Change log | docs.digicert.com

7월 22, 2020

documentation api TLS 1.0 TLS 1.1 browsers DCV certcentral compliance Services API DV certificate issuance error messages CertCentral Partners Multi-year plan MyP

Multi-year Plans now available

We are happy to announce that Multi-year Plans are now available in CertCentral and CertCentral Partners.

DigiCert® Multi-year Plans allow you to pay a single discounted price for up to six years of SSL/TLS certificate coverage. With Multi-year Plans, you pick the SSL/TLS certificate, the duration of coverage you want (up to six years), and the certificate validity. Until the plan expires, you reissue your certificate at no cost each time it reaches the end of its validity period.

The maximum validity of an SSL/TLS certificate will go from 825 days to 397 days on September 1, 2020. When the active certificate for a Multi-year Plan is about to expire, you reissue the certificate to maintain your SSL/TLS coverage.

For more information, see Multi-year Plans.
For API integrations, see Order Multi-year Plan.

Browser support for TLS 1.0 and 1.1 has ended

The four major browsers no longer support Transport Layer Security (TLS) 1.0 and 1.1.

What you need to know

This change doesn't affect your DigiCert certificates. Your certificates continue to work as they always have.

This change affects browser-dependent services and applications relying on TLS 1.0 or 1.1. Now that browser support for TLS 1.0 and 1.1 has ended, any out-of-date systems will be unable to make HTTPS connections.

What you need to do

If you are affected by this change and your system supports more recent versions of the TLS protocol, upgrade your server configuration as soon as you can to TLS 1.2 or TLS 1.3.

If you do not upgrade to TLS 1.2 or 1.3, your webserver, system, or agent will not be able to use HTTPS to securely communicate with the certificate.

Browser TLS 1.0/1.1 deprecation information

Firefox 78, released June 30, 2020

Safari 13.1, released March 24, 2020

https://developer.apple.com/documentation/safari-release-notes/safari-13_1-release_notes

Chrome 84, released July 21, 2020

Edge v84, released 7/16/2020

Helpful resources

With so many unique systems relying on TLS, we can't cover all upgrade paths, but here are a few references that may help:

To upgrade your Linux OpenSSL library, see https://blog.midtrans.com/time-to-upgrade-to-tls-version-1-2/.
To enable TLS 1.2 with OpenSSL and Apache, see https://serverfault.com/questions/314858/how-to-enable-tls-1-1-and-1-2-with-openssl-and-apache.
To enable TLS 1.2 in WinHTTP in Windows (Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1), see https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi.
To disable support for TLS 1.0 and 1.1 in Windows Server 2019 IIS, see https://medium.com/@rootsecdev/configuring-secure-cipher-suites-in-windows-server-2019-iis-7d1ff1ffe5ea.

CertCentral Services API: Updated error message documentation

In the Services API documentation, we've updated the Errors page to include descriptions for error messages related to:

Immediate DV certificate issuance
Domain control validation (DCV)
Certificate Authority Authorization (CAA) resource record checks

Earlier this year, we improved the APIs for DV certificate orders and DCV requests to provide more detailed error messages when DCV, file authorization, DNS lookups, or CAA resource record checks fail. Now, when you receive one of these error messages, check the Errors page for additional troubleshooting information.

For more information:

3월 31, 2020

browsers compliance TLS 1.0 TLS 1.1

TLS 1.0 및 1.1에 대한 브라우저 지원 종료

2020년에 4개의 주요 브라우저가 TLS(전송 계층 보안) 1.0 및 1.1에 대한 지원을 종료합니다.

Firefox – 2020년 3월
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
Safari – 2020년 3월
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
Chrome – Chrome 81
https://security.googleblog.com/2018/10/modernizing-transport-security.html
Edge – 2020년 상반기
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/

이 변경 사항은 DigiCert 인증서에 영향을 주지 않습니다. 인증서는 이전처럼 계속 작동할 것입니다.

알고 있어야 하는 사항

이 변경 사항은 TLS 1.0 또는 1.1을 사용하는 브라우저에 의존하는 서비스 및 애플리케이션에 영향을 줍니다. TLS 1.0 또는 1.1에 대한 브라우저 지원이 종료되면 이 최신이 아닌 시스템은 HTTPS 연결을 만들 수 없습니다.

필요한 사항

이 변경 사항에 영향을 받는 경우 지금 TLS 1.2 또는 TLS 1.3을 사용 또는 업그레이드하는 계획을 세웁니다. 문제에 대비할 수 있는 시간을 확보합니다. 시작하기 전에 TLS 1.0 또는 1.1을 사용할 수 있는 모든 시스템을 식별합니다.

Apache 또는 Microsoft IIS, .NET Framework, 서버 모니터링 에이전트 및 기타 이들을 이용하는 상업용 애플리케이션을 확인하세요.

도움이 되는 리소스

많은 다양한 유형의 시스팀에 TLS에 의존하므로 모든 가능한 업그레이드 경로를 다룰 수 없지만 다음과 같은 참고자료가 도움이 될 수 있습니다.

Linux OpenSSL 라이브러리를 업그레이드하려면 https://blog.midtrans.com/time-to-upgrade-to-tls-version-1-2/를 참조하십시오.
OpenSSL 및 Apache에서 TLS 1.2를 사용하려면 https://serverfault.com/questions/314858/how-to-enable-tls-1-1-and-1-2-with-openssl-and-apache를 참조하십시오.
Windows의 WinHTTP에 TLS 1.2를 사용하려면 (Windows Server 2012, Windows 7 Service Pack 1 (SP1) 및 Windows Server 2008 R2 SP1) https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi를 참조하십시오.
Windows Server 2019 IIS에서 TLS 1.0 및 1.1을 사용 중지하려면 https://medium.com/@rootsecdev/configuring-secure-cipher-suites-in-windows-server-2019-iis-7d1ff1ffe5ea를 참조하십시오.

7월 22, 2020

3월 31, 2020

정보