Industry standards change: End of 2-year public SSL/TLS certificates
On August 27, 2020, 6:00 PM MDT (August 28 00:00 UTC), DigiCert stopped issuing public DV, OV, and EV SSL/TLS certificates with a maximum validity greater than 397 days. For more information about this change, see End of 2-year DV, OV, and EV public SSL/TLS certificates.
To maximize your SSL/TLS coverage, purchase your new certificates with a DigiCert® Multi-year Plan. For more information about these plans, see Multi-year Plans.
These instructions can be used for ordering these certificates:
Create your Certificate Signing Request (CSR)
To remain secure, certificates must use at least a 2048-bit key size. For more information and instructions about creating a CSR, see Create a CSR (Certificate Signing Request).
Select the EV single or multi-domain SSL/TLS certificate you want to order
Add your CSR
We use the information in your CSR to auto-populate corresponding values in the order form: Common Name, Other Hostnames (SANs), and Organization. If you leave any of this information out of the CSR, the corresponding field in the form is left blank.
If the organization in the CSR already exists in your account, we auto-populate the Organization Contact card with the contact assigned to that organization.
On the Request page, under Certificate Settings, upload your CSR to or paste it into the Add Your CSR box.
When copying the text from the CSR file, make sure to include the
-----BEGIN NEW CERTIFICATE REQUEST----- and
-----END NEW CERTIFICATE REQUEST----- tags.
After adding your CSR to the form, we auto-populate the Common Name field with the common name from the CSR.
To add the common name yourself, type the common name in the box, or under Common Name. Expand Show Recently Created Domains and select the domain from the list.
Extended Validation SSL and Secure Site EV SSL orders
To get both versions of the domain (your-domain and www.your-domain) in the certificate for free, check Include both [your-domain].com and www. [your-domain].com in the certificate.
EV Multi-Domain and Secure Site EV Multi-Domain SSL orders
To get both versions of the common name in the certificate for free, add one version of the domain as the Common Name (your-domain) and the other version as an Other Hostnames (SANs) (www.your-doman) entry. This domain isn't added to the SANs count for the order.
Other Hostnames (SANs)
After adding your CSR, we auto-populate the Other Hostnames (SANs) box with the SANs included in the CSR. You can still remove or add additional SANs as needed.
In the Other Hostnames (SANs) field, enter the additional hostnames you want the certificate to secure.
For EV Multi-Domain certificates, you get 3 SANs included in the certificate's base price. Additional SANs (over those included in the base price) increase the cost of the certificate.
How long do you need to protect your site?
Select the validity period for the first SSL/TLS certificate in your order: 1 year, Custom expiration date, or Custom length.
Select a DCV Method to prove control over your domains
Before DigiCert can issue your certificate, you must demonstrate control over the domains on your certificate order. To learn more about the available DCV Methods, see Demonstrate control over domains on a pending certificate order.
In the DCV verification method dropdown, choose the DCV method you want to use to demonstrate control over the domain on the certificate order.
You must use the selected DCV method to prove control over every domain on the order. Choose between the following options:
After submitting the certificate order, you can change the DCV method per domain from the certificate's Order details page, if needed. (In the sidebar menu, click Certificates > Orders. On the Orders page, click the certificate's order number link.)
Additional Certificate Options
The information in this section is optional.
Expand Additional Certificate Options and provide information as needed.
Auto-Renew can't be used with credit card payments.
To automatically renew a certificate, the order must be charged to the account balance. You can configure the finance settings for your account on the Finance Settings page (in the sidebar menu, click Finances > Settings).
If your CSR includes an organization currently used in your account, we auto-populate the Organization field in the order form with that organization's information.
To add an organization, click Add Organization.
Unless you update the Organization Contact, we will use you as the primary contact to validate this certificate order.
Verified Contact (required)
The Verified Contact is someone who works for the organization included in the certificate order. We will contact the organization directly to verify this contact and confirm the individual's name, email, phone number, and job title.
Once verified, this contact can approve EV certificate orders via email (or from their CertCentral account, if you added them as a user).
If EV verified contact information is available in your account, we will auto-populate the Verified Contact cards for you.
Assigning Verified Contacts to an organization is not a prerequisite for adding an organization. There may be instances where verified contact information won't be available for an organization.
In this case, manually add the Verified Contacts. You'll need to add at least one verified contact. For a user to be an EV verified contact, they must have a phone number and job title.
To add a verified contact:
Organization Contact (required)
The Organization Contact is someone who works for the organization included in the certificate order. We contact them to validate the organization and verify the request for OV TLS/SSL certificates.
We auto-populate the Organization Contact card for you.
To use a different organization contact
Technical Contact (optional)
In addition to yourself, this person will receive order emails, including the one with the certificate attached, and renewal notifications.
To add a technical contact:
Additional Order Options
The information is this section is optional.
Expand Additional Order Options and add information as needed:
Comments and renewal messages are not included in the certificate.
Enter the email addresses (comma separated) for the people you want to receive the certificate notification emails. These notifications notify contacts about issues such as certificate issuance, duplicate certificate, certificate renewals, etc.
These recipients can't manage the order. However, they will receive all the certificate related emails.
Select Payment Method
Under Payment Information, select a payment method to pay for the certificate:
Certificate Services Agreement
Read through the agreement and check I agree to the Certificate Services Agreement.
Click Submit Certificate Request.
When an approval is required, the EV verified contact is sent an email informing them that they need to approve the certificate request.
Before we can issue your certificate, these tasks must be completed:
Demonstrate control over the domains on your order
Complete domain validation for the domains on the order (demonstrate control over the domain). See Demonstrate control over domains on your SSL certificate order.
Complete organization validation
DigiCert must validate/authenticate your authority to order a certificate for the organization on your order. To do this, we will call a verified phone number to speak with someone who represents you, the certificate requestor, such as the organization or technical contact.
To get organization consent for your certificate order: