To learn more about DigiCert flex certificates and see which TLS certificates have flex capabilities, see our Flex certificates page.
*RapidSSL Standard DV and RapidSSL Wildcard DV also support the ICA certificate chain selection feature.
To start using the ICA certificate chain selection feature, please contact your account manager or our support team. Your account manager can add needed DV, OV, and EV flex certificates to your account.
Use the ICA certificate chain selection feature to:
The ICA certificate chain feature does not change the default intermediate chain for your certificates.
By default, DigiCert issues all DV, OV, and EV TLS certificates from mixed SHA-256 certificate chains: SHA-1 root certificate and SHA-256 ICA certificate.
Changing the default ICA certificate chain for a certificate does not affect previously issued certificates or pending certificate orders.
These settings apply to the Services API
Your ICA certificate chain configurations also determine what ICA certificate chains are available when ordering the same type of certificate via the Services API.
In CertCentral, in the left main menu, go to Settings > Product Settings.
Configure the ICA certificate chain settings for your account or a division in your account.
If you have divisions, use the division (For) dropdown to configure the ICA certificate chain selections for a division.
Configure the ICA certificate chain settings for a role in your account or a division.
Configure the default ICA certificate chain for the flex certificate.
Configure which ICA certificate chains are available on the flex certificate request form.
In the Product Settings column, in the Allowed intermediate chains [Intermediate CA] > [Root CA] dropdown, select the intermediate certificate chains a requestor can use to issue the flex certificate.
Note: On the flex certificate order form, the "default" chain is preselected. If the requestor wants to use a different intermediate chain, they must expand the Additional certificate options section and select a different one.
To remove the requestor's ability to use a different ICA certificate chain, only add the default ICA certificate chain. On the order form, the "default" chain is preselected. However, the requestor won't be able to change it.
Go to the bottom of the page and click Save Settings.
Default ICA certificate chain
The next time you order the public DV, OV, or EV flex certificate, DigiCert will use the ICA certificate chain you set as the default to issue your TLS certificate.
Multiple ICA certificate chains available
The next time you order the public DV, OV, or EV flex certificate, you can select the ICA certificate chain DigiCert should use to issue your TLS certificate.
To select a different ICA certificate chain: