DIGICERT 2022 MAINTENANCE SCHEDULE
To make it easier to plan your certificate-related tasks, we scheduled our 2022 maintenance windows in advance. See DigiCert 2022 scheduled maintenance—this page is updated with all current maintenance schedule information.
With customers worldwide, we understand there is not a "best time" for everyone. However, after reviewing the data on customer usage, we selected times that would impact the fewest amount of our customers.
About our maintenance schedule
If you need more information regarding these maintenance windows, contact your account manager or DigiCert support team.
Upcoming Schedule Maintenance
Some DigiCert services will be down for a total of 20 minutes during scheduled maintenance on July 9, 2022, 22:00 – 24:00 MDT (July 10, 2022, 04:00 – 06:00 UTC).
Infrastructure-related maintenance downtime
The services listed below will be down for a total of 20 minutes while we perform our infrastructure-related maintenance. The downtime consists of two 10-minute windows, one at the start and one at the end of the infrastructure-related work:
*The plan is to end our maintenance at approximately 23:30 MDT (UTC –6). However, if issues occur, we will need to end this work early, which means the second downtime may happen earlier than planned.
Affected services
CertCentral® / Services API
CertCentral Automation / API
Discovery / API
Direct Cert Portal / API
QuoVadis® TrustLink® certificate issuance
PKI Platform 8 new domain and organization validation
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral Services API: Improved Order info API response
Update: To give API consumers more time to evaluate the impact of the Order info API response changes on their integrations, we are postponing this update until May 31, 2022. We originally planned to release the changes described below on April 25, 2022.
On May 31, 2022, DigiCert will make the following improvements to the Order info API. These changes remove unused values and update the data structure of the order details object to be more consistent for orders in different states across product types.
For more information and response examples for public TLS, code signing, document signing, and Class 1 S/MIME certificates, see the reference documentation for the Order info endpoint.
If you have questions or need help with these changes, contact your account representative or DigiCert Support.
Need to test your API integration?
To help CertCentral Services API consumers evaluate the impact of these changes, DigiCert is providing a beta server for API consumers to test their integrations prior to the May 31, 2022 release. To learn more, see our knowledge base article: DigiCert CertCentral Services API beta server.
General enhancements
The following changes apply to orders for various certificate types irrespective of order status.
Removed parameters:
public_id
(string)public_id
parameter. DigiCert no longer supports the Express Install workflow that required a public_id
value.certificate.ca_cert_id
(string)ca_cert_id
parameter. The value of this parameter is an internal ID for the issuing ICA certificate and cannot be used externally. The API already excludes the ca_cert_id
parameter from the order details for other product types.ca_cert
object instead.verified_contacts
(array of objects)verified_contacts
array. The API already excludes the verified_contacts
array from the order details for other product types.certificate.dns_names
(array of strings)dns_names
array.dns_names
array with an empty string: [" "]
certificate.organization_units
(array of strings)organization_units
array.organization_units
array with an empty string: [" "]
certificate.cert_validity
cert_validity
object, the API will only return a key/value pair for the unit used to set the certificate validity period when the order was created. For example, if the validity period of the certificate is for 1 year, the cert_validity
object will return a years
parameter with a value of 1.cert_validity
object sometimes returned values for both days
and years
.Added parameters:
order_validity
(object)order_validity
object.order_validity
object returns the days
, years
, or custom_expiration_date
for the order validity period. The API already includes an order_validity
object in the order details for public SSL/TLS products.payment_profile
(object)payment_profile
object. The API already includes a payment_profile
object in the order details for other product types.server_licenses
For DV certificate orders, the API will start returning the server_licenses
parameter. The API already includes the server_licenses
parameter in the order details for other product types.Unapproved order requests
The following changes apply only to certificate order requests that are pending approval or that have been rejected. These changes bring the data structure of the response closer to what the API returns after the request is approved and the order is submitted to DigiCert for validation and issuance.
To manage unapproved and rejected requests, we recommend using the Request endpoints (/request
) instead of retrieving the order details. We designed the /request
endpoints to manage pending and rejected certificate order requests, and these endpoints remain unchanged.
Note: For quicker certificate issuance, we recommend using a workflow that skips or omits the request approval step for new certificate orders. If your API workflow already skips or omits the approval step, you can safely ignore the changes below. Learn more about removing the approval step:
Added parameters:
disable_ct
(boolean)allow_duplicates
(boolean)cs_provisioning_method
(string)Removed parameters:
server_licenses
(integer)server_licenses
parameter. The API will continue including the server_licenses
parameter in order details for approved order requests.Improved organization
object
To provide a consistent data structure in the order details for unapproved and approved order requests, the API will return a modified organization
object on unapproved order requests for some product types.
The API will stop returning the following unexpected properties on unapproved order requests for all product types:
organization.status
(string)organization.is_hidden
(boolean)organization.organization_contact
(object)organization.technical_contact
(object)organization.contacts
(array of objects)The API will start returning the following expected properties, if existing, on unapproved order requests for all product types:
organization.name
(string)organization.display_name
(string)organization.assumed_name
(string)organization.city
(string)organization.country
(string)To get organization details not included in the Order info response, use the Organization info API endpoint.
CertCentral: Update organization and technical contacts from the organization's details page
We are happy to announce you can now manage your organization and technical contacts from your organization's details page. This new feature allows you to replace incorrect contacts anytime.
Note: Before, you could only view the existing organization and technical contacts when visiting the organization's details page. The only way to replace an organization or technical contact was when requesting a TLS certificate.
The next time you visit an organization's details page, you can update the organization contact and technical contact for the organization. After editing a contact, you will see the new contact information the next time you order a certificate that includes organization and technical contacts.
Items to note when replacing contacts:
See for yourself
Learn more:
CertCentral Services API: Update organization and technical contacts
To help you manage the organization and technical contacts for your organizations in your API integrations, we added the following endpoints to the CertCentral Services API:
Upcoming Schedule Maintenance
Update: There is no planned downtime during maintenance on May 7, MDT (May 8, UTC).
DigiCert will perform scheduled maintenance on May 7, 2022, between 22:00 – 24:00 MDT (May 8, 2022, between 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral Services API: Domain locking API endpoints
DigiCert is happy to announce our domain locking feature is now available in the CertCentral Services API.
Note: Before you can use the domain locking endpoints, you must first enable domain locking for your CertCentral account. See Domain locking – Enable domain locking for your account.
New API endpoints
Updated API endpoints
We updated the response for the Domain info and List domains endpoints to include the following parameters with domain lock details:
domain_locking_status
(string)account_token
(string)To learn more, see:
Upcoming Schedule Maintenance
DigiCert will perform scheduled maintenance on April 2, 2022, between 22:00 – 24:00 MDT (April 3, 2022, between 04:00 – 06:00 UTC). During this time, some services may be down for up to two hours.
Note: Maintenance will be one hour earlier for those who don't observe daylight savings.
Infrastructure-related maintenance downtime
We will start this infrastructure-related maintenance at 22:00 MDT (04:00 UTC). Then the services listed below may be down for up to two hours.
CertCentral® TLS certificate issuance:
CIS and CertCentral® SCEP:
Direct Cert Portal new domain and organization validation:
QuoVadis® TrustLink® certificate issuance:
PKI Platform 8 new domain and organization validation:
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral: DNS CNAME DCV method now available for DV certificate orders
In CertCentral and the CertCentral Services API, you can now use the DNS CNAME domain control validation (DCV) method to validate the domains on your DV certificate order.
Note: Before, you could only use the DNS CNAME DCV method to validate the domains on OV and EV certificate orders and when prevalidating domains.
To use the DNS CNAME DCV method on your DV certificate order:
Note: The AuthKey process for generating request tokens for immediate DV certificate issuance does not support the DNS CNAME DCV method. However, you can use the File Auth (http‑token) and DNS TXT (dns‑txt‑token) DCV methods. To learn more, visit DV certificate immediate issuance.
To learn more about using the DNS CNAME DCV method:
CertCentral Services API: Improved List domains endpoint response
To make it easier to find information about the domain control validation (DCV) status for domains in your CertCentral account, we added these response parameters to domain objects in the List domains API response:
dcv_approval_datetime
: Completion date and time of the most recent DCV check for the domain.last_submitted_datetime
: Date and time the domain was last submitted for validation.For more information, see the reference documentation for the List domains endpoint.
Upcoming Schedule Maintenance
DigiCert will perform scheduled maintenance on March 5, 2022, between 22:00 – 24:00 MST (March 6, 2022, between 05:00 – 07:00 UTC). During this time, some services may be down for up to two hours.
Infrastructure-related maintenance downtime
We will start this infrastructure-related maintenance at 22:00 MST (05:00 UTC). Then the services listed below may be down for up to two hours.
CertCentral™ TLS certificate issuance:
CIS and CertCentral™ SCEP:
Direct Cert Portal new domain and organization validation:
QuoVadis™ TrustLink™ certificate issuance:
PKI Platform 8 new domain and organization validation:
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral: Improved verified contact EV TLS certificate request approval process
In CertCentral and the CertCentral Services API, we updated the EV TLS certificate request process to only send the EV TLS request approval emails to the verified contacts you include on the certificate request.
Note: Before, when you requested an EV TLS certificate, we sent the EV order approval email to all the verified contacts for the organization.
Add verified contacts to an EV TLS certificate request:
organization.contacts
array of the JSON request. For verified contacts, the value of the contact_type
field is ev_approver
.To learn more about EV TLS certificate requests:
Upcoming Scheduled Maintenance
DigiCert will perform scheduled maintenance on February 12, 2022, between 22:00 – 24:00 MST (February 13, 2022, between 05:00 – 07:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Expanding Range of IP Addresses Used for DigiCert Services
As part of our scheduled maintenance on February 12, 2022, 22:00 – 24:00 MST (February 13, 2022, 05:00 - 07:00 UTC), DigiCert is expanding the range of IP addresses we use for our services. These additional IP addresses are part of our efforts to increase service uptime and reduce the need for service downtime during scheduled maintenance.
What do I need to do?
If your company uses allowlists*, update them to include the block of IP addresses listed below by February 12, 2022, to keep your DigiCert services and API integrations running as expected.
*Note: Allowlists are lists for firewalls that only allow specified IP addresses to perform certain tasks or connect to your system.
New range of IP addresses
Add this range of IP addresses to your allowlist: 216.168.240.0/20
Note: We are not replacing or removing any IP addresses. We are only expanding the range of IP Addresses we use to deliver our services.
Affected services:
For easy reference, see our knowledgebase article, Expanding Range of IP Addresses for DigiCert Services. If you have questions, please contact your account manager or DigiCert Support.
CertCentral Services API: Domain info enhancement
We updated the Domain info API response to include the expiration_date
parameter for the DCV token associated with the domain. Now, when you call the Domain info API and set the value of the include_dcv
query parameter to true, the dcv_token
object in the response includes the expiration_date
of the DCV token for the domain.
Improved Domains page, Validation status filter—Completed / Validated
On the Domains page, in the Validation status dropdown, we updated the Completed / Validated filter to make it easier to find domains with completed and active domain control validation (DCV).
Note: Before, when you searched for domains with Completed / Validated DCV, we returned all domains with completed DCV even if the domain validation had expired.
Now, when you search for domains with Completed / Validated DCV, we only return domains with completed and active DCV in your search results. To find domains with expired DCV, use the Expired filter in the Validation status dropdown.
Find domains with completed and active DCV
CertCentral Services API: List domains enhancement
For the List domains API, we updated the filters[validation]=completed
filter to make it easier to find domains validated for OV or EV certificate issuance.
Before, this filter returned all domains with completed DCV checks, even if the domain validation had expired. Now, the filter only returns domains with an active OV or EV domain validation status
Upcoming Scheduled Maintenance
DigiCert will perform scheduled maintenance on January 8, 2022, between 22:00 – 24:00 MST (January 9, 2022, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Per semplificare la pianificazione delle tue attività correlate al certificato, abbiamo programmato anticipatamente i nostri periodi di manutenzione 2021. Consulta Manutenzione programmata DigiCert 2021—questa pagina viene mantenuta aggiornata con tutte le informazioni sul programma di manutenzione.
Con i clienti in tutto il mondo, capiamo che non esiste un periodo migliore per tutti. Tuttavia, dopo aver analizzato i dati sull’utilizzo da parte dei clienti, abbiamo scelto dei periodi che avranno il minimo impatto sui nostri clienti.
Informazioni sul nostro programma di manutenzione
Se ti servono ulteriori informazioni relative a questi periodi di manutenzione, contatta il tuo account manager o il team di assistenza DigiCert. Per ricevere aggiornamenti diretti, iscriviti alla pagina Stato DigiCert.
CertCentral Report Library now available
We are happy to announce the CertCentral Report Library is now available for CertCentral Enterprise and CertCentral Partner.* The Report Library is a powerful reporting tool that allows you to download more than 1000 records at a time. Use the Report Library to build, schedule, organize, and export reports to share and reuse.
The Report Library includes six customizable reports: Orders, Organizations, Balance history, Audit log, Domains, and Fully qualified domain names (FQDN). When building reports, you control the details and information that appear in the report, configure the columns and column order, schedule how often you want the report to run (once, weekly, or monthly), and choose the report format (CSV, JSON, or Excel). In addition, you receive notices when the report is ready for download in your account.
To build your first report:
To learn more about building reports:
*Note: Don't see the Report Library in your account? Contact your account manager or our support team for help.
CertCentral Report Library API also available
We're pleased to announce the release of the CertCentral Report Library API! This new API service makes it possible to leverage key features of the Report Library in your CertCentral API integrations, including building reports and downloading report results*.
See our Report Library API documentation to learn more about including the Report Library in your API integrations.
*Note: To use the CertCentral Report Library API, Report Library must be enabled for your CertCentral account. For help activating the Report Library, contact your account manager or our support team.
Bugfix: Unique organization name check did not include assumed name
We updated our unique organization name check to include the assumed name (doing business as name) when creating an organization.
Before, in CertCentral and the CertCentral Services API, when you tried to create an organization with the same name as an existing organization, we returned an error and would not let you create the organization, even if the assumed name (DBA) was different.
Now, when you create an organization, we include the assumed name in the unique organization check. Therefore, you can create organizations with the same name, as long as each organization has a unique assumed name.
For example:
Creating organizations
In CertCentral and the CertCentral Services API, you can create an organization to submit for prevalidation or when you order a TLS/SSL certificate. This change applies to both processes.
CertCentral: DigiCert now issues client certificates from the DigiCert Assured ID Client CA G2 intermediate CA certificate
To remain compliant with industry standards, DigiCert had to replace the intermediate CA (ICA) certificate used to issue CertCentral client certificates.
CertCentral client certificate profiles that used the DigiCert SHA2 Assured ID CA intermediate CA certificate now use the DigiCert Assured ID Client CA G2 intermediate CA certificate. This change also changes the root certificate from DigiCert Assured ID Root CA to DigiCert Assured ID Root G2.
Old ICA and root certificates
New ICA and root certificates
For more information, see DigiCert ICA Update. To download a copy of the new intermediate CA certificate, see DigiCert Trusted Root Authority Certificates.
Do you still need your client certificate to chain to the DigiCert Assured ID Root CA certificate? Contact your account representative or DigiCert Support.
Upcoming Scheduled Maintenance
DigiCert will perform scheduled maintenance on December 4, 2021, between 22:00 – 24:00 MST (December 5, 2021, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)
To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.
To learn more about the industry change, see Domain validation policy changes in 2021.
How does this affect me?
As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:
To learn more about the supported DCV method for DV, OV, and EV certificate requests:
CertCentral: Pending certificate requests and domain prevalidation using file-based DCV
Pending certificate request
If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.
*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.
To learn more about the supported DCV methods for DV, OV, and EV certificate requests:
Domain prevalidation
If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.
To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.
CertCentral Services API
If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).
Upcoming Schedule Maintenance
DigiCert will perform scheduled maintenance on November 6, 2021, between 22:00 – 24:00 MDT (November 7, 2021, between 04:00 – 06:00 UTC).
CertCentral infrastructure-related maintenance downtime
We will start this infrastructure-related maintenance between 22:00 and 22:10 MDT (04:00 and 04:10 UTC). Then, for approximately 30 minutes, the following services will be down:
DV certificate issuance for CertCentral, ACME, and ACME agent automation
CIS and SCEP
QuoVadis TrustLink certificate issuance
This maintenance only affects DV certificate issuance, CIS, SCEP, and TrustLink certificate issuance. It does not affect any other DigiCert platforms or services .
PKI Platform 8 maintenance
We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC). Then, for approximately 30 minutes, the PKI Platform 8 will experience service delays and performance degradation that affect:
Additionally:
The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Upcoming Schedule Maintenance
On October 2, 2021, between 22:00 – 24:00 MDT (October 3, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance
DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
PKI Platform 8 maintenance and downtime:
DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 20 minutes.
We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).
Then, for approximately 20 minutes:
The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
Upcoming Schedule Maintenance
On September 11, 2021, between 22:00 – 24:00 MDT (September 12, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance
DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
PKI Platform 8 maintenance and downtime:
DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 60 minutes.
We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).
Then, for approximately 60 minutes:
The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete our maintenance.
CertCentral Services API: Get orders by alternative order ID
We created a new endpoint to make it easier to get certificate order details using alternative order IDs: Get orders by alternative order ID. This endpoint returns the order ID, certificate ID, and order status of certificate orders with the alternative_order_id
you provide in the URL path.
Verified Mark Certificates available now.
Verified Mark Certificates (VMCs) are a new type of certificate that allow companies to place a certified brand logo next to the “sender” field in customer inboxes—visible before the message is opened—acting as confirmation of your domain’s DMARC status and your organization’s authenticated identity. Learn more about VMC certificates.
To disable or change availability of VMC in your account, visit the Product Settings page.
Note: If you do not see VMCs in your account, it may be because we are not offering the product to all account types yet. It is also possible that the product is available, but one of your CertCentral account’s administrators turned the product off in Product Settings.
CertCentral Services API: Verified Mark Certificate enhancements
To help you manage your Verified Mark Certificate (VMC) orders in your API integrations, we’ve made the following updates to the CertCentral Services API.
New endpoints:
Updated endpoints:
To learn more about managing VMC certificates from your API integrations, visit Verified Mark Certificate workflow.
Upcoming schedule maintenance
On July 10, 2021, between 22:00 – 24:00 MDT (July 11, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
During maintenance, for approximately 60 minutes, the services specified below under Service downtime will be down. Due to the scope of the maintenance, the services specified below under Service interruptions may experience brief interruptions during a 10-minute window.
Service downtime
From 22:00 – 23:00 MDT (04:00 – 05:00 UTC), while we perform database-related maintenance, the following services will be down for up to 60 minutes:
API Note: Affected APIs will return “cannot connect” errors. Certificate-related API requests that return a “cannot connect” error message during this window will need to be placed again after services are restored.
Service interruptions
During a 10-minute window, while we perform infrastructure maintenance, the following DigiCert service may experience brief service interruptions:
Services not affected
These services are not affected by the maintenance activities:
What can I do?
Plan accordingly:
Services will be restored as soon as the maintenance is completed.
Upcoming scheduled maintenance
On June 5, 2021, between 22:00 – 24:00 MDT (June 6, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral Services API: Improved domains array in OV/EV order response
To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name
.*
The dns_name
parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name
and domains[].id
key/value pairs.
Example OV certificate order
JSON payload:
JSON response:
The Services API returns the domains[].dns_name
parameter in the JSON response for the following endpoints:
*Note: Only order requests for OV/EV TLS certificates return a domains
array.
Upcoming scheduled maintenance
On May 1, 2021, between 22:00 – 24:00 MDT (May 2, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
For up to 10 minutes total during the 2-hour window, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.
Affected services:
Services not affected
API note:
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral Services API: Domain validation status in Domain info response
To make it easier to get a comprehensive validation status for your domains, DigiCert is deprecating the status
parameter in the Domain info response. To ensure you are getting complete and accurate status information for each different validation type on your domains, you should use the validations
array when you call the Domain info endpoint from your API integrations instead.
Note: The Domain info endpoint will continue to return a status
parameter value.
Background
In the Domain info response, the status
parameter is designed to return a single string value. When DigiCert offered fewer products, a single value in the API was enough to represent the validation status for your domains.
Now, DigiCert offers certificate products that use many different types of validation. Different validation types have different requirements, and these requirements change as industry standards evolve. As DigiCert validates your domains for different types of certificate issuance, each type of validation that you request can be in a different state.
For example:
As a result, DigiCert can no longer use a single value to return comprehensive information about the validation status for a domain.
Instead of relying on a single value, use the Domain info endpoint to request a validations
array – a list of objects with status information for each type of validation on the domain. To get this data, include the query parameter include_validation=true
when you submit your request.
For example:
CertCentral Services API: Site seal enhancements
To help you manage your site seals in your API integrations, we’ve made the following updates to the CertCentral Services API:
Related topics:
CertCentral Services API: Revoke certificate by serial number
To make it easier to manage certificates from your API integrations, we updated the Revoke certificate endpoint path to accept the certificate ID or the serial number of the certificate to revoke. Previously, the Revoke certificate endpoint path only accepted the certificate ID.
Example Revoke certificate path using the certificate ID:
https://www.digicert.com/services/v2/certificate/{{certificate_id}}/revoke
Example Revoke certificate path using the certificate serial number:
https://www.digicert.com/services/v2/certificate/{{serial_number}}/revoke
Upcoming scheduled maintenance
On April 3, 2021, between 22:00 – 24:00 MDT (April 4, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.
During maintenance, for up to 10 minutes, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.
Affected services
For approximately 10 minutes, DigiCert will be unable to issue certificates for these services and APIs:
Services not affected
These services are not affected by the maintenance activities:
API note:
What can I do?
Plan accordingly:
Services will be restored as soon as we complete the maintenance.
CertCentral: New purchase order and invoice system
We are happy to announce that we are using a new purchase order and invoice system in CertCentral. We've made several changes to make it easier for you to manage your purchase orders and invoices.
The next time you sign in to CertCentral, you will see two new menu options under Finances: Pay Invoice and Purchase Orders and Invoices. Additionally, we now send all invoice emails from our new invoice system.
Pay invoices page
When you open the Pay invoice page, all invoices are preselected by default. You can choose to pay them all or select those you want to pay.
Note: If you use divisions with separate funds, when you open the Pay invoice page, all invoices for the top-level division are selected by default. Use the For dropdown to view the unpaid invoices by division in your account.
Purchase orders and invoices page
On the new Purchase orders and invoices page, you can create a purchase order (PO). In the Purchaseorders table, you can view pending and rejected POs. After we approve a PO, it becomes an invoice and moves to the Invoices table.
Note: If you use divisions with separate funds, you see the Purchase order and invoice summary page. When you click a division name, it opens the Purchase order and invoices page, where you can view the POs and invoices for that division.
In the Invoices column of the Invoices table, you can see the invoice number and the PO from which we generated it. You can download a copy of the invoice or pay the invoice. When you click Pay invoice, we take you to the Pay invoice page to pay the invoice and make the funds available in your account.
Existing PO and Invoice migration
CertCentral Services API: View balance enhancements
To help you track financial data in your API integrations, we updated the View balance endpoint to return the following data:
unpaid_invoice_balance
negative_balance_limit
used_credit_from_other_containers
total_available_funds
Example response:
For more information, see the documentation for the View balance endpoint.
CertCentral Services API: Auto-reissue support for Multi-year Plans
We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.
You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.
Enable auto-reissue for a new order
To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue
.
By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue
parameter to 1
in the body of your request.
Example request body:
Note: In new order requests, we ignore the auto_reissue
parameter if:
Update auto-reissue setting for existing orders
To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.
Get auto-reissue setting for an existing order
To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue
. The auto_reissue
parameter returns the current auto-reissue setting for the order.
ICA certificate chain selection for public DV flex certificates
We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:
You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.
This feature allows you to:
Configure ICA certificate chain selection
To enable ICA selection for your account:
For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.
DigiCert Services API: DV certificate support for ICA certificate chain selection
In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:
Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.
Example DV certificate request:
For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.
Upcoming scheduled maintenance
On March 6, 2021, between 22:00 – 24:00 MST (March 7, 2021, between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.
Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.
What can you do?
Please plan accordingly.
Services will be restored as soon as the maintenance is completed.
API CertCentral Services: Nuovi endpoint subaccount
Per faciiltare la gestione del tuo subaccount, abbiamo aggiunto due nuovi endpoint alla CertCentral Services API: Elenca domini subaccount e Elenca organizzazioni subaccount.
API CertCentral Services: Migliorato endpoint Crea subaccount
Per darti maggior controllo sui tuoi subaccount, abbiamo aggiunto due nuovi parametri richiesta all’endpoint Crea subaccount: child_name
e max_allowed_multi_year_plan_length
.
child_name
– Usa questo parametro per impostare un nome visualizzato personalizzato per il subaccount.max_allowed_multi_year_plan_length
– Usa questo parametro per personalizzare la durata massima degli ordini con Piano pluriennale per il subaccount.Esempio di richiesta JSON:
Dopo aver creato un subaccount, usa l’endpoint Info subaccount per visualizzare il nome "visualizzato" di un subaccount e la durata consentita dell’ordine con Piano pluriennale.
Prossima manutenzione programmata
Il 6 febbraio 2021 dalle 22:00 alle 24:00 MST (7 febbraio 2021 dalle 05:00 alle 07:00 UTC), DigiCert eseguirà la manutenzione critica.
Durante la manutenzione, i servizi elencati di seguito saranno inattivi per circa 60 minuti. Tuttavia, a causa dell’ambito in cui lavorare, ci potrebbero essere delle interruzioni di servizio aggiuntive durante la finestra di manutenzione di due ore.
Non potrai accedere a queste piattaforme né accedere a questi servizi e API:
DigiCert non potrà emettere certificati per questi servizi e API:
I seguenti servizi non saranno interessati dalle attività di manutenzione:
Nota API:
Cosa posso fare?
Pianifica di conseguenza:
I servizi saranno ripristinati non appena la manutenzione sarà completata.
API CertCentral Services: Migliorato endpoint E-mail dominio
Per facilitare la ricerca di indirizzi e-mail DNS TXT che ricevono e-mail di convalida da DigiCert per la convalida del controllo del dominio (DCV) basata su e-mail, abbiamo aggiunto un nuovo parametro di risposta all’endpoint E-mail dominio: dns_txt_emails
.
Il parametro dns_txt_emails
riporta un elenco degli indirizzi e-mail trovati nel record DNS TXT per il dominio. Questi sono gli indirizzi e-mail che troviamo nel record DNS TXT nel sottodominio _validation-contactemail
del dominio da convalidare.
Esempio di risposta con il nuovo parametro:
Per ulteriori informazioni sul metodo DCV E-mail a contatto DNS TXT appena supportato:
Per informazioni sulla convalida dei domini negli ordini di certificato DV.
Per ulteriori informazioni sulla convalida dei domini sugli ordini di certificato OV/EV:
API CertCentral Services: Endpoint Nuovi dettagli sull’ordine unità e Annulla ordine unità
Siamo lieti di annunciare che abbiamo aggiunto due nuovi endpoint alla CertCentral Services API: Dettagli sull’ordine unità e Annulla ordine unità.
Questi endpoint ti consentono di ottenere le informazioni su un ordine unità e per annullare un ordine unità.
Annullamento degli ordini unità:
Se gestisci un subaccount che utilizza unità come metodo di pagamento, ora puoi usare Services API per svolgere le seguenti attività:
API CertCentral Services: Miglioramento degli endpoint Elenco prodotti, Limiti di prodotto e Info prodotto
Per facilitare la ricerca dei periodo di validità dell’ordine disponibili per i prodotti di certificato digitale nel tuo account, abbiamo aggiunto nuovi parametri di risposta agli endpoint Elenco prodotti, Limiti di prodotto e Info prodotto.
Questi nuovi parametri di risposta ti consentono di visualizzare l’impostazione predefinita e i limiti di validità ordine personalizzati per ciascun prodotto nel tuo account.
Il parametro allowed_order_validity_years
riporta un elenco dei periodi di validità ordine supportati per ciascun prodotto nel tuo account.
Il parametro allowed_order_lifetimes
riporta un elenco dei limiti di validità ordine personalizzata per gli utenti con assegnazioni differenti per divisione e ruolo utente nel tuo account.
allowed_order_validity_years
riporta un elenco dei periodi di validità dell’ordine che sono disponibili quando richiedi il prodotto certificato.custom_order_expiration_date_allowed
riporta un valore booleano che descrive se puoi impostare una data di scadenza ordine personalizzata quando richiedi il prodotto certificato.API CertCentral Services: Migliorato endpoint Info ordini subaccount
Per facilitare la ricerca di informazioni sui periodi di validità per gli ordini subaccount, abbiamo aggiunto nuovi parametri di risposta all’endpoint Info ordini subaccount. Questi nuovi parametri di risposta ti consentono di vedere la data di inizio ordine, la data di fine ordine e se l’ordine è un Piano pluriennale.
is_multi_year_plan
riporta "1"
se l’ordine è un Piano pluriennale.order_valid_from
riporta la data di inizio del periodo di validità dell’ordine.order_valid_till
riporta la data di fine del periodo di validità dell’ordine.Esempio di risposta con nuovi parametri
Prossima manutenzione programmata
Il 9 gennaio 2021 dalle 22:00 alle 24:00 MST (10 gennaio 2021 dalle 05:00 alle 07:00 UTC) DigiCert eseguirà la manutenzione programmata.
Sebbene abbiamo applicato delle ridondanze per proteggere il tuo servizio, alcuni servizi DigiCert potrebbero essere non disponibili durante questo periodo.
Cosa puoi fare?
Pianifica di conseguenza.
I servizi saranno ripristinati non appena la manutenzione sarà completata.
API CertCentral Services: Aggiorna impostazioni di notifica rinnovo
Abbiamo aggiunto un nuovo endpoint al contratto CertCentral Services API: Aggiorna impostazioni di notifica rinnovo. Usa questo endpoint per abilitare o disabilitare le notifiche di rinnovo per un ordine di certificato.
Per ulteriori informazioni, visita l’argomento di riferimento per questo endpoint nella documentazione Services API:
Personalizza la durata del tuo Piano pluriennale DigiCert
Siamo lieti di annunciare che ora puoi configurare una durata personalizzata per il tuo Piano pluriennale (MyP) quando richiedi un certificato TLS in CertCentral. Nei moduli di richiesta certificati TLS, usa la nuova opzione Personalizza validità ordine per personalizzare la durata dell’ordini certificato TLS.
