Platform IP addresses and URLs
The following guide provides the necessary DigiCert® ONE IP addresses, URLs, and host environment configurations per region to ensure proper connectivity for your client tools. Add these to your applicable allowlists and firewall rules to make sure you can connect.
Ports and protocols
The table below lists example domains from the US production environment. However, the port and protocol details apply universally to both production and demo environments across all regions.
Domain | Purpose | Port | Protocol |
|---|---|---|---|
one.digicert.com | Platform domain | 443 | HTTPS |
clientauth.one.digicert.com | Client authentication endpoint | 443 | HTTPS |
directory.one.digicert.com | LDAP domain | 389 | LDAP |
CRL, OCSP, CACERTS, AIA hosts | Certificate validation endpoint | 80 | HTTP |
drz1.us-west.one.digicert.com | MQTT endpoint | 1883 | MQTT |
drz1.us-west.one.digicert.com | MQTTS endpoint | 8883 | MQTTS |
Inbound IP addresses and URLs by environment and region
DigiCert ONE accepts incoming connections at the following IP addresses and URLs. Add these to your outbound allowlists and firewall rules where applicable to ensure proper connectivity. Select the environment that you use.
Production environment
The following production IPs and URLs are organized by region. Select your region for the production environment:
Classification | URL | IP addresses |
|---|---|---|
Platform domain | one.digicert.com | 45.60.44.211 |
45.60.46.211 | ||
45.60.48.211 | ||
45.60.50.211 | ||
45.60.52.211 | ||
45.60.105.211 | ||
Certificate revocation services | crl.one.digicert.com | 216.168.244.38 |
Certificate validation endpoint | ocsp.one.digicert.com | |
Certificate Authority (CA) distribution | cacerts.one.digicert.com | |
Client authentication endpoint | clientauth.one.digicert.com | |
LDAP domain | directory.one.digicert.com | |
Rendezvous Service (RZ) MQTT endpoint | drz1.us-west.one.digicert.com | 216.168.244.54 |
Classification | URL | IP addresses |
|---|---|---|
Platform domain | one.digicert.co.jp | Multiple IPs |
Certificate revocation services | crl.one.digicert.co.jp | |
Certificate validation endpoint | ocsp.one.digicert.co.jp | |
Certificate Authority (CA) distribution | cacerts.one.digicert.co.jp | |
Client authentication endpoint | clientauth.one.digicert.co.jp | 216.168.245.10 |
Classification | URL | IP address |
|---|---|---|
Platform domain | one.ch.digicert.com | 91.240.105.35 |
Certificate revocation services | crl.one.ch.digicert.com | |
Certificate validation endpoint | ocsp.one.ch.digicert.com | |
Certificate Authority (CA) distribution | cacerts.one.ch.digicert.com | |
Client authentication endpoint | clientauth.one.ch.digicert.com |
Classification | URL | IP address |
|---|---|---|
Platform domain | one.nl.digicert.com | 202.65.16.35 |
Certificate revocation services | crl.one.nl.digicert.com | |
Certificate validation endpoint | ocsp.one.nl.digicert.com | |
Certificate Authority (CA) distribution | cacerts.one.nl.digicert.com | |
Client authentication endpoint | clientauth.one.nl.digicert.com | |
Rendezvous Service (RZ) MQTT endpoint | drz.one.nl.digicert.com | 202.65.16.59 |
Demo environment
The following demo IPs and URLs are organized by region. Select your region for the demo environment:
Classification | URL | IP address |
|---|---|---|
Platform domain | demo.one.digicert.com | 216.168.245.10 |
Certificate revocation services | crl.demo.one.digicert.com | |
Certificate validation endpoint | ocsp.demo.one.digicert.com | |
Certificate Authority (CA) distribution | cacerts.demo.one.digicert.com | |
Client authentication endpoint | clientauth.demo.one.digicert.com | |
Rendezvous Service (RZ) MQTT endpoint | drz.demo.one.digicert.com | 216.168.244.71 |
Classification | URL | IP address |
|---|---|---|
Platform domain | demo.one.digicert.co.jp | 20.27.124.71 |
Certificate revocation services | crl.demo.one.digicert.co.jp | |
Certificate validation endpoint | ocsp.demo.one.digicert.co.jp | |
Certificate Authority (CA) distribution | cacerts.demo.one.digicert.co.jp | |
Client authentication endpoint | clientauth.demo.one.digicert.co.jp |
Classification | URL | IP address |
|---|---|---|
Platform domain | demo.one.ch.digicert.com | 91.240.105.29 |
Certificate revocation services | crl.demo.one.ch.digicert.com | |
Certificate validation endpoint | ocsp.demo.one.ch.digicert.com | |
Certificate Authority (CA) distribution | cacerts.demo.one.ch.digicert.com | |
Client authentication endpoint | clientauth.demo.one.ch.digicert.com |
Classification | URL | IP address |
|---|---|---|
Platform domain | demo.one.nl.digicert.com | 202.65.16.34 |
Certificate revocation services | crl.demo.one.nl.digicert.com | |
Certificate validation endpoint | ocsp.demo.one.nl.digicert.com | |
Certificate Authority (CA) distribution | cacerts.demo.one.nl.digicert.com | |
Client authentication endpoint | clientauth.demo.one.nl.digicert.com |
Outbound IP addresses
DigiCert ONE initiates outgoing connections from the following IP address blocks. For applicable integrations, add these to your inbound allowlists and firewall rules to ensure proper connectivity.
IP version | IP address block |
|---|---|
IPv4 | 64.19.218.0/24 |
91.240.104.0/23 | |
202.65.16.0/20 | |
216.168.240.0/20 | |
IPv6 | 2602:815:C000::/48 |
Troubleshooting
Use the nslookup command to find the correct address.
Sample command
nslookup one.digicert.com
Configure both environments in your allowlist.