given container and user role assignment can select. - Updated the Product info endpoint
The Product list endpoint now returns the name, ID, and certificate chain information for the issuing ICAs you can select when you request a given product (see allowed_ca_certs). - Added support for ICA chain selection to these DV certificate order requests:
Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.
Example DV certificate request:
For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.
Febbraio 17, 2021
CertCentral Services API: Improved Create subaccount endpoint
To give you more control over your subaccounts, we added two new request parameters to the Create subaccount endpoint: child_name and max_allowed_multi_year_plan_length.
child_name– Use this parameter to set a custom display name for the subaccount.max_allowed_multi_year_plan_length– Use this parameter to customize the maximum length of Multi-year Plan orders for the subaccount.
Example JSON request:
After creating a subaccount, use the Subaccount info endpoint to view a subaccount's "display" name and allowed Multi-year Plan order length.
Gennaio 20, 2021
CertCentral Services API: New Unit order details and Cancel unit order endpoints
We are happy to announce we added two new endpoints to the CertCentral Services API: Unit order details and Cancel unit order.
These endpoints allow you to get information about a unit order and to cancel a unit order.
Canceling unit orders:
- You can only cancel an order within thirty days of placing it.
- You cannot cancel a unit order if the subaccount on the order has spent any of the units.
If you manage a subaccount that uses units as its payment method, you can now use the Services API to do the following tasks:
CertCentral Services API: Improved Product list, Product limits, and Product info endpoints
To make it easier to find the available order validity periods for the digital certificate products in your account, we added new response parameters to the Product list, Product limits, and Product info endpoints.
These new response parameters allow you to view the default and customized order validity limits for each product in your account.
The allowed_order_validity_years parameter returns a list of the supported order validity periods for each product in your account.
The allowed_order_lifetimes parameter returns a list of the customized order validity limits for users with different division and user role assignments in your account.
- The
allowed_order_validity_yearsparameter returns a list of the order validity periods that are available when you request the certificate product. - The
custom_order_expiration_date_allowedparameter returns a boolean value that describes whether you can set a custom order expiration date when you request the certificate product.
CertCentral Services API: Improved Subaccount order info endpoint
To make it easier to find information about the validity periods for subaccount orders, we added new response parameters to the Subaccount order info endpoint. These new response parameters allow you to see the order start date, the order end date, and whether the order is a Multi-year Plan.
- The
is_multi_year_planparameter returns"1"if the order is a Multi-year Plan. - The
order_valid_fromparameter returns the start date of the order validity period. - The
order_valid_tillparameter returns the end date of the order validity period.
Example response with new parameters
Dicembre 17, 2020
Customize the lifetime of your DigiCert Multi-year Plan
We are happy to announce you can now configure a custom lifetime for your Multi-year Plan (MyP) when requesting a TLS certificate in CertCentral. On the TLS certificate request forms, use the new Custom order validity option to customize the length of your TLS certificate order.
Note: Maximum TLS certificate validity is 397 days per industry best practices. See End of 2-Year public SSL/TLS certificates.
Custom Multi-year Plan order lengths can be set in days or by expiration date. Maximum order length is 2190 days (6 years). Minimum order length is 7 days.
Note: Custom orders start on the day we issue the certificate for the order. Order pricing is prorated to match the certificate selected and your custom order length.
To customize your MyP coverage
- On the Request certificate form, click Select coverage length.
- In the How long do you need to protect your site pop-up window, select Custom order validity.
- Under Select your customer order length, configure the lifetime for your Multi-year Plan:
- Custom order length
Specify the length of your plan in days. - Custom order expiration date
Select the day you want your plan to expire on.
- Custom order length
- Click Save.
Updated product settings for public TLS certificates
To provide more control over your certificate order process, we updated the product settings for public TLS certificates. Now, you can determine the allowed Multi-year Plan order lengths users can select from when ordering a public TLS certificate.
On the TLS certificate's product settings page, use the Allowed validity periods option to determine what MyP order lengths appear on a TLS certificate request form: 1 Year, 2 Years, 3 Years, 4 Years, 5 Years, and 6 Years. Note that changes made to product settings apply to requests placed through CertCentral and the Services API.
