What you need to know about domain and certificate migration

February 12, 2020: Initial roll out of domain and certificate migration

Domain migration: Validated OV and EV domains

As of February 12, 2020, validated organization validation (OV) and extended validation (EV) domains along with organizations are automatically migrated when you activate your DigiCert® CertCentral account. Domain migration may take up to a few seconds or minutes depending on how many domains you have and the overall impact on DigiCert resources at the time.

Domains pending validation

Domains with pending validation are not migrated. However, once pending domain validation has been completed, validated domains are brought over whenever you import active public SSL/TLS certificates.

DV domains

Domain validation (DV) domains do not migrate. DV certificates require you to complete domain control validation for every DV certificate event, like new issuance, replacement, and renewal. To migrate a DV domain, simply request, replace, or renew a DV certificate for the domain from your CertCentral account.

Certificate migration: Import active, public DV, OV, and EV SSL/TLS certificates

Certificates are not automatically migrated to your newly activated CertCentral account. You must import certificates yourself. At this time, only active public SSL/TLS certificates can be imported.

De-activated SSL/TLS certificates cannot be migrated from your legacy account. At this time, only active public SSL/TLS certificates can be imported.

Pending SSL/TLS certificates

Pending public SSL/TLS certificates cannot be imported. However, importing certificates is not a one-time process. After public DV, OV, and EV SSL/TLS are issued, import them any time from the Orders page in your CertCentral account.

Newly validated domains from your legacy account are brought over whenever you import active public SSL/TLS certificates.

How do I import my certificates?

To import your active public SSL/TLS certificates, go to the Orders page in your account and click Import legacy certificates (in your account, in the left main menu, go to Certificates > Orders).

Currently, only the person who activates the CertCentral account can access the Import legacy certificates option on the Orders page. Other users in your account can access the Orders page and interact with the imported certificates, but they never see the Import legacy certificates button.

How often can I import certificates?

Currently, certificates can be imported once every 24 hours. With each additional import, only new certificates are brought over to CertCentral.

Will my order contacts still receive order-related emails?

When you import your active, public SSL/TLS certificates to CertCentral, we copy the email addresses from the order in your old account and add them to the additional emails section of your migrated orders.

  • Retail
    The organization and technical contacts email addresses are copied over to the migrated orders.
  • Enterprise
    The technical contact email address is copied over to the migrated orders.

CertCentral: Certificate orders' additional emails feature

In CertCentral, certificate orders include an additional emails feature. This feature allows you to assign additional email addresses to receive notification emails for the certificate order: renewal notices, reissues, duplicates, etc. To view details about an order, in the left main menu, go to Certificates > Order. Then on the Orders page, click the certificate's order number.

Will CertCentral send renewal notices for migrated orders?

When orders are migrated to CertCentral, renewal emails for these orders are disabled by default. This is because renewal notices for the migrated orders are still sent from your old account. See Renewal emails.

After the order is renewed from your CertCentral account, renewal notices are automatically enabled for the order. Renewal notices for the order are then sent from CertCentral.

Other types of certificate migration: What about private TLS and non-TLS certificates?

Private SSL/TLS, code signing, S/Mime and other types of certificates cannot be imported at this time. Private SSL/TLS and non-SSL/TLS certificate will be part of a separate migration effort.

Renewal emails

Your public SSL/TLS certificate renewal emails will continue to come from your old account. The renewal content will change to meet your current situation.

  • Non-migrated accounts
    Public SSL/TLS certificate renewal email content will remain unchanged and continue to point to your legacy account for renewals.
  • Migrated accounts
    After you activate your CertCentral account and import your active public SSL/TLS certificates, the public SSL/TLS certificate renewal email content will change and point to your CertCentral account for renewals.

What about private TLS and non-TLS certificate renewals?

Even after an account is migrated, private SSL/TLS and non-SSL/TLS certificate renewal emails will remain unchanged and link to your legacy account for renewals.

Will my imported certificates have the same product names as before?

When public SSL/TLS certificates are imported to your CertCentral account, they will appear on the Orders page with their new DigiCert CertCentral product names.

Legacy product to CertCentral product mapping

Legacy certificate product name CertCentral product name
Secure Site Pro with EV
Premium Extended Validation SSL
Secure Site Pro EV SSL
Secure Site Pro
Secure Site Pro Wildcard
Premium SSL
Secure Site Pro SSL
Secure Site with EV
Standard EV SSL
Secure Site EV
Secure Site
Secure Site Wildcard
OFX SSL
Standard SSL
Wildcard SSL
Secure Site OV
True BusinessID with EV GeoTrust TrueBusiness ID EV
RapidSSL Enterprise
Premium Intranet SSL
Standard Intranet SSL
True BusinessID
True BusinessID Wildcard
GeoTrust TrueBusiness ID OV
GeoTrust Trial
QuickSSL
QuickSSL Premium
QuickSSL Premium Wildcard
GeoTrust DV SSL
SSL Web Server with EV Thawte SSL Webserver EV
SSL Web Server
SSL Web Server Wildcard
Thawte SSL Webserver OV
SSL123
SSL 123 Wildcard
Thawte SSL123 DV
FreeSSL RapidSSL Standard DV
RapidSSL Retail: GeoTrust Standard DV
Partner: RapidSSL Standard DV
RapidSSL Wildcard Retail: GeoTrust Wildcard DV
Partner: RapidSSL Wildcard DV