Nota: La validità massima del certificato TLS è di 397 giorni secondo le best practice industriali. Consulta Fine dei 2 anni dei certificati pubblici SSL/TLS.
Le durate personalizzate degli ordini con Piano pluriennale possono essere impostate in giorni o per data di scadenza. La durata massima dell’ordine è 2190 giorni (6 anni). La durata minima dell’ordine è 7 giorni.
Nota: Gli ordini personalizzati iniziano il giorno in cui emettiamo il certificato per l’ordine. I prezzi ordine sono ripartiti proporzionalmente per corrispondere al certificato selezionato e alla durata personalizzata dell’ordine.
Per personalizzare la tua copertura MyP
Impostazioni prodotto aggiornate per i certificati TLS pubblici
Per fornire maggior controllo sul processo di ordinazione certificato, abbiamo aggiornato le impostazioni prodotto per i certificati TLS pubblici. Adesso, puoi determinare le durate consentite per il Piano pluriennale che gli utenti possono selezionare da quando ordinano un certificato TLS pubblico.
Nella pagina delle impostazioni prodotto del certificato TLS, usa l’opzione Periodi di validità consentiti per determinare quali durate ordine MyP sono visualizzate su un modulo di richiesta certificati TLS: 1 anno, 2 anni, 3 anni, 4 anni, 5 anni e 6 anni. Nota: le modifiche apportate alle impostazioni prodotto si applicano alle richieste effettuate tramite CertCentral e Services API.
Nota: In precedenza, l’opzione Periodi di validità consentiti è stata usata per determinare la durata massima del certificato che un utente potrebbe selezionare quando ordina un certificato TLS pubblico. Tuttavia, con lo spostamento del settore verso i certificati da 1 anno, questa opzione non è più necessaria per le durate dei certificati. Consulta Fine dei 2 anni dei certificati pubblici SSL/TLS.
Per configurare le durate consentite degli ordini MyP per un certificato TLS
La prossima volta che un utente ordina un certificato Secure Site OV, vedrà solo le durate dei periodi di validità selezionate nel modulo di richiesta.
Nota: L’impostazione di limiti sulle durate degli ordini con Piano pluriennale rimuove l’opzione della validità personalizzata dai tuoi moduli di richiesta certificati TLS.
Pagina Domini CertCentral: Report domains.csv migliorato
Nella pagina Domini, abbiamo migliorato il report CSV per facilitare il monitoraggio delle date di scadenza delle convalide dominio OV ed EV e per visualizzare il metodo di convalida del controllo del dominio (DCV) precedentemente usato.
La prossima volta in cui scarichi il file CSV, vedrai see tre nuove colonne nel report:
Per scaricare il report domains.csv
Quando apri il file domains.csv, dovresti vedere le nuove colonne e le informazioni nel tuo report.
Pagina Ordini CertCentral: Migliorati i tempi di caricamento
In CertCentral, abbiamo aggiornato la pagina Ordini per migliorare i tempi di caricamento per coloro che gestiscono volumi elevati di ordini certificato. La prossima volta che visiti la pagina Ordini, si aprirà molto più velocemente (nel menu principale a sinistra vai in Certificati > Ordini).
Per migliorare i tempi di caricamento, abbiamo cambiato il modo in cui filtriamo i tuoi ordini certificato al momento della visualizzazione della pagina iniziale. In precedenza, abbiamo filtrato la pagina per mostrare solo gli ordini di certificato Attivi. Tuttavia, questo era un problema per le persone con elevati volumi di ordini di certificato. Più ordini hai nel tuo account, più tempo impiega la pagina Ordini per aprirsi.
Ora, quando visiti la pagina, riportiamo tutti i certificati, non filtrati, in ordine decrescente con gli ordini di certificato creati più di recente visualizzati per primi nell’elenco. Per vedere solo i tuoi certificati attivi, nel menu a discesa Stato, seleziona Attivo e fai clic su Vai.
API CertCentral Services: Acquista unità per subaccount e visualizza ordini unità
Nella CertCentral Services API, abbiamo aggiunto dei nuovi endpoint per l'acquisto di unità e la visualizzazione di ordini unità. Adesso, se gestisci dei subaccount che utilizzano delle unità come metodo di pagamento per le richieste di certificato, puoi usare Services API per acquistare altre unità per un subaccount e per ottenere informazioni sul tuo storico ordini unità.
Per ulteriori informazioni, consulta la documentazione di riferimento per i nuovi endpoint:
API CertCentral Services: Aggiornamenti documentazione
Siamo lieti di annunciare i seguenti aggiornamenti alla documentazione per CertCentral Services API:
emergency_emails
alla documentazione per l’endpoint Aggiorna e-mail account. Usa questo parametro per aggiornare gli indirizzi e-mail che ricevono le notifiche di emergenza da DigiCert.Esempio corpo richiesta Aggiorna e-mail account:
validation_type
, allowed_ca_certs
, e di risposta default_intermediate
alla documentazione per l’endpoint Info prodotto.validation_type
per ottenere il tipo di convalida per un determinato prodotto.allowed_ca_certs
per ottenere le informazioni sui certificati ICA che puoi selezionare quando ordini un determinato prodotto. *default_intermediate
per ottenere l’ID dell’ICA predefinita per un determinato prodotto. *Esempio di dati risposta Info prodotto:
* Nota: L’endpoint Info prodotto riporta solo i parametri allowed_ca_certs
e default_intermediates
per i prodotti che supportano la selezione ICA. Per i certificati SSL pubblici che supportano la selezione ICA (certificati flessibili OV ed EV), questi parametri vengono riportati solo se la selezione ICA è abilitata per l’account. Inoltre, il parametro default_intermediates
viene riportato solo se un amministratore ha personalizzato un’impostazione prodotto per una divisione o un ruolo utente nell’account. Per ulteriori informazioni, consulta Opzione di catena di certificati ICA per certificati OV ed EV flessibili pubblici.
API CertCentral Services: Token DCV aggiunti per i nuovi domini ai dati di risposta per gli ordini di certificato OV ed EV
Abbiamo aggiornato gli endpoint per ordinare i certificati SSL OV ed EV pubblici per riportare i token di richiesta convalida del controllo del dominio (DCV) per i nuovi domini sull’ordine.
Ora, quando richiedi un certificato OV o EV, non devi emettere richieste separate per ottenere i token di richiesta DCV per i nuovi domini sull’ordine. Puoi invece ottenere i token direttamente dai dati di risposta per la richiesta ordine.
Esempio di dati risposta:
Nota: L’oggetto dcv_token
non viene riportato per i domini che saranno convalidati nell’ambito di un altro dominio sull’ordine, per i domini che esistono già nel tuo account o per i sottodomini dei domini esistenti.
Questo aggiornamento si applica ai seguenti endpoint:
Selezione della catena di certificati ICA per certificati OV ed EV flessibili pubblici
Siamo lieti di annunciare che i certificati EV ed OV pubblici con capacità flessibili ora supportano la selezione della catena dei certificati CA intermedi.
Puoi aggiungere un’opzione al tuo account CertCentral che ti consente di controllare quale catena dei certificati ICA DigiCert emette i tuoi certificati OV ed EV "flessibili" pubblici.
Questa opzione ti consente di:
Configura la selezione della catena dei certificati ICA
Per disabilitare la selezione ICA per il tuo account, contatta il tuo account manager o il nostro team di assistenza. Dopodiché, nel tuo account CertCentral, nella pagina Impostazioni prodotto (nel menu principale a sinistra, vai in Impostazioni > Impostazioni prodotto), configurare l’impostazione predefinita e i certificati intermedi consentiti per ciascun tipo di certificato OV ed EV flessibile.
Per ulteriori informazioni le istruzioni dettagliate, consulta Opzione di catena di certificati ICA per certificati OV ed EV flessibili pubblici.
Supporto DigiCert Services API per la selezione della catena di certificati ICA
In DigiCert Services API, abbiamo effettuato i seguenti aggiornamenti per supportare la selezione ICA nelle tue integrazioni API:
ca_cert_id
nel corpo della tua richiesta di ordineEsempio di richiesta certificato flessibile:
Per ulteriori informazioni sull’uso della selezione ICA nelle tue integrazioni API, consulta Durata del certificato OV/EV – (Opzionale) Selezione ICA.
Piani pluriennali DigiCert® disponibili per tutti i certificati SSL/TLS pubblici DigiCert
Siamo lieti di annunciare che i Piani pluriennali adesso sono disponibili per tutti i certificati SSL/TLS pubblici in CertCentral. Questi piani consentono di pagare un unico prezzo scontato per un massimo di sei anni di copertura con certificato SSL/TLS.
Nota: I contratti Enterprise License Agreement (ELA) supportano solo Piani pluriennali di 1 e 2 anni. I contratti a tariffa fissa non supportano i Piani pluriennali. Se hai un contratto a tariffa fissa, contatta il tuo account manager per trovare una soluzione che sia adatta al tuo contratto.
Con i Piani pluriennali, selezioni il certificato SSL/TLS, la durata della copertura desiderata (fino a sei anni) e la validità del certificato. Fino alla scadenza del piano, puoi riemettere il certificato gratuitamente ogni volta che raggiunge la fine del suo periodo di validità. Per ulteriori informazioni, consulta Piani pluriennali.
Modifiche DigiCert Services API a supporto dei Piani pluriennali
Nella nostra Services API, abbiamo aggiornato i nostri endpoint del certificato SSL/TLS pubblico per supportare l’ordinazione di un certificato con un Piano pluriennale.
A ciascun endpoint per l’ordinamento di un certificato SSL/TLS pubblico, abbiamo aggiunto nuovi parametri richiesta opzionali*. Inoltre, abbiamo aggiornato questi endpoint in modo che il periodo di validità del tuo ordine non dovesse più corrispondere al periodo di validità del tuo certificato.
*Nota: Le richieste devono includere un valore per l’oggetto order_validityo per uno dei parametri della validità ordine di massimo livello: validity_years, validity_days, oppure custom_expiration_date. I valori forniti nell’oggetto order_validity ignorano i parametri di validità di massimo livello.
Queste modifiche non devono interessare le tue integrazioni attuali. Tuttavia, per massimizzare la tua copertura SSL/TLS, potresti voler iniziare ad acquistare i tuoi certificati SSL/TLS pubblici con un Piano pluriennale. Per le integrazione API, consulta Ordina piano pluriennale.
Esempio di richiesta certificato con parametri nuovi