Note: Previously, the Allowed validity periods option was used to determine the maximum certificate lifetime a user could select when ordering a public TLS certificate. However, with the industry move to 1-year certificate this option is no longer needed for certificate lengths. See End of 2-Year public SSL/TLS certificates.
To configure the allowed MyP order lengths for a TLS certificate
- In the left main menu, go to Settings > Product Settings.
- On the Product Settings page, select a public TLS certificate. For example, select Secure Site OV.
- Under Secure Site OV, in the Allowed validity periods dropdown, select the validity periods.
- Click Save Settings.
The next time a user orders a Secure Site OV certificate, they will only see the validity period lengths you selected on the request form.
Note: Setting limits on Multi-year Plan order lengths removes the custom validity option from your TLS certificate request forms.
CertCentral Domains page: Improved domains.csv report
On the Domains page, we improved the CSV report to make it easier to track OV and EV domain validation expiration dates and to view the previously used domain control validation (DCV) method.
The next time you download the CSV file, you will see we three new columns in the report:
- OV Expiration
- EV Expiration
- DCV Method
To download the domains.csv report
- In the left main menu, go to Certificates > Domains.
- On the Domains page, in the Download CSV dropdown, select Download All Records.
When you open the domains.csv, you should see the new columns and information in your report.
Ottobre 16, 2020
CertCentral Enterprise: Multi-year Plans now available
We are happy to announce that Multi-year Plans are now available in CertCentral Enterprise.
DigiCert® Multi-year Plans allow you to pay a single discounted price for up to six years of SSL/TLS certificate coverage. With Multi-year Plans, you pick the SSL/TLS certificate, the duration of coverage you want (up to six years), and the certificate validity. Until the plan expires, you reissue your certificate at no cost each time it reaches the end of its validity period.
Note: Enterprise License Agreement (ELA) and Flat Fee contracts only support 1 and 2-year Multi-year Plans.
As of September 1, 2020, the maximum validity of an SSL/TLS certificate is 397 days. When the active certificate for a Multi-year Plan is about to expire, you reissue the certificate to maintain your SSL/TLS coverage.
- For more information, see Multi-year Plans.
- For API integrations, see Order Multi-year Plan.
Agosto 26, 2020
DigiCert® Multi-year Plans available for all DigiCert public SSL/TLS certificates
We are happy to announce that Multi-year Plans are now available for all public SSL/TLS certificates in CertCentral. These plans allow you to pay a single discounted price for up to six years of SSL/TLS certificate coverage.
Note: Enterprise License Agreement (ELA) contracts support only 1 and 2-year Multi-year Plans. Flat Fee contracts do not support Multi-year Plans. If you have a Flat Fee contract, please contact your account manager to find a solution that works with your contract.
With Multi-year Plans, you pick the SSL/TLS certificate, the duration of coverage you want (up to six years), and the certificate validity. Until the plan expires, you reissue your certificate at no cost each time it reaches the end of its validity period. For more information, see Multi-year Plans.
DigiCert Services API changes to support Multi-year Plans
In our Services API, we updated our public SSL/TLS certificate endpoints to support ordering a certificate with a Multi-year Plan.
To each endpoint for ordering a public SSL/TLS certificate, we added new optional* request parameters. Additionally, we've updated these endpoints such that the validity period of your order no longer must match the validity period of your certificate.
- New optional cert_validity parameter
Use this parameter to define the validity period of the first certificate issued for the order. If you omit the cert_validity parameter from your request, your certificate validity defaults to the maximum validity that DigiCert and industry standards allow, or the validity period of the order, whichever is sooner. - New optional order_validity parameter*
Use this parameter to define the validity period for the order. Order validity determines the length of a Multi-year Plan. - Updated top-level validity_years, validity_days, custom_expiration_date parameters*
For existing API integrations, you can still use these existing parameters to define the validity period of the order. However, we recommend updating your integrations to use the new parameters instead. Remember, with Multi-year Plans, your order can have a different validity period than your certificate.
*Note: Requests must include a value for either the order_validity object or for one of the top-level order validity parameters: validity_years, validity_days, or custom_expiration_date. The values provided in the order_validity object override the top-level validity parameters.
These changes should not affect your current integrations. However, to maximize your SSL/TLS coverage, you may want to start purchasing your public SSL/TLS certificates with a Multi-year Plan. For API integrations, see Order Multi-year Plan.
Example certificate request with new parameters
