Filtraggio per: domain validation x cancella
new

Upcoming Schedule Maintenance

Some DigiCert services will be down for a total of 20 minutes during scheduled maintenance on July 9, 2022, 22:00 – 24:00 MDT (July 10, 2022, 04:00 – 06:00 UTC).

Infrastructure-related maintenance downtime

The services listed below will be down for a total of 20 minutes while we perform our infrastructure-related maintenance. The downtime consists of two 10-minute windows, one at the start and one at the end of the infrastructure-related work:

  • Start: 22:00 – 22:10 MDT (UTC -6)
  • End: 23:30 – 23:40 MDT (UTC -6)*

*The plan is to end our maintenance at approximately 23:30 MDT (UTC –6). However, if issues occur, we will need to end this work early, which means the second downtime may happen earlier than planned.


Affected services

CertCentral® / Services API

  • Unable to access your CertCentral account.
  • Services API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

CertCentral Automation / API

  • Reschedule automation events around maintenance.
  • If automation events cannot be rescheduled, retry failed events after services are restored.

Discovery / API

  • Reschedule Discovery scans around maintenance.
  • If scans cannot be rescheduled, retry failed scans after services are restored.

Direct Cert Portal / API

  • Unable to access your Direct Cert Portal account
  • Direct Cert Portal API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

QuoVadis® TrustLink® certificate issuance

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be queued and processed after services are restored

PKI Platform 8 new domain and organization validation

  • New domains submitted for validation during this time will be delayed.
  • New organizations submitted for validation during this time will be delayed.
  • Requests will be queued and processed after services are restored.


What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

Update: There is no planned downtime during maintenance on May 7, MDT (May 8, UTC).

DigiCert will perform scheduled maintenance on May 7, 2022, between 22:00 – 24:00 MDT (May 8, 2022, between 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • See the DigiCert 2022 maintenance schedule for maintenance dates and times.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on April 2, 2022, between 22:00 – 24:00 MDT (April 3, 2022, between 04:00 – 06:00 UTC). During this time, some services may be down for up to two hours.

Note: Maintenance will be one hour earlier for those who don't observe daylight savings.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MDT (04:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral® TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral® SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis® TrustLink® certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored
  • Access to User Authorization Agent (UAA) services will be disabled: both the UAA Admin and User web portals

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on March 5, 2022, between 22:00 – 24:00 MST (March 6, 2022, between 05:00 – 07:00 UTC). During this time, some services may be down for up to two hours.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MST (05:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral™ TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral™ SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis™ TrustLink™ certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral Domains and Domain details pages: Improved domain validation tracking

We updated the Domains and Domain details pages to make it easier to track and keep your domains' validation up to date. These updates coincide with last year's industry changes to the domain validation reuse period*. Keeping your domain validation current reduces certificate issuance times: new, reissue, duplicate issues, and renewals.

*Note: On October 1, 2021, the industry reduced all domain validation reuse periods to 398 days. DigiCert implemented a 397-day domain validation reuse period to ensure certificates aren't issued using expired domain validation. For more information about this change, see our knowledge base article, Domain validation policy changes in 2021.

Domains page improvements

When you visit the Domains page (in the left main menu, select Certificates > Domains), you will see three new columns: DCV method, Validation status, and Validation expiration. Now you can view the domain control validation (DCV) method used to demonstrate control over the domain, the status of the domain's validation (pending, validated, expires soon, and expired), and when the domain validation will expire.

Because OV and EV validation reuse periods are the same, we streamlined the Validation status sorting feature. Instead of showing separate filters for OV validation and EV validation, we only show one set of filters:

  • Completed / Validated
  • Pending validation
  • Expires in 0 - 7 days
  • Expires in 0 - 30 days
  • Expires in 31 - 60 days
  • Expires in 61 - 90 days
  • Expired

Domain details page improvements

When you visit a domain's details page (on the Domains page, select a domain), you will now see a status bar at the top of the page. This status bar lets you view the domain's validation status, when the domain's validation expires, when the domain's validation was most recently completed, and the DCV method used to demonstrate control over the domain.

We also updated the Domain validation status section of the page. We replaced the separate entries for OV and EV domain validation statuses with one entry: domain validation status.

compliance

Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)

To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.

To learn more about the industry change, see Domain validation policy changes in 2021.

How does this affect me?

As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:

  • Validate wildcard domains (*.example.com)
  • To include subdomains in the domain validation when validating the higher-level domain. For example, if you want to cover www.example.com, when you validate the higher-level domain, example.com.
  • Prevalidate entire domains and subdomains.

To learn more about the supported DCV method for DV, OV, and EV certificate requests:

compliance

CertCentral: Pending certificate requests and domain prevalidation using file-based DCV

Pending certificate request

If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.

*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.

To learn more about the supported DCV methods for DV, OV, and EV certificate requests:

Domain prevalidation

If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.

To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.

compliance

CertCentral Services API

If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).

enhancement

CertCentral Services API: Domain management enhancements

To make it easier to maintain active validation for domains in your account, we added new filters, response fields, and a new endpoint to our domain management APIs. With these updates, you can:

  • Find domains with OV and EV validation reuse periods that are expired or expiring soon.
  • Find domains affected by the September 27, 2021 policy change to shorten OV domain validation reuse periods.*

Enhanced APIs: List domains and List subaccount domains

We made the following enhancements to the List domains and List subaccount domains endpoints:

  • Added validation filter values
    On September 27, 2021*, existing OV domain validation reuse periods will shorten to 397 days from the date validation was completed. For some domains, the reduced validation period will have already expired, or will expire before the end of 2021.

    To help you find these domains so you can resubmit them for validation, we added a new value for the validation filter: shortened_by_industry_changes. We also added filter values to help you find domains with OV or EV domain validation periods that expire in different timeframes. The new validation filter values include:
    • shortened_by_industry_changes
    • ov_expired_in_last_7_days
    • ov_expiring_within_7_days
    • ov_expiring_within_30_days
    • ov_expiring_from_31_to_60_days
    • ov_expiring_from_61_to_90_days
    • ev_expired_in_last_7_days
    • ev_expiring_within_7_days
    • ev_expiring_within_30_days
    • ev_expiring_from_31_to_60_days
    • ev_expiring_from_61_to_90_days
  • Added fields to the dcv_expiration object
    You can now submit a request that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string filters[include_validation_reuse_status]=true.
  • Added dcv_method filter
    We added the option to filter domains by domain control validation (DCV) method. To use this filter, append the query string filters[dcv_method]={{value}} to the request URL. Possible values are email, dns-cname-token, dns-txt-token, http-token, and http-token-static.

Enhanced API: Domain info
You can now submit a request to the Domain info endpoint that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string include_validation_reuse_status=true.


New API: Expiring domains count

We added a new endpoint that returns the number of domains in your account with expired or expiring OV or EV domain validations. For more information, see Expiring domains count.

*On September 27, 2021, the expiration date for existing OV domain validations will shorten to 397 days from the date validation was completed. Learn more about this policy change: Domain validation changes in 2021.

enhancement

CertCentral Services API: Improved domains array in OV/EV order response

To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name.*

The dns_name parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name and domains[].id key/value pairs.

Example OV certificate order

JSON payload:

JSON payload

JSON response:

JSON response

The Services API returns the domains[].dns_name parameter in the JSON response for the following endpoints:

*Note: Only order requests for OV/EV TLS certificates return a domains array.

enhancement

CertCentral Services API: Domain validation status in Domain info response

To make it easier to get a comprehensive validation status for your domains, DigiCert is deprecating the status parameter in the Domain info response. To ensure you are getting complete and accurate status information for each different validation type on your domains, you should use the validations array when you call the Domain info endpoint from your API integrations instead.

Note: The Domain info endpoint will continue to return a status parameter value.

Background

In the Domain info response, the status parameter is designed to return a single string value. When DigiCert offered fewer products, a single value in the API was enough to represent the validation status for your domains.

Now, DigiCert offers certificate products that use many different types of validation. Different validation types have different requirements, and these requirements change as industry standards evolve. As DigiCert validates your domains for different types of certificate issuance, each type of validation that you request can be in a different state.

For example:

  • The OV validation for a domain may be completed.
  • The EV validation for the same domain may be expired.

As a result, DigiCert can no longer use a single value to return comprehensive information about the validation status for a domain.

Instead of relying on a single value, use the Domain info endpoint to request a validations array – a list of objects with status information for each type of validation on the domain. To get this data, include the query parameter include_validation=true when you submit your request.

For example:

Example validations array in domain info response data

Learn more about using the Domain info endpoint

enhancement

API CertCentral Services: Token DCV aggiunti per i nuovi domini ai dati di risposta per gli ordini di certificato OV ed EV

Abbiamo aggiornato gli endpoint per ordinare i certificati SSL OV ed EV pubblici per riportare i token di richiesta convalida del controllo del dominio (DCV) per i nuovi domini sull’ordine.

Ora, quando richiedi un certificato OV o EV, non devi emettere richieste separate per ottenere i token di richiesta DCV per i nuovi domini sull’ordine. Puoi invece ottenere i token direttamente dai dati di risposta per la richiesta ordine.

Esempio di dati risposta:

Example response for an OV order with a new domain

Nota: L’oggetto dcv_token non viene riportato per i domini che saranno convalidati nell’ambito di un altro dominio sull’ordine, per i domini che esistono già nel tuo account o per i sottodomini dei domini esistenti.

Questo aggiornamento si applica ai seguenti endpoint:

new

Discovery ora disponibile in tutti gli account CertCentral

Siamo lieti di annunciare che tutti gli account CertCentral esistenti ora includono Discovery, il nostro strumento di scoperta certificati più nuovo e più potente.

Nota: Per coloro che stavano usando Certificate Inspector, Discovery sostituisce il nostro vecchio strumento DigiCert, Certificate Inspector.

Per impostazione predefinita, Discovery include Cloud-scan e una prova di Sensor-scan con un limite di 100 certificati.

Cloud-scan

Cloud-scan utilizza un sensore basato su cloud, quindi non c’è nulla da installare o gestire. Puoi iniziare ad eseguire la scansione immediatamente per trovare tutti i certificati SSL/TLS pubblico indipendentemente dall’autorità di certificazione (CA) emittente. Cloud-scan viene eseguito una volta ogni 24 ore.

Sensor-scan

Sensor-scan è la nostra versione più potente di Discovery. Utilizza dei sensori per eseguire la scansione della tua rete per trovare rapidamente tutti i certificati SSL/TLS interni e pubblici indipendentemente dall’Autorità di certificazione (CA) che li emette. Discovery individua anche i problemi nelle configurazione certificato e nelle implementazioni unitamente ai punti deboli correlati al certificato o ai problemi nelle tue configurazioni endpoint.

Le scansioni sono configurate centralmente e gestite dall’interno del tuo account CertCentral. I risultati scansione sono visualizzati in una dashboard intuitiva e interattiva all’interno di CertCentral. Configura le scansioni da eseguire una volta o più volte seguendo un determinato programma.

  • Per scoprire come installare un sensore e iniziare la scansione dei tuoi certificati SSL/TLS, consulta il manuale utente Discovery.
  • Per continuare a usare Sensor-scan al termine del periodo di prova, contatta il tuo account manager o il nostro team di assistenza.
new

Log di controllo Discovery

Discovery ha aggiunto una nuova funzione—Log di controllo Discovery—consentendoti di monitorare le attività correlate a Discovery nel tuo account CertCentral. Questi log di controllo forniscono i dettagli dell’attività utente consentendoti di vedere le aree in cui potrebbe essere richiesta una formazione, ricostruire eventi per risolvere i problemi, rilevare i cattivi utilizzi e scoprire le aree problematiche.

Per facilitare l’ordine delle informazioni nei log di controllo Discover, abbiamo incluso vari filtri:

  • Intervallo di date
  • Divisione
  • Utente
  • Indirizzo IP
  • Azioni
    (ad es. annulla sensore, elimina scansione, ecc.)

Per accedere al registro di controllo Discovery, nel tuo account CertCentral, nel menu principale sinistro, vai in Account > Registri di controllo. Nella pagina Log di controllo, fai clic su Log di controllo Discovery.

new

Supporto lingua Discovery

Quando lavoriamo per globalizzare le offerte dei nostri prodotti e rendere i nostri siti web, piatteforme e documentazione più accessibili, siamo lieti di annunciare che abbiamo aggiunto il supporto della lingua a Discovery in CertCentral.

Ora, quando configuri le tue preferenze della lingua in CertCentral, Discovery è incluso nella configurazione.

Per configurare le tue preferenze della lingua

Nel tuo account, nell’angolo superiore destro, nell’elenco a discesa "il tuo nome", seleziona Il mio profilo. Nella pagina Impostazioni profilo, nel menu a discesa Lingua, seleziona una lingua e fai clic su Salva modifiche.

Consulta Preferenze lingua CertCentral.

fix

Risoluzione del bug: Gli ordini di certificato DV non rispettano l’impostazione account Invia domini base per la convalida

Abbiamo risolto un bug nel processo di convalida del controllo del dominio (DCV) del certificato DV dove gli ordini di certificato DV non rispettano l’impostazione account Invia domini base per la convalida.

Nota: Per gli ordini di certificato DV, dovevi convalidare il dominio esattamente come indicato nell’ordine.

Ora, gli ordini di certificato DV rispettano l’impostazione account Invia domini base per la convalida, consentendoti di convalidare i tuoi sottodomini al livello del dominio base sui tuoi ordini di certificato DV.

Per visualizzare le impostazioni Ambito di convalida dominio nel tuo account, vai in Impostazioni > Preferenze. Nella pagina Preferenze divisioni, espandi +Impostazioni avanzate. Le impostazioni Ambito di convalida dominio sono nella sezione Convalida del controllo del dominio (DCV).

enhancement

Aggiornamenti alla pagina dei dettagli dominio

Abbiamo semplificato la sezione Convalida dominio sulla pagina Dettagli dominio per visualizzare solo due tipi di convalida con le loro date di scadenza: OV ed EV. Abbiamo aggiornato la pagina per mostrare le date di scadenza convalida dominio calcolate da quando è stata completata la verifica di controllo dominio (DCV) (OV: +825 giorni, EV: +13 mesi).

Nota: In precedenza, potevamo vedere fino ad altri due tipi di convalida: Grid e Privata. I certificati Grid hanno lo stesso periodo di validità di OV: 825 giorni. La convalida dominio non è richiesta per i certificati privati poiché questi certificati non sono attendibili pubblicamente.

Per visualizzare le date di scadenza di una convalida dominio, nel menu principale sinistro, vai in Certificati > Domini. Nella pagina Domini, individua il dominio e fai clic sul link Nome dominio. Nella pagina dei Dettagli dominio, sotto Convalida dominio, Visualizza le convalide dominio e quando scadono.

enhancement

API CertCentral Services: Endpoint migliorati per Elenca domini e Info dominio

Nella DigiCert Services API, abbiamo aggiornato gli endpoint Elenca domini e Info dominio, consentendoti di vedere quando le convalide del controllo del dominio (DCV) per il dominio scadono: convalide OV ed EV. Queste nuove informazioni vengono riportate nella risposta solo se includi la stringa di query URL include_validation=true.

Ora, quando richiedi un elenco di tutti i domini o informazioni su un dominio specifico e includi la stringa di query URL include_validation=true, puoi vedere quando le DCV for per il dominio scadono.

Esempio di richieste con la stringa di query URL:

  • Info dominio
    https://www.digicert.com/services/v2/domain/{{domain_id}}? include_validation=true
  • Elenca domini
    https://www.digicert.com/services/v2/domain?include_validation=true

Esempio di risposta – date di scadenza convalida del controllo del dominio (DCV)

Example response with DCV expiration dates

fix

Rimossa colonna "In sospeso" dalla pagina Domini

Abbiamo trovato un bug sulla pagina Domini che ci impediva di fornire informazioni precise sulle convalida in sospeso di un dominio. Come soluzione temporanea, stiamo rimuovendo la colonna In sospeso dalla pagina finché non è possibile sfruttare una soluzione permanente.

Per visualizzare se un dominio ha delle convalide in sospeso, nel menu principale sinistro, vai in Certificati > Domini. Nella pagina Domini, individua il dominio e fai clic sul link Nome dominio. Nella pagina dei Dettagli dominio, sotto Convalida dominio, controlla per vedere se il dominio ha delle convalide in sospeso: OV ed EV.

fix

Abbiamo risolto un bug nella pagina dei dettagli ordine di certificato SSL in sospeso dove il link per un dominio in sospeso che ti consente di eseguire delle azioni per dimostrare il controllo su un dominio era interrotto.

Ora, quando vai nella pagina dei dettagli dell’ordine di certificato in sospeso e fai clic sul link per un dominio in sospeso, la finestra Dimostra di avere il controllo sul dominio si apre nel punto in cui puoi scegliere un metodo DCV per dimostrare il controllo su tale dominio.

fix

Abbiamo risolto un bug per la visualizzazione della convalida dominio nelle pagine dei dettagli ordine dove i domini con le convalide scadute mostravano uno stato completato senza azioni per completare la convalida dominio.

Ora, quando vai in una pagina dei dettagli ordine, viene visualizzato un simbolo di stato convalida in sospeso vicino al dominio, unitamente alle azioni per completare la convalida dominio. (Nel menu della barra laterale, fai clic su Certificati > Ordini, quindi sulla pagina Ordini, fai clic sul numero d’ordine